Cisco Support Community
Community Member

Internet Consolidation - Architecture

We have a Network on MPLS backbone with dual service provider.

There are 50 spoke location.

DC and DR location

Topology is hub and spoke with all sites accessing data hosted at primary DC.

ALso in case of disaster all the spoke sites will connect to DR site.

Servers at DR site are on unique IP and failover from DC to DR is taken care by BGP routing intelligence.

Aim is to give controlled internet access to all the spoke sites from DC and incase of failure internet should be available from DR site.

As per our design architecture we are planning to upgrade the last mile bandwidth and MPLS port of all spoke sites and central site MPLS port bandwidth to give integrated access on the same last mile for all the locations.

Both types of traffic private and public will ride on the same MPLS bancbone and come to the primary DC site CE router.

At CE router we will segreggate the traffic meant for datacentre and internet cloud.

We will also deploy firewall and separate internet router and proxy server for the proposed internet connectivity to control the spoke sites traffic.

Is this a good design.

Pls suggest with configuration on how are we going to achiecve this

Also currently we are using BGP between CE-PE --- it should take care of the global routing meant for Internet traffic by flooding default route across all the spoke sites

Pls find the existing architecute attahced.

Any inputs on the same will be appreciated.



Re: Internet Consolidation - Architecture

Hi deepak,

If ur n/w is spanned across regions viz delhi, chnai, blore etc then u shud prefer going for a consolidation per region. generally, internet consolidation burdens the link wih interne traffic inaddition to intranet. thus prefer for regional consolidation.

Community Member

Re: Internet Consolidation - Architecture


In all there are 36 locations nationally.

Pls suggest.



Re: Internet Consolidation - Architecture

It might increase your costs , but I'd create an VRF that connects to each of your hubs from both primary and DR sites from the private side of your firewalls.

CreatePlease to create content