Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Internet over MPLS architecture

We have a Network on MPLS backbone with dual service provider.

There are 50 spoke location.

DC and DR location

Topology is hub and spoke with all sites accessing data hosted at primary DC.

ALso in case of disaster all the spoke sites will connect to DR site.

Servers at DR site are on unique IP and failover from DC to DR is taken care by BGP routing intelligence.

Aim is to give controlled internet access to all the spoke sites from DC and incase of failure internet should be available from DR site.

As per our design architecture we are planning to upgrade the last mile bandwidth and MPLS port of all spoke sites and central site MPLS port bandwidth to give integrated access on the same last mile for all the locations.

Both types of traffic private and public will ride on the same MPLS bancbone and come to the primary DC site CE router.

At CE router we will segreggate the traffic meant for datacentre and internet cloud.

We will also deploy firewall and separate internet router and proxy server for the proposed internet connectivity to control the spoke sites traffic.

Is this a good design.

Pls suggest with configuration on how are we going to achiecve this

Also currently we are using BGP between CE-PE --- it should take care of the global routing meant for Internet traffic by flooding default route across all the spoke sites

Pls find the existing architecute attahced.

Any inputs on the same will be appreciated.



Re: Internet over MPLS architecture

As per your post you are looking for the solution to route internet via DC and on failure via DR.

If you are looking for something specific please do elaborate the same.

To do this you can inject default routes from both DC and DR. in doing this all the PE's in SP1 and SP2 will have 2 defaults in the VRF table for you. But only 1 would be installed based on regular BGP path selection process.

To manipulate and select default from DC you can change any BGP path attribute and make the DC default favourable over DR default.



New Member

Re: Internet over MPLS architecture

Hi Swaroop,


We are looking to consolidate the internet traffic on the MPLS backbone raher than having decentralized internet we want to control the internet access from DC/DR centrally.

Also we want to serve the internet traffic on the same last mile running MPLS service.

Pls suggets if this is a viable option.


Re: Internet over MPLS architecture

Deepak, since you want to decentralize internet access and centralize it via DC/DR the same solution mentioned i:e; injecting default from both your DC and DR within both MPLS VRF's provided by the 2 SP's. And you can increase the local preference of the DC so that it is installed in each PE in place of the DR default. When DC default is withdrawn, the traffic will switch on to the DR.

And its viable to serve internet and data on the last mile (i believe the last mile referred to is the PE-CE link) by having the default injected into the VRF.

This is somewhat similar to the way a SP provides internet access and intra VPN communication to end customers. Only difference is the default for the internet in your case is being injected by you rather than going for the SP internet service.



CreatePlease to create content