An MPLS Cloud

Hi,
I'm looking at a topology where a number of collapsed PE/P nodes (50>100) access a L2 cloud in a full-mesh topology.  The underlying cloud architecture could be something like VPLS from an external provider with the MPLS domain mapped on top.  The attached shows the nodes on the periphery of the cloud and these could be spread globally.  What I'm looking for are pros and cons and whether there is a case study or CVD for this type of topoolgy.  Particular interest is on scalability around IGP, LSP's, sub-optimal routing conditions, IGP/LSP synchronisation, IGP link/domain costs etc...  The network will provision L2/L3 VPN's and other standard MPLS features.
Thanks, Wayne

Hi,
You'd need to implement QOS for sure. What many people do is to have data traffic use precedence/EXP 0 and Voice precedence/EXP 5. You could make the video traffic precedence/EXP 4, for example. This also maps to certain DSCP values.
You could also consider MPLS Traffic Engineering (TE). There is point-to-point TE for your data traffic, but you could also deploy (check platform and IOS support) point-to-multipoint (p2mp) TE to carry the IP multicast (video) traffic. With TE, you could steer traffic through the network and have fast protection (FRR). You'd still need to use QOS, because MPLS TE does not automatically hook into QOS.
Regards,
Luc

Similar Messages

  • Shared Firewall in MPLS cloud

    Hi. I have an MPLS cloud on which i want to provide basic Internet connectivity for customers in the cloud. This will not be for VPN services, simply http, ftp etc (possibly some inbound NAT for webservers). I have a 7200VXR for the job. My plan is to set this up as an effective PE in the cloud and use 'NAT VRF AWARE' features to NAT networks in each VRF to Single public IP (currently this is 1 per VRF from a large pool). I cant see a reason for this not working but i wanted to get advice on this. I am also unsure as to how the public facing interface will be seen by the customer VRF since it will not be statically labeled with any VRF.
    Any thoughts on this?
    Thanks in advance.

    Hi Swaroop, I'm trying to follow your advice regarding the global default. I have 2 vrf's I'll be using called CUST1 and CUST2. Traffic will come into the e2/0.1 sub interface and should then be NATed to 210.10.10.17 (global interface not VRF). If i use static translations inside they work fine. Dynamic however translations do not seem to work. I have really tried to follow Cisco's documentation, but I'm not having much luck. Do you notice anything incorrect with the following.
    interface Ethernet2/0.1
    description "CUST1 Interface"
    encapsulation dot1Q 10
    ip vrf forwarding CUST1
    ip address 172.16.1.10 255.255.255.252
    ip nat inside
    ip virtual-reassembly
    interface FastEthernet0/0
    description "OUTSIDE INT"
    ip address 210.10.10.17 255.255.255.0
    ip nat outside
    ip virtual-reassembly
    duplex full
    ip nat pool CUST1_POOL 210.10.10.17 210.10.10.17 netmask 255.255.255.0
    ip nat inside source list 1 pool CUST1_POOL vrf CUST1 overload
    access-list 1 permit 172.16.0.0 0.0.255.255 log
    ip route vrf CUST1 0.0.0.0 0.0.0.0 FastEthernet0/0 210.10.10.254 global
    Any help you can give me would be very appreciated.
    Thanks
    Dan.

  • Monitoring flap in MPLS cloud

    Hi,
    I'm having 2 MPLS links over 2 different service provider. BGP is configured. Sometimes we get disconnection for few mins in 2 or 3 days, it's not consistent. The logs did not show any flapping on the interface. What can i do now to help the situation? Or even gather some prove that the flap is within the MPLS cloud?
    Thanks,
    Steven

    Hi,
    what do you mean by disconnected? does that simply mean no connectivity, but still all routing info in place?
    Then it sounds like a MPLS LSP problem in the provider backbone. MPLS VPN packets can only be delivered when a LSP exists. Routing packets however can be delivered through IP in the provider backbone without LSP. This is because VPN routing information is transported by BGP from PE to PE (loopbacks).
    So a failed LSP disrupts your data plane (IP packets sent) but not the control plane (BGP).
    Unfortunately for you, there is no way to detect that from a CE control plane perspective. So even the typical backup scenarios fail here like floating static, dialer watch and the like.
    Hope this helps
    Martin

  • EIGRP Routing across MPLS Cloud

    I appologize if this has been covered but I dont see any exact hits...
    We are working with our Service Provider to implement MPLS between our remote sites and main campus. We are currently using PtoP T1 in a hub and spoke model. We are running EIGRP in our entire environment.
    We would like to continue to run EIGRP in our environment but the SP does not support this protocol through the cloud. I would prefer not to introduce any new routing protocols into our environment such as BGP. (I believe SP is running BGP).
    I have read snippits that I can us e GRE tunnel between sites and send EIGRP routing updates via this tunnel.
    Can anyone support this method or are there better alternatives? If I implement GRE, I will still need to configure static routes so GRE knows how to reach the remote sites. I also cannot find any literature on how to configure GRE tunnels and use them ONLY for routing updates. I would think sending all traffic via GRE would cause additional overhead.
    I will also have a need to send Multicast traffic between sites. I have read that GRE is the way to do this. To me it seems GRE will serve dual purposes.. first to allowing Dynamic routing updates between sites and also to allow Multicast traffic.
    I appreciate any comments or suggestions!

    Hello Phil,
    using GRE tunnels to build an overlay would deny one of the greatest benefits of MPLS L3 VPN: the peer model where each CE talks only with local PE node.
    unless you have a small number of sites this approach is not recommended.
    What if a new site is added in the future? you would need to configure a tunnel GRE to the new site in each of the existing sites.
    You could run a DMVPN  ( that is to use mGRE) to solve this but it has some complexity.
    You can run BGP without using mutual redistribution: BGP allows to advertise internal networks using the network command even if they are not directly connected to the CE router but learned via EIGRP.
    So it is enough to redistribute only BGP into EIGRP by setting a default seed metric (it requires five values in EIGRP and it is necessary or redistribution will not occur)
    router bgp 65001
    neigh PE-address remote-as SP-AS-number
    network 10.10.10.0 mask 255.255.255.0
    network 10.10.20.0 mask 255.255.254.0
    no auto-summary
    ! note:if auto-summary is disabled you need to provide the exact mask / prefix length
    router eigrp 100
    redistribute bgp 65001
    default-metric 10000 1000 255 1 1500
    ! BW delay reliabilty load MTU
    Hope to help
    Giuseppe

  • Multiple Customer Default Routes over MPLS Cloud

    I have a customer with a Core network connected together over VPLS, and runnng EIGRP as the IGP. For the branch offices the are using MPLS, and SP requires us to use BGP when sending routes to them.
    We have the core site, A, B, C. Site A&B have an internet connection. I want to have 1/2 the branches going to Site A and 1/2 going to Site B, and the SiteA orB and Site C as a backup. there is a single VRF. The SP will not make any changes for us...so I have been told. So I need to find out if there is a way to do this without SP involvement. I have tried Communities (CE side) with no Luck unless I make changes in the P/PE Net.
    Attached is a drawing of the high level network.
    Any Ideas....

    Some addtional informtion
    Handling Multiple Default Routes with BGP as PE-CE Protocol
    http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/L3VPNCon.html#wp321066
    Layer 3 MPLS VPN Enterprise Consumer Guide Version 2
    This section tells almost what I want to do. But I want the left side of the diagram to go left...and the right side to go right.

  • Trace from a linux through MPLS cloud

    Hi,
    I got this trace from a customer.
    1 10.50.128.254 1.940 ms 16.754 ms 16.482 ms
    2 10.50.128.253 0.837 ms 0.733 ms 0.881 ms
    3 192.168.105.181 4.040 ms 4.250 ms 3.982 ms
    4 192.168.16.89 44.597 ms 44.532 ms 44.772 ms
    MPLS Label=27 CoS=5 TTL=1 S=0
    MPLS Label=129 CoS=3 TTL=1 S=0
    5 192.168.18.141 15.380 ms 37.758 ms 10.681 ms
    MPLS Label=129 CoS=5 TTL=1 S=0
    6 192.168.18.142 23.174 ms * 22.015 ms
    Can someone give me an explanation about the way linux box is able to find MPLS tags from the network?

    The routers will include that information in the ICMP TTL expired messages according to the following draft:
    "ICMP Extensions for MultiProtocol Label Switching"
    http://www.ietf.org/proceedings/01mar/I-D/mpls-icmp-02.txt
    It appears that Linux implements this draft too.
    Hope this helps,

  • Frame-Relay through MPLS cloud

    Hi All ,
    Can anybody explain if I make a MPLS pe act as a frame-relay sw too is there in LDP related issue or not ?

    It is possible to use Frame Relay switches as Label, Switching Routers. Such Frame Relay switches run network layer routing algorithms (such as OSPF, IS-IS, etc.), and their forwarding
    is based on the results of these routing algorithms. No specific
    Frame Relay routing is needed.
    When a Frame Relay switch is used for label switching, the top
    (current) label, on which forwarding decisions are based, is carried
    in the DLCI field of the Frame Relay data link layer header of a
    frame. Additional information carried along with the top (current)
    label, but not processed by Frame Relay switching, along with other
    labels, if the packet is multiply labeled, are carried in the generic
    MPLS encapsulation defined in [STACK].
    Check this out.
    http://www.ietf.org/rfc/rfc3034.txt

  • Help in strategy for Migrating to MPLS from PRN cloud Same provider

    Dear,
    We are planning to migrate to MPLS from PRN using same provider, I have about 12 sites to migrate, new circuits have been provisioned and new routers are ready to be shipped to each site for installation.
    Now, I am facing a dilemma, briefly speaking with provider they tell me that we can migrate a site a time no problem here, then next day they tell me it needs to be a hot cut over migration how can this be? so going back and forth and tayloring routers configurations I literally stopped, would like ask for assistance and your opinion on how to go about such migration to tentatively lock into a solid strategy.
    Any documents out there you can point me to or experience in such migration will be appreciated.
    All of our sites currently connect to PRN cloud including HQ, running OSPF multiple areas, at a glance I was thinking the provider would somehow bridge the two clouds so that I could build a parallel infrastructure and migrate branch offices one at a time but I am still unclear on how to proceed, I will be speaking with the provider more extensively in the next few days but any guidance will be appreciated.
    Best Regards

    Henry, thanks for those links and help.
    Would like to share what I have done which seems so far to be working properly, so that if any one comes accross they get an idea.
    It turned out our RPN/MPLS provider cannot or don't want to somehow cross connect the two clouds, so I was forced to do the cross connect at my end begining with two sites, I have setup what I had in mind, for each of the two targeted sites I have installed a new 3845 router with new DS3 link to MPLS cloud and created a cross connect to a 6509_switch_router that is connected under the PRN infrastructure. The 3845 was configured as a virtual link for ospf, all good here so far the 3845 joing ospf domain and received routing table from from PRN side. The next site had also new router and new circuit for the MPLS side, at this second site I brough down the router connecting to PRN cloud then brought up the new 2811 router which I had preconfigured under the same ospf domain and received routing table from the 3845 router DS3 MPLS link. We will let it run for a week to allow to troubleshoot or spod any issues before proceeding to migrate more sites.
    Rgds
    Jorge

  • ASA 5505 to allow 2nd network segment through mpls

    I have been having a heck of a time trying to configure my 5505 to allow the second segment on my network to use the internet.
    Office 1 has a fiber internet connection, and all traffic flows fine.
    Office 2 had gotten it's internet from AT&T, via a network based firewall injecting a default route into the mpls cloud.
    both offices connunicate to each other through the mpls.
    When we added the fiber to office 1, we had the mpls people change the default internet route to the inside address of the 5505 and things worked fine.
    when AT&T attempted to remove the NBF defaut route, and inject the 5505's address as default, things didn't go so well.
    AT&T claims that it is within my nat cmmands on the 5505, but won't tell me anything else.  I assume that they are correct, and I assume that I am not good enough with the 5505 ASDM to tell it what to do.
    Office 1 uses 10.10.30.xx addresses and Office 2 uses 10.10.10.xx - the 5505 inside interface is 10.10.30.2 the internal interfaces of the mpls are 10.10.30.1 and 10.10.10.1
    I don't know what other information you would need, but am stuck here at Office 1 until I can get this working.
    Thanks

    Hi,
    Ok, so IF I have not understood anything wrong (which is still possible ), it would seem to me that the network mask of the ASA is atleast one reason that will cause problems for WI LAN if they try to use the Internet through the ASA5505 on the PA site.
    This is what I would presume will happen when a host on the WI LAN initiates a connection to the Internet
    WI PC 10.10.10.10 sends a TCP SYN to initiate/open a TCP connection with a Web server on the Internet
    The TCP SYN gets forwarded to the default gateway of the PC which is 10.10.10.1
    The TCP SYN packet traverses the ISP MPLS network all the way to the PA Site
    The PA Site 3900 has a default route probably towards PA ASA 10.10.30.2
    TCP SYN gets forwarded from the PA 3900 to the PA ASA according to the above mentioned default route on the PA 3900
    TCP SYN arrives on the ASA and gets forwarded to the Internet
    TCP SYN,ACK from the Web server arrives on the ASA
    ASA will ARP for the MAC address of the WI PC IP address of 10.10.10.10 because it thinks that the host is directly connected to the ASAs "inside" interface because of the "inside" interfaces large /16 network mask which contains addresses between 10.10.0.0 - 10.10.255.255
    The ARP request sent from the ASA never receives a reply since the WI PC isnt directly connected
    PA ASA will never be able to forward the traffic to the WI PC which is trying to open the connection to the Internet because of the above mentioned problem. Therefore the TCP connection from WI PC never succeeds and timeouts.
    Now you might ask, why does the connections between the PA and WI LAN work. To my understanding is that because the traffic from the PA hosts gets first forwarded to the PA 3900 then they have a working route to the WI LAN. The same way the WI LAN has a working route towards the PA LAN since the ASA isnt not involed in anyway.
    The PA Internet connection naturally works as the 10.10.30.0/24 hosts are directly connected to the ASA so the above mentioned ARP will not fail on their part and traffic is forwarded just fine between the PA LAN and the Internet.
    So to my understanding the solution to this problem would be to change the PA ASA "inside" subnet mask from 255.255.0.0 to 255.255.255.0.
    If you are unsure of the of this change I would suggest you do it when there is low network use (so you can revernt the change) Naturally if you are on the PA LAN then you can probably access the Console connection if something were to go wrong. I cant see any configurations on the PA ASA which would imply that you configure the device remotely through the Internet.
    Hope I made sense and hope this helps
    Naturally ask more if needed
    - Jouni

  • URGENT: QoS Design on Data Center MPLS - MediaNet Question...

    Hello,
    I am posting this in hopes I can get some guidance from anyone who has done this in the field.  We have a large enterprise customer with 21 sites all around the world, they have Verizon MPLS and are experiencing QoS related issues on their WAN regarding Video/Voice.  We have proposed remediating their network acccording to the Enterprise QoS SRND 3.3 and the new MediaNet SRND to account for Video and TP QoS (     
    http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html )
    Here is the problem/question that was proposed in our presales meeting and I honestly don't know where to look for an answer... I am not asking for anyone to design a solution for me, just merely point me in the right direction:
    The Data Center has a ~40MB MPLS Connection ( full mesh ) into the cloud ( Verizon )
    Site A has a 8MB connection
    Site B has a 4MB connection
    I know on the Service policy and the interfaces at SiteA and SiteB I can assign "Bandwidth xxxx" and use ~95% of the bandwidth to do queuing and shaping/policing ect.  I am not concerned with SiteA and SiteB, that I think I can handle...
    Question was posed from the customer, "How can we ensure at the DataCenter level the 40MB MPLS is "chopped" up so that only 8MB of the total speed goes to SiteA ALONG with an attached QoS policy designed for that specific site, as well as ensure only 4MB goes to SiteB with an attached QoS policy.
    So I am looking for a way to allocate bandwith per site on the DC 40MB connection going into the cloud ( so that SiteB cannot use more than 4MB ) and attach a MediaNet specific QoS Service policy to that site.  The customer does not have seperate MPLS circuits for each site, they all come into the DC on 40MB shared ethernet connection ( no VC, or dedicated circuits to other sites ). 
    Any thoughts on if this is possible? 
    Thanks!
    Alex

    This is an example I have seen and I hope that is useful to you.
    Site A
    Subnet: 172.16.1.0/24
    Site B
    Subnet:172.16.2.0/24
    HeadOffice:
    ip access-list extended Site_A
    permit ip any 172.16.1.0 0.0.0.255
    ip access-list extended Site_B
    permit ip any 172.16.2.0 0.0.0.255
    class-map match-any Site_A
    match access-group name Site_A
    class-map match-any Site_B
    match access-group name Site_B
    policy-map To_Spokes
    class Site_A
    shape average 8000000
    service-policy Sub_Policy(Optional)
    class Site_B
      shape average 4000000
      service-policy Sub_Policy(Optional)
    class class-default
      shape average 28000000
      service-policy Sub_Policy(Optional)
    Interface G0/0
    Description To MPLS cloud
    bandwidth 40000000
    service-policy output To_Spokes
    interface G0/1
      Description To HeadOffice
    bandwidth 40000000
    service-policy output To_Spokes
    It would be greatly appreciated if someone can correct this or improve it as I am still learning.
    Please see the netflow graph from one of our routers using a similar policy as above.

  • QoS MPLS VRFs

    Hi guys,
    we are creating a new  MPLS cloud with the following VRFs: VRF- Voice, VRF- Data and VRF - Citrix.
    My question is: is VRF traffic indepedent from other VRFs (talking about QoS) or I have to request to my MPLS provider to apply QoS?
    I would like to have 3 Levels of QoS: Voice, Citrix and Data (that matches with the VRFs).
    So it is QoS needed on the MPLS Provider side to increase my traffic performance for voice and Citrix?
    Thank you very much for your help.
    Jordi

    Hi Jordi
    You will need to have QOS configured for all the VRFs separately because of two main reasons:
    1. Creating a VRF doesn't guarantee that you will get priority.
    2. After the traffic enters the Service Provider backbone its all MPLS traffic and many customers share the same backbone, so to have an effective treatment of your traffic you will need to define proper QOS.
    Regads
    Vivek

  • Failover from MPLS network to EIGRP network, need help.

    I hope I explain this right. We are about to add an MPLS Circuit between HA and SA sites. Currently We have HA Connecting to AV site via ATM and SA connecting to AV site via Frame-relay. All routes are via EIGRP.
    From what we gather from MPLS you need two subnets to connect to telco. A 30 bit for SA local and a 30 bit for HA local, with what ever in the MPLS cloud.
    Our question is this: If the 30 bit HA site subnet goes down and we are at the SA site. How do we get the SA interface to go down so that eigrp will pick up the link/path to the AV site as another path? If the MPLS cloud is up the interface will stay up right?

    Check here :
    http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/osm_inst/mpls.htm

  • OSPF design for branch offices across MPLS

    Hello fellow networking engineers,
    I want to implement OSPF in our network. We have multiple branch offices, all linked to an MPLS backbone.
    I know that in order to get linked areas, I would need to setup GRE tunnels between them, but I want to avoid static/manual configurations as much as possible. With multiple sites, it would become cumbersome to create a mesh real fast.
    Is running OSPF independent areas at each site, and simply redistributing over eBGP a valid solution? This will host voice and data, and will failover to VPN connection (Cisco ASAs) if the MPLS goes down.
    For the VPN backup links, I thought of two options. Either simply using the default route to send everything to the ASA in case of MPLS "death", or inject routes using IP SLA...
    Any input would be appreciated.

    Marc
    You don't GRE tunnels to link your areas if that is what you want to do.
    If the SP supports it then you can exchange your OSPF routes between areas and they will still be seen as inter area routes rather than OSPF externals which they would if you simply treated each area as isolated from each other.
    In effect the MPLS network becomes an OSPF super backbone area and your main site would also be part of the backbone area with all your other sites having an area each.
    You still redistribute your OSPF routes into BGP but with some extra configuration on both your CEs and the SP PE devices.
    Like I say you would need to check with your SP but it is possible.
    Whether or not you need or want it I don't know.
    Your other option is as you have proposed to treat each OSPF area as an isolated one and simply redistribute into OSPF at each CE. Then within each site all non local routes would be seen as OSPF external routes.
    Either way in terms of backup I would keep it simple and use a default route at each site pointing to the ASA device. I can't see what you gain from IP SLA because if the main MPLS link goes down at any site the only other path they have out is via the ASA so there is nothing really worth tracking.
    The only other thing I would mention is remote site to remote site traffic. If there is any then presumably with your VPN tunnels you would be doing a sort of hub and spoke where the hub is the main site so you may need to think about traffic coming in from one VPN tunnel and going out to another VPN tunnel on the main site ASA.
    This would only really be needed if two or more sites had to use their backup links at the same time.
    In terms of which is better ie. OSPF inter area across the MPLS cloud or OSPF externals I can't really say to be honest. With the MPLS networks i have worked on we ran EIGRP and simply treated each remote site as an isolated AS.
    If you are already running OSPF then you may want to preserve your existing areas so it would make sense to go with the inter area option.
    If it is a new setup then I don't really know the pros and cons of either so can't really comment.
    Perhaps others may add to the thread with their thoughts.
    Jon

  • MPLS - How are external/internal routes distinguished?

    Hi all
    I was setting up an MPLS environment and wanted to get some more information about how MPLS VPN's work. Basically I have three sites connected to the MPLS cloud. Site A runs EIGRP on the customer side and Site B runs OSPF on the customer side. Site C is the one in question. The way I have it designed, Sites A and C have full visability into one another and sites B and C have full visibility into one another. When I configure site C with eigrp, all proper routes are seen, but the OSPF routes from site B are seen as EIGRP external routes. When I switch site C to OSPF, EIGRP routes from site A are seen as OSPF External type 2 routes. I guess my ultimate question is, How does the PE router at site C know the originating protocol? All the routes it receives are from BGP. Does a certain attribute carry this? If so, is this feature specific to Cisco gear or an RFC standard? Thanks in advance for all your help. I can include configs if that would help, below I'll show you my RD and RT's for each VRF and the routing tables of the CE router at Site C before and after the change.
    Site A
    ip vrf a
    rd 1:111
    route-target export 1:100
    route-target import 1:101
    Site B
    ip vrf c
    rd 3:333
    route-target export 3:301
    route-target import 1:101
    Site C
    ip vrf a
    rd 1:111
    route-target export 1:101
    route-target import 1:100
    route-target import 3:301
    Change from EIGRP to OSPF
    Gateway of last resort is not set
         6.0.0.0/32 is subnetted, 1 subnets
    D       6.6.6.6 [90/435200] via 10.2.1.1, 00:05:26, Ethernet0/0
         7.0.0.0/32 is subnetted, 1 subnets
    C       7.7.7.7 is directly connected, Loopback1
         8.0.0.0/32 is subnetted, 1 subnets
    D EX    8.8.8.8 [170/2560025856] via 10.2.1.1, 00:02:13, Ethernet0/0
    D EX 111.0.0.0/8 [170/2560025856] via 10.2.1.1, 00:02:13, Ethernet0/0
         10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
    C       10.2.1.0/24 is directly connected, Ethernet0/0
    D       10.1.1.0/24 [90/307200] via 10.2.1.1, 00:05:56, Ethernet0/0
    D       10.20.0.0/16 [90/435200] via 10.2.1.1, 00:05:56, Ethernet0/0
    C       10.77.0.0/16 is directly connected, Loopback2
    D EX 192.168.1.0/24 [170/2560025856] via 10.2.1.1, 00:02:43, Ethernet0/0
    R7(config)#no router eigrp 22
    *Mar  1 02:10:20.747: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 22: Neighbor 10.2.1.1 (Ethernet0/0) is
    down: interface down
    R7(config)#router ospf 3
    R7(config-router)#network 10.0.0.0 0.255.255.255 area 0
    R7(config-router)#network 7.7.7.7 0.255.255.255 area 0
    R7(config-router)#end
    R7#show ip route
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route
    Gateway of last resort is not set
         6.0.0.0/32 is subnetted, 1 subnets
    O E2    6.6.6.6 [110/409600] via 10.2.1.1, 00:00:27, Ethernet0/0
         7.0.0.0/32 is subnetted, 1 subnets
    C       7.7.7.7 is directly connected, Loopback1
         8.0.0.0/32 is subnetted, 1 subnets
    O IA    8.8.8.8 [110/21] via 10.2.1.1, 00:00:27, Ethernet0/0
    O IA 111.0.0.0/8 [110/21] via 10.2.1.1, 00:00:27, Ethernet0/0
         10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
    C       10.2.1.0/24 is directly connected, Ethernet0/0
    O E2    10.1.1.0/24 [110/1] via 10.2.1.1, 00:00:26, Ethernet0/0
    O E2    10.20.0.0/16 [110/409600] via 10.2.1.1, 00:00:26, Ethernet0/0
    C       10.77.0.0/16 is directly connected, Loopback2
    O IA 192.168.1.0/24 [110/11] via 10.2.1.1, 00:00:26, Ethernet0/0
    R7#trace 6.6.6.6
    Type escape sequence to abort.
    Tracing the route to 6.6.6.6
      1 10.2.1.1 652 msec 396 msec 192 msec
      2 40.1.1.9 [MPLS: Labels 18/24 Exp 0] 2264 msec 2640 msec 2532 msec
      3 30.1.1.3 [MPLS: Labels 18/24 Exp 0] 2320 msec *  *
      4 10.1.1.1 [MPLS: Label 24 Exp 0] 1816 msec 1792 msec 2148 msec
      5 10.1.1.2 1940 msec *  2200 msec
    R7#

    Hello Edward,
    I see nothing strange in the results you have posted. They are completely natural to the process of carrying customer routes over MPLS L3 VPN.
    You know yourself that the customer routes are carried between PE routers using BGP, and from PE towards CE, these routes are redistributed from BGP into the particular routing protocol running between PE and CE. Each of these routing protocols automatically marks redistributed networks as external networks. For OSPF, this is a normal part of the open protocol specification - that routes injected into OSPF via redistribution shall be represented as external routes (and carried in LSA-5). Similarly, when you redistribute into EIGRP from a different routing protocol, these routes will be carried by EIGRP as external networks. So what you see here is natural and normal. Even if all sites ran the same routing protocol (EIGRP or OSPF), one site would see networks from other sites as external routes.
    In fact, there are extensions to BGP using extended community attributes that try to preserve the original nature of the redistributed routes. The prerequisite is that all sites run the same IGP, either OSPF or EIGRP. In that case, EIGRP routes carried over MPLS can be made look like internal routes although they are redistributed, and OSPF will make the routes appear as inter-area routes, not as external routes. There is even a modification to OSPF allowing you to see other sites as intra-area routes (though this requires configuring so-called OSPF sham links between PEs). All of this is done because an internal network is always preferred to an external network. This causes trouble if there is a backup link directly interconnecting two sites, bypassing the MPLS cloud. As the routing protocol run over this link advertises all networks as internal, this link would always be preferred to the MPLS VPN which is exactly the opposite of what you want to do.
    Please feel welcome to ask further!
    Best regards,
    Peter

  • MPLS for Private WAN between 2 service provider

    Hello All,
    we are current running an MPLS network from service provider 1 across our Branch office network. we need moe redudnancy and are looking to add another MPLS cloud from service provider 2. How would we integrate service provider 2 onto the same Cisco routers due to the fact the only 1 BGP AS can run inside the router? Any info would be appreciated.

    Hi vpollifrone
    For this Scenario whereby we have a single router and already peered with one ISP on private AS and now need peering with another ISP on Public AS we can make use of the "local-as" feature provided we own a Public AS...
    This way we can establish peering with the new ISP using the Public AS as the local AS in the neighbourship config and also reatain the existing peering with old ISP..What we need to make sure is that while sending update to the second ISP we replace the original private AS with the Public AS....
    Below commands will be handy for same..
    R5(config)#router bgp 64515
    R5(config-router)#neighbor x.x.x.x local-as zzzz ?
      no-prepend  Do not prepend local-as to updates from ebgp peers
    R5(config-router)#neighbor x.x.x.x local-as zzzz no
    R5(config-router)#neighbor x.x.x.x local-as zzzz no-prepend ?
      replace-as  Replace real AS with local AS in the EBGP updates
    R5(config-router)#neighbor x.x.x.x local-as zzzz no-prepend
    R5(config-router)#neighbor x.x.x.x local-as zzzz no-prepend replace-as
    You can refer the below very Useful Cisco Document for same
    http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gtbgpdas.html
    Hope this helps to answer your query.
    Regards
    Varma

Maybe you are looking for