Until recently I had all my remote office networks connected to a frame-relay network for connectivity to the home office and I also had low-cost DSL circuits as backup links. I worked this by running RIP on the frame-side and floating static routes pointing to the DSL connection. If the frame went down the remote office routers would bring up tunnels via the DSL and the home office router would also use floating routes to use the PIX that the remotes would VPN to.
Now management has switched to MPLS and my old system no longer works because the vendor says that they do not use any type of dynamic routing protocol for the customer LAN subnets. I am looking for some kind of dynamic routing protocol solution that would work with this scenario:
The key here is that I need a routing protocol that will allow my 1710s to talk to each other over the MPLS cloud even though the MPLS routers do not participate in any routing protocol. Is there such a thing? I am only experienced with RIP which I understand will not work here. I have also used BGP for multi-homing Internet links but I don't see how I would use that in this situation.
I also realize that I can problably rig up some kind of policy routing with ip sla commands to ping nodes for reachability and set default routes but that seems to convoluted and complex and I would rather leave that type of thing as a last resort.
I will suggest that you create a GRE tunnel across the MPLS cloud, using the WAN interface addresses (connecting to the MPLS network) as the tunnel end points. You could now run your RIP across the tunnel.
For example the following could be part of the config on one of the CE routers.
Most people run BGP to the MPLS provider but assuming you can't do this you can just us GRE tunnels.
Depends on how much of the MPLS any to any you are going to need. If your data is mostly hub and spoke you can put gre tunnels between the remote sites and the main site. Traffic will still pass between the sites it will just do so via the main location.
You of course can build a full mesh of tunnels but that gets to be a huge pain to maintain. If you need any to any look at a feature call Dynamic Multipoint VPN (DMVPN). It make the configuration less painful.
It also reduces the memory requirements since tunnels are only built when they are used.
Even though DMVPN is very nice I would not do it unless you really needed to. It tends to be very confusing at first
The GRE tunnel idea is a good one but unfortunately I can use it. The MPLS vendor is providing QoS for the MPLS traffic based on IPs of voice devices. The GRE tunnels will "hide" the true source and destination IPs inside GRe packets and therefore break the QoS. I would also think that any type of VPN solution like DMVPN would tend to also break the QoS. I guess I am out of gas here, huh?
One thing is a little unclear in this doc. Do you need to use a policy-map on either the physical / tunnel interface? Or, will the router pass the existing DSCP packet marking to the tunnel header by only configuring the "qos pre-classify" command and nothing else?
My voice gateway is marking packets with dscp 46 and I want these markings passed up to the tunnel header for my mlps provider to perform QoS.
That's the main problem. There is no dynamic routing protocol running on the MPLS cloud. (Or at least that is what the vendor tells me.) I am trying to find a way that I can run some dynamic routing protocol accross the MPLS on my own. So far it looks like GRE tunnels might be my only option.
Any MPLS provider that is trying to offer you transit should be willing to run a protocol with you, as it will be isolated in your own vrf. You could run RIPv2, OSPF, or BGP. If you don't need fast convergence and are looking for a simple protocol, RIPv2 is not bad. It is normally a good option as the provider can then use the redistribute transparent option and allow you to influence your own traffic (if you had multiple exit points) with an offset list. If you need more, I would recommend BGP as it is a powerful protocol but still relatively easy.
If they are offering you MPLS VPN support, they have to have a dynamic routing protocol. BGP is required to support the extensions that are needed for the VPN.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...