Citrix over an MPLS
We are running Citrix over our MPLS, is there any way to accelerate ICA? I was told the only way to do this is using SSL over a WAN.. No acceleration over an mpls?
Dan,
If the Citrix flows can be redirected before being label switched in MPLS then WAAS can accelerate. Morever, to Chris's point, the WAE can decrypt an SSL based Citrix flow, accelerate, reencrypt and send it back on the wire to the Core WAE, then on to Citrix head end.
Do you have the option of transparently redirecting (wccp) the Citrix traffic prior to entering the MPLS cloud?
Another consideration if you can redirect the traffic via wccp prior to entering MPLS cloud, is if you have ECMP routing with dual mpls links and dual PE routers - Make sure you can leverge wccp negotiated return to avoid redirect loops..
Similar Messages
-
Control Packets over non-MPLS connection
Is it possible to configure Cisco router 7204 to send BGP packets not over LSP that has been established for the BGP peer, PE router, but over non-MPLS connection, while all data traffic to the PE router get forwarded through the LSP. In other words, I'm wondering it is possible to constrain all control
packets, including BGP, OSPF and LDP, to the non-MPLS interfaces, even though the LSP exists for the destination prefixes for the BGP packets.
I hope it could be applied to establishing MP-iBGP sessions between PE routers in MPLS/VPN network, in other words, we want all BGP packets not be forwarded through the LSP established between two PE routers, which is actually an ATM LER system since we have established non-MPLS connections between LERs in order to forward control packets including routing protocol and MPLS signaling protocol.
Any response will greatly appreciated.
Regards,
Yongjun.Yongjun,
r1------r2-----r3
\-------r4----/
r1, r3 are PEs
r2 is a P rotuer
r4 is a non-LSR
r1-r2-r3 is LSP
r1-r4-r3 is a ip path, non-lsp
Then, you can do 'local-policy routing on r1 and r3 to send the Bgp control traffic over r1--r4--r3 path.
config on r1:
ip local policy route-map foo
route-map foo perm 10
match ip addr 100
set ip next-hop
access-list 100 perm tcp host eq 179 host
access-list 100 perm tcp host host eq 179
you got to do similar config on r3.
let me know if you have further q's.
best regards,
gopal -
DiffServ & TE paths are required to deploy commercial VoIP over a MPLS net.
Dear members.
There's something I'd like to know from those that truly and successfully
implement commercial VoIP over a MPLS infrastructure.
Supporting IP QoS (DiffServ) across the core backbone and/or MPLS traffic-
engineered paths is really required ?
Consider a whole backbone built with high speed throughput connections, plenty of bandwidth availability and no periods of congestion!
I do believe TE tunnels (paths) are necessary for quick recovery when a node
or link fails, but rather them assuming something I haven't experienced yet
I'd like to listen from those who really have already successfully deployed
commercial VoIP.
Best regards.
Murilo Pugliese.With increasing adoption of voice over IP (VoIP), the landscape for deployment is rapidly changing. Service providers are often driven by the need to provide customers a high grade of service to carry voice traffic across a network. However, today's multiservice packet networks rely on IP-based packet switching. In addition, IP by itself is simply best-effort service that is not sufficient to provide the strict delay, jitter, and bandwidth guarantees required for VoIP and other real-time traffic. Cisco IOS QoS features are ideal for this situation. Using the IETF differentiated services (DiffServ) model for QoS, VoIP traffic can be treated appropriately.
http://www.cisco.com/en/US/netsol/ns341/ns396/ns172/ns155/networking_solutions_white_paper09186a00800a8441.shtml -
How to prevent packet forwarding over non-MPLS connection.
I'm wondering if it is possible to configure Cisco ESR to not forward packet over non-MPLS connection(VPI/VCI=0/32) when an LSP for its destination has not been established, while allowing control packets(BGP, LDP, OSPF) to be sent over non-MPLS connection. The reason why I ask about is as follows.
Referring to the following network configuration,
R1 --- Cisco_ESR --- ATM_LSR --- LER --- R2
<--> non-MPLS connection
----------------------->
LSPs
----------------------->
In the ordinary operation, when a packet arrives at Cisco_LER from R1, it gets forwarded over an LSP if available, while getting forwarded over non-MPLS connection(VPI/VCI=0/32) if the corresponding LSP is not available. In the configuration mentioned above,ATM_LSR does software-based packet processing for incoming packet through non-MPLS channel, while doing cell-switching for LSP traffic. Thus if ESR sends packet over non-MPLS connection, e.g, STM-1c, the ATM_LSR could get crashed or time-critical control traffic could be delayed or lost, thereby resulting in BGP/LDP session failure between ESR and ATM_LSR or LER.
In summary, my question is how to prevent Cisco_ESR from forwarding packets over non-MPLS connection when LSPs for their destinations are not available due to LSP failures.
Thanks.
Yongjun.It already is, except for Aliens, they have access to everything on your phone(they always have had this access) .
-
Gre tunnel over 2 mpls routers
I have 2 sites and the voice server is in site A and Site B are the remote phones . Right now voice vlan go over the DMVPN we are facing some degraded performance and decided to move voice traffic to mpls .
We need to carry the multicast traffic as well which is not supported over our MPLS circuit. I have no idea why provider is not supporting multicast traffic over mpls circuit.
So we decided to create GRE tunnels to carry multicast traffic over MPLS .We have L3 switches on both sites Site A cisco 4500 and Site B cisco 3850 . and MPLS connectivity is reachable upto L3 core switches. With 3850 we had issue to create tunnels and i have upgraded the IOS after upgrading i came to know no more tunnels are supported on 3850. So cannot have Gre tunnel between our L3 switches over the MPLS.
My Question is can i ask the MPLS provider to setup tunnels on their routers which they are ready to help and point the static routes for voice vlan towards gre tunnels over mpls .
Can you advise any other solution or does this solution would work.?Aneesh,
Lost of connectivity between the two PEs would indeed cause the GRE tunnel interface to go down, assuming that you configure tunnel keepalives as follow:
int tu0
keepalive
Regards -
A Chairde,
I am nearly sure the answer is no, but will ask anyway.
I want to connect two private networks over a corporate WAN , and am looking to keep the router traffic (BGP) and routing traffic under control.
I only have control of the two lab routers, the routers in middle are controlled by IT dept. , is there anyway of setting up MPLS with this scenario ???
Any other suggestions ......You could indeed run MPLS over a GRE interface.
If you want to run MPLS VPN, then I would suggest configuring MPLS VPN over l2tpv3. See the following URL for more details:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00802b4817.html
Let me know if I answered your question, -
Ethernet Pseudowire over IP/MPLS
Hello there,
Anyone has any case study example regarding transmitting Ethernet PW over MPLS/IP core network?
ThanksHi chris,
Here is a link gives you brilliant explanation and also exampls configuration for EoMPLS and other stuff.
In fact this is taken from the Layer 2 VPN Architectures book by Cisco Press. I found it extremely helpful. It covers both the modes RAW mode(port based) and TAGGED mode(vlan based mode)
http://fengnet.com/book/Layer%202%20VPN%20Architectures/ch07.html#idd1e13647
HTH
Kishore -
Has anyone used Pseudowire over Traffic Enginnering MPLS?
What i would like to do is setup the MPLS TE using OSPF, built layer 3 tunnels between sites and then use Pseudowire to extend vlans over the TE MPLS tunnels and isolate the vlans using VRF-Lite.
Advice pls..
FranciscoHi Francisco,
You can map a PW to a MPLS-TE tunnel via the PW-class:
pseudowire-class TE
encapsulation mpls
preferred-path interface Tunnel0
interface Ethernet0/0
xconnect 1.1.1.1 10 pw-class TE
HTH
Laurent. -
Port Channel over L2 MPLS links
Hello.
I was hoping that someone could over some suggestions on best practice or recommendations for configuring port channel to bundle to layer 2 MPLS links that we have.
We have racks in two geographically separated data centres, each rack has a stack of Cisco 3850 switches, and there are two 100Mbps layer 2 connections linking these stacks together. The links are provided by our supplier and runs over their core network (I can get more info on their setup if need be).
I had initially just configured a simple port channel bundling the two ports on "Switch A", and the same on "Switch B". However I have since noticed that one of the ports was put into error disabled state, and I have my doubts that we ever had 200Mbps throughput over the portchannel.
The logs showed:
UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Gix/x/x, aggressive mode failure detected
%PM-4-ERR_DISABLE: udld error detected on Gix/x/x, putting Gix/x/x in err-disable state
How I understand is that one of ports recieved an unexpected (or incorrect) BPDU packet, and shut the port down as part of spanning tree process to stop a loop forming.
For the time being I have removed the port channel config and re-opened all the ports, so I believe one of the ports is now in blocking state.
Whilst redundancy for these links is great, ideally I would like to have the links bundled so I also get the benefit of higher throughput.
Any thoughts are greatly appreciated.
Thank youHi,
Thank you for your reply and suggestions. I have been reading up on layer 2 protocol tunnelling and I'm not sure if this will work for us. According to these guidelines for the catalyst 3550 (http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swtunnel.html#wp1006657) it states:
•If you enable PAgP or LACP tunneling, we recommend that you also enable UDLD on the interface for faster link-failure detection.
•Tunneling is not supported on trunk ports. If you enter the l2protocol-tunnel interface configuration command on a trunk port, the command is accepted, but Layer 2 tunneling does not take affect unless you change the port to a tunnel port or an access port.
•EtherChannel port groups are compatible with tunnel ports when the 802.1Q configuration is consistent within an EtherChannel port group.
(maybe its a different and is supported on 3850's)
Also, I cant use layer 3 over this link as I am looking to extend VLANs over the link so devices and virtual machines in each of the datacentre are in the same subnet and broadcast domain.
I will speak with the supplier to see what they are willing to do.
Thanks again. -
Running Large Backups over an MPLS Network
We are opening up a second data center at my organization. The location is about 60 miles from our primary data center.
At our primary data center we use an MPLS network for our WAN. We have ll remote locations on our WAN and we have a DS-3 that connects to our primary data center.
At our new second data center we will connect it to the MPLS network.
Do you think we should run our backups between the 2 data centers across the MPLS or do you think we should order a seperate private line or ethernet type service between the 2 data centers? All back ups from our primary data center will continually move across the network to our new secondary data center.
Do you think MPLS is a good technology to run large back ups across? Is it reliable enough"Do you think MPLS is a good technology to run large back ups across?"
Sure.
"Is it reliable enough"
Depends more on your MPLS provider than the technology itself.
Two issues that may be more important to you vs. how "reliable" MPLS is, might be cost of bandwidth vs. other technologies or sharing the MPLS bandwidth with non-backup applications. The latter would depend much on what QoS that might be available to you to insure your backup traffic doesn't adversely impact non-backup traffic. -
With Vignesh R. P.
Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions about concept, configuration and troubleshooting Layer 2 MPLS VPN - Any Transport over MPLS (AToM) with Vignesh R. P.
Cisco Any Transport over MPLS (AToM) is a solution for transporting Layer 2 packets over an MPLS backbone. It enables Service Providers to supply connectivity between customer sites with existing data link layer (Layer 2) networks via a single, integrated, packet-based network infrastructure: a Cisco MPLS network. Instead of using separate networks with network management environments, service providers can deliver Layer 2 connections over an MPLS backbone. AToM provides a common framework to encapsulate and transport supported Layer 2 traffic types over an MPLS network core.
Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
Remember to use the rating system to let Vignesh know if you have received an adequate response.
Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Service Provider sub-community discussion forum shortly after the event. This event lasts through through September 21, 2012. Visit this forum often to view responses to your questions and the questions of other community members.Hi Tenaro,
AToM stands for Any Transport over MPLS and it is Cisco's terminology used for Layer 2 MPLS VPN or Virtual Private Wire Service. It is basically a Layer 2 Point-to-Point Service. AToM basically supports various Layer 2 protocols like Ethernet, HDLC, PPP, ATM and Frame Relay.
The customer routers interconnect with the service provider routers at Layer 2. AToM eliminates the need for the legacy network from the service provider carrying these kinds of traffic and integrates this service into the MPLS network that already transports the MPLS VPN traffic.
AToM is an open standards-based architecture that uses the label switching architecture of MPLS and can be integrated into any network that is running MPLS. The advantage to the customer is that they do not need to change anything. Their routers that are connecting to the service provider routers can still use the same Layer 2 encapsulation type as before and do not need to run an IP routing protocol to the provider edge routers as in the MPLS VPN solution.
The service provider does not need to change anything on the provider (P) routers in the core of the MPLS network. The intelligence to support AToM sits entirely on the PE routers. The core label switching routers (LSRs) only switch labeled packets, whereas the edge LSRs impose and dispose of labels on the Layer 2 frames.
Whereas pseudowire is a connection between the PE routers and emulates a wire that is carrying Layer 2 frames. Pseudowires use tunneling. The Layer 2 frames are encapsulated into a labeled (MPLS) packet. The result is that the specific Layer 2 service—its operation and characteristics—is emulated across a Packet Switched Network.
Another technology that more or less achieves the result of AToM is L2TPV3. In the case of L2TPV3 Layer 2 frames are encapsulated into an IP packet instead of a labelled MPLS packet.
Hope the above explanation helps you. Kindly revert incase of further clarification required.
Thanks & Regards,
Vignesh R P -
Point to Mulipoint L2VPN trunks over MPLS
Can we have trunk between more than 2 CE over MPLS in short we are looking for the point to multipoint MPLS L2 VPN where more than 2 CE will share the common ethernet segment over MPLS to share the vlan database
Let me give more info @ solution which we are trying find out
CE1,CE2,CE3 & CE4 are the core switches at respective location, we are looking for the same vlan database between these core switches over the MPLS
CE1 will be connected to PE1
CE2 will be connected to PE2
CE3 will be connected to PE3
CE4 will be connected to PE4
so can we have the L2 vpn between CE1,CE2,CE3 & CE4 where the interface connected to respective PE's will be TRUNK ?hi
thanks for the pdf, I had tried the VPLS earlier. the circuit are coming up but I am not able to ping between CE's Vlan ip address although VC are up
PE end config
interface GigabitEthernet1/35
description L2 Connectivity to KBL039SW1 (TEMP)
switchport
switchport access vlan 100
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
CE-1 end config
interface FastEthernet1/0/48
switchport trunk encapsulation dot1q
switchport mode trunk
end
int vlan 100
ip address 10.10.10.1 255.255.255.0
other end vlan 100 ip address is 10.10.10.2 but not able to ping this ip address from CE-1
any guess what cpuld be the problem? -
Hello Friend,
Need ur help on MPLS over-relay setup encryption.
I have 10sites across world which will connect via MPLS, were ISP will participate in customer routing they will do the optimized routing.
CE routers are managed my ISP, i need to encrypt the data before entering into the MPLS cloud and decrypt the data when its entering the other end LAN.
Basically looking for encryption between CE to CE is there is any way to do this?????
Regards,
NarenHello Naren,
CE to CE encryption is not a problem.
As discussed in a recent thread you can use DMVPN or GETVPN to implement a mesh of encrypted communication tunnels between different CE sites.
For DMVPN you can refer to the solution reference network design
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG.html
another design guide for enterprise using MPLS L3 VPN services
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/ngwane.html
I've tested DMVPN over an MPLS L3 VPN and it works well.
GETVPN is a more recent security framework that can be considered too
Hope to help
Giuseppe -
VOIP configuration over mpls link
Hi
we want to deploy voip for multiple location over the mpls lines we have between the multiple location can any body suggest the feasibility and how to do it and any related document and guidance for that
Thanks
Manish gaurHi,
what do you call a "mpls link"? Do you have an IP interface connecting to a MPLS network implemented by a provider or do you operate a MPLS network yourself?
In any case you might have a look at
1) Enterprise QoS Solution Reference Network Design Guide Version 3.3
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a008049b062.pdf
2) Layer 3 MPLS VPN Enterprise Consumer Guide Version 2
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008077b19b.pdf
3) Various design guides for Unified communications
http://www.cisco.com/en/US/netsol/ns656/networking_solutions_design_guidances_list.html#anchor10
Hope this helps!
Regards, Martin -
Voip deployment over mpls link
Hi
we want to deploy voip for multiple location over the mpls lines we have between the multiple location can any body suggest the feasibility and how to do it and any related document and guidance for that
Thanks
Manish gaurManish,
That is probably the best way to connect multiple sites without having to connect each one with a T1, etc. Our MPLS vendor has an SLA on latency with 50ms or less guaranteed. With voice you want to make sure the latency is definitely less than 150ms. For ease of management we're using a router at each remote site with SRST capabilities so that all of the configuration remains at the main HQ callmanager, but if the connection ever goes down, the remote site phones will still be able to call each other (not main office until connection is restored) Alternatively you can put a router at each site with CallManager Express, you will just have to manage each site separately. Hope that helps a little.
Maybe you are looking for
-
Bootcamp will not load Windows installer - No bootable device, insert disk then press any key
Hello, I recently decided to install bootcamp onto my 2009 27" iMac, I have done this before for other people's computers and I thought it would be no different for my own. However, on attempt to install the Windows disk, instead of starting the inst
-
Need list of POs with 1 currency type (because has 1 POItems w/ different
In the old system users would put currency type on po items. In new system, they are putting it only on PO, not the items. I am migrating from old system to new and would like to put currency type on the PO. 1. I want to get a report of POs that have
-
Whenever i click get started for apple support on any device it is just coming up with a error. Hwo do i contact them then if i cant let thtem know the page is broken? This is the error i'm receiving An error occurred while processing your request.
-
Hello All, I was designing a page where I wanted the user to be forced to use the Dynarch Calendar (Great with Spry!!!) and not enter a date in the wrong format, because Dynarch breaks spry if you try to enforce a pattern. So to do this, I set the th
-
I cannot get firefox to download to my computer internet explorer wont allow.
I click the download button it asks to run and save program button then nothing.It says something about internet explorer wont allow.