Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MPLS and Internet

I am working on a scenerio where I have four sites connected to MPLS Network.

Hub 1:  CE router connected to MPLS Clould:          BGP AS 65228, BGP AS for PE router 13984

Hub 1:  DMVPN Router connected to Internet Cloud:   BGP AS 10918

Hub 2:  CE Router connected to MPLS Cloud:         BGP AS 29837,  BGP AS for PE Router 13984

Hub 2:  DMVPN router connected to Internet Cloud     BGP AS 10918

Branch 1:  CE Router connected to MPLS Cloud:         BGP  AS  65178, BGP AS for PE Router 13984

Branch 1:  DMVPN Router connected to Internet Cloud:   BGP AS  10918

According to configuration,  both (Router representing Internet Clould and DMVPN routers representing Hub1, Hub2, and Branch 1) are in the same AS.  Is this how is supposed to be.  I thought that BGP peering between Internet Cloud and DMVPN routers should have an external BGP peering instead of IBGP or it doesn't matter.

The goal is to apply DMVPN Server configurations on Hub1 and Hub2 and DMVPN Client configuration on Branch 1 to see if Branch 1 is able to reach both Hub1 and Hub2 after I manually shutdown Branch Primary MPLS Link.

Rightnow, both MPLS and Internet Cloud have full functionality to each other via BGP Routing and it doesn't matter if I bring the MPLS link down since Internet Cloud is also running full BGP and the ping test will be successful.

The lab is confusing me, and need some feedback how to test DMVPN.  I don't think that I shoud run BGP between DMVPN and Internet Cloud.

Can someone shed some light how to design and test this scenerio.

Thanks

3 REPLIES
Cisco Employee

Re: MPLS and Internet

Hi,

The simplest way to simulate the Internet is to connect your DMVPN routers to a third router (which represent the Internet) and which knows only its connected subnets. Every IPSec routers will use its "public interface" as source address and will need a default route pointing to this third router.

What you want to test is a routing policy which will use your DMVPN network as a backup path so you don't need to focus how the DMVPN public IP addresses used for IPSec are announced to the Internet. You assume the DMVPN network is UP & Running.

What you are doing should be fine even if it's not what you will find in real networks.

HTH

Laurent.

New Member

Re: MPLS and Internet

Hi Laurent,

Thanks for the explanation.  Am I correct to say that I don't need to run BGP on my DMVPN router that connects to Internet Router.  I can just run IGP such as EIGRP between DMVPN router and my Internal Core Router connected via Fast Ethernet and default route pointed to the IP Address of Internet Router.  Note:  There will be no dynamic routing protocol will be running between my DMVPN (WAN Interface) connected to the  Internet Router.

I will then forcefully bring the MPLS (Primary) interface down on my branch router and it will force DMVPN tunnel to be established between my Branch and Hub Site.  One questions how will my internal networks running on EIGRP between Hub and Branch will converge.

Thanks!

Cisco Employee

Re: MPLS and Internet

Hi,

"

Thanks for the explanation.  Am I correct to say that I don't need to run BGP on my DMVPN router that connects to Internet Router.  I can just run IGP such as EIGRP between DMVPN router and my Internal Core Router connected via Fast Ethernet and default route pointed to the IP Address of Internet Router.  Note:  There will be no dynamic routing protocol will be running between my DMVPN (WAN Interface) connected to the  Internet Router.

"

Correct. Your internal Core Router needs the default route only if it needs to reach Internet as well.

"

I will then forcefully bring the MPLS (Primary) interface down on my branch router and it will force DMVPN tunnel to be established between my Branch and Hub Site.  One questions how will my internal networks running on EIGRP between Hub and Branch will converge.

"

Because EIGRP is running inside your tunnels, they will already be established due to the EIGRP traffic. You need to make sure your internal routers learned remote subnets from both the MPLS and the DMVPN clouds. Then you need to be sure BGP  routes will always be preferred over the EIGRP ones

. If it's eBGP, everything will be fine by default as eBGP has an Adminsitrative Distance of 20 vs 90 for EIGRP.

HTH

Laurent.

579
Views
0
Helpful
3
Replies