I have 3 business units that I need to connect to my infrastructure in order to provide them access to the our International WAN that will be coming into two of my data centers (a primary and a backup). These business units are not controlled by us so want to keep them separate and also force all of their traffic through a firewall. There will be two 'circuits' connecting us to the business units -MPLS into DC1 and IPsec VTI into DC2. I need to be able to fail over to the backup circuit automatically for each business unit.
My design has the following layout
An MPLS circuit at each business unit on a new VRF for each business unit terminating on an existing MPLS OC12 in DC1. Each business unit VRF has a subinterface on the OC12 associated with it. There is also a pair of ethernet interfaces with a subinterface for each business unit with the associated VRF configured on it.
The MPLS 'VRF' interfaces are connected to a Palo Alto and the Palo Alto the a 6500 VSS core. The 6500 has a subinterface for each business unit as well and the same VRF configured for each business unit too. We have BGP established between the core and MPLS router via BGP address family for each VRF.
Up to this point everything is working.
The part that is not working is on the 6500 I need to import routes from the global routing table into each VRF routing table and export routes from each VRF routing table into the global routing table. The international WAN that each of these business units need access to are part of the global routing table, they also need access to our internal LAN as well which is part of the global routing table.
I also have a backup circuit for each business unit using IPsec VTI with the same basic setup using VRF's for each business unit, a Palo Alto, etc (the only difference between the two setups is MPLS vs VTI for the WAN circuit) So since I have a backup circuit that I need to be able to fail over to automatically I can't use static routes for import/export functions as the static route will never go away and therefore we will never fail over.
Attached is a visio of the planned VRF setup and International WAN as well as the config I have in the MPLS router and core 6500 VSS
I see the global route I am trying to import into the VRF table in global BGP table and I see the routes I am trying to export into global in the VRF BGP table.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...