MPLS Design

Similar Messages

• Layer 3 to the Access Layer and MPLS Design Considerations

  Hi,
  We are about to install a new network consisting of Cat 4500s with Sup7E at the Access Layer, with Nexus 7000 at the Distribution and Core layers.
  We have 14 floors with at least three 4500s on each floor. Within the office block where the Access Layer and Distribution Layer reside we need to support secure borderless networking using 802.1x to place users from different parts of the business into segregated networks at layer 3.
  All switches will have the feature sets to support MPLS/ VRF / OSPF / EIGRP / BGP etc.
  We quickly dismissed the idea of using VRF-Lite due to the sheer number of Vlans we would need to managage and maintain,  the point to point links alone just to get one additional VRF on each floor required far too many Vlans.
  As a result we are now considering deploying MPLS. The obvious benefits include scalability and manageability, the fact that all switch to switch links can now be routed, instead of having to using SVIs.
  My query is one of design surrounding MPLS and how this maps to an enterprise network with a routed access layer. Do Cat 4500s become the CEs and take part in MPLS / BGP and Label Distribution, or does the BGP peering and Label Distribution only occur between the Distrubtion - Core - Distrubtion layers, mapping to the PE - P - PE topology in an ISP environment, the access layer simply uses the IGP (OSPF in this case) to learn routes ?
  Any help would be greatly appreciated.
  Chris.

  Hi Andy,
  Thanks for your response.
  I have been doing a little bit more research it seems the Cat 4500s do not support MPLS!! Nor do Cisco have any plans to support it on this platform. I find this a little rediculous considering the level that Cisco are pitching this platform. With the Sup 7E only VRF Lite is supported, with plans to support EVN (which still uses trunk links for logical separation).
  So it looks like we are going to have to go back to the drawing board.
  (perhaps we should have gone HP or Juniper!)
  Chris.

• Best practice MPLS design/configuration for small service provider

  We are a small regional service provider and did not have MPLS supported on our network.  To start supporting MPLS, I’d like to get opinions and recommendations on the best practice configuration. 
  Here is what we have today –
  We have our own BGP AS and multiple /24s.
  We are running OSPF on the Cores and BGP on the Edge routers peering with ISPs.
  We peer with multiple tier-1 ISPs for internet traffic. We do not provide public transit.
  What we want for phase one MPLS implementation –
  Configure basic MPLS /vpn functionality.
  No QoS optimization required for phase 1.
  We have Cisco ME 3600X for  PE. Any recommendations will be appreciated.

  Not sure what kind of devices or routers you have in your network but looks for if you have support for labeled multicast for MVPN support. That will avoid other complexity of using other control protocols (like PIM) in core.
  PE redundancy can be obtained by BGP attributes, CE-PE connectivity can be tunned using IGP or VRRP/HSRP...
  You can have mutiple RSVP TEs for various contract traffic and you can bind various kind of traffic to different RSVP Tunnels based on contract or service with your customer.
  RSVP-TE with link/node protection design will be of great help to achieve quicker failover.

• MPLS Design Best Practices for SP

  When deploying a new MPLS backbone for a Service Provider, what will be consider the best practices in general? For example what about the following list and any other items:
  - Define the Internet as a VRF?
  - Use private ASNs?
  - Define a VRF per special service?
  - Use at least two route reflectors?
  - Use OSPF as IGP?
  - Limit the CE-PE routing support to OSPF and BGP?
  What will be the best approach for management of the devices? A management VRF or the nodes to natively be on a management network?
  What to consider when designing from scratch?

  William some recommended practises, although you can point out your specific constraints in adopting any.
  - Define the Internet as a VRF?
  (Yes Logical speperation is the way to go.)
  - Use private ASNs?
  (No, use a Public AS, you may have to peer outside your AS in a VRF with other AS's)
  - Define a VRF per special service?
  (This is Perfect , Logical Seperation)
  - Use at least two route reflectors?
  (Right, atleast 2 and above that depends on the size of your network)
  - Use OSPF as IGP?
  (I dont see any problems with OSPF in scaling for big networks)
  - Limit the CE-PE routing support to OSPF and BGP?
  (This aspect shouldnt impact much really, you can very well support all the protocols, as its more of serving your customers, rather than dictating the conditions.
  Yes have a seperate VRF for Device Managements (also give a thought for a management subnet, which would be unique across your network)
  You should generally start with a overview topology, introdcution of the objectives. And then go ahead with the suggested phy topo,
  And then move on to the logical services, beggining from Core IGP, then core BGP, and then all the add on protocols, multicast , MPLS TE etc/. Then you can cover specilized service and their logic and description in the end.
  Pretty much, just simply think of building out right from scratch that is Physical Layer and Move to Layer 2 and then Layer 3 Layer 4 .
  So basically you doc should be index in a manner following the sequence of the OSI layers, this gives a good flow to the doc. And rest remains is the description of the logic used in each service or deployment method, that would be your skill.
  HTH-Cheers,
  Swaroop

• MPLS design question

  Hi all,
  what is the best solution to extend a node (PE router) over a third party IP network.
  Here is the scenario - there is a need to extend an MPLS network to a new location, but due to commercial/policy reason the only available options are a third part IP Network (non-MPLS) and a back haul wireless link. We are thinking of making the IP Network the primary link and the wireless back haul the back up links.
  Is L2TPv3 the only solution? I want to make use of the wireless back haul also for some traffic.
  Regards,
  san

  Hi Aasheesh,
  The service provider will only give me a L3 connectivity. In this case the LDP session will not establish with my PE on both ends.
  I tries GRE on my PE with LDP enabled and it seems to take the command, but i have to try this between two PE. so I am not sure if I can bring the tunnel up and allow the two PEs to exchange LDP. I was just hoping that i could find a doc on it so that I can be sure that it will work. If you know if any doc that would be great.
  reagrds,
  san

• MPLS design recommendation

  Hello all
  i have 2 ASR 9000 acting as P routers connected to PEs in different remote locations.
  access switch ------ PE router 1 ------DSW switch -------ASR 9k (P router)--------PE router in remote locations
  both PE 1 and ASR 9k are in the same location
  the DSW Switch is connected to AAA server and also terminates the microwave connection that acts as a redundant link
  my question is :
  what would be the impact if i remove the DSW Switch and terminate the microwave redundant connection on the ASR9k ?
  where can i connect the AAA server then ?

  If you want to completly eleminate the DSW switch from your network then,
  HQ(AAA-----access Switch---PE Router-----ASR9k(P Router)---Other PE Router
  If you challenge is only terminating the link between PE to P directly and you still can put the DSW then
  HQ(Access Switch-----DSW------ Router(PE)-------ASR 9k P Router----Other PE Router
                                              |
                                              |
                                           AAA
  Hope Answer to your question
  BR
  Thanveer
  "Please Rate All Helpful Posts"

• MPLS for small network

  In the past we have always had point to point links between our 3 remote offices and our corporate office. We're now switching to a MPLS network for all four sites.
  We currently use Cisco 1721 routers for our WAN. What protocol should we use for routing across this new MPLS network? I'm also looking for a document what else I may need to configure for this MPLS design on the router itself.
  We will have 1721 routers at all sites.

  Hi,
  for you as a customer the most appropriate picture is: The MPLS VPN behaves like one single IP router interconnecting your sites.
  In your case just consider your 4 1721 being connected to one ISP router. There is no MPLS specific config needed on your 1721, MPLS is only within your ISP network.
  This means: you send IP routing updates from one site to the "MPLS IP router simulator" and the updates will be sent further on to the other 3 1721. You forward an IP packet to the "MPLS IP router simulator" and it forwards it as IP packet to one of your other 3 1721.
  If you are not dual homed or using backups then RIP would address all your needs. Also static routing might be suitable and the most simple aproach in your scenario.
  Hope this helps! Please rate all posts.
  Regards, Martin

• MPLS Service

  Hi,
  I would like to know how everyone does their MPLS design. Ideally, you put all sites on one single MPLS service provider, e.g. ATT, with single access link. Data centers will have two access links for redundancy.
  However, what if I want to have two MPLS service providers, put half of the sites on one MPLS cloud and another half on the second MPLS cloud? How would you do the routing between them? ATT stated that they would not exchange routes to another SP. I would like to know if anyone has two MPLS SP and how they do it.
  Thanks.

  Kevin,
  What we do is terminate the one Service Provider on one router, and then terminate the other service provider on another and share routes between the two routers through your own infrastructure.
  This isn't the only design but one that we have implemented.

• MPLS Sanity-check

  Hi,
  I need someone to do a sanity check on a MPLS design.
  I doing some consulting in a expanding metronet, in Sweden.
  I've got the need to run ethernet over ATM, so I'm thinking EoMPLS. So my query, is it possible to run EoMPLS over the following
  configuration. If so, can I also runs q-in-q (if I reconfigure the MTU size on both sides).
  1Q-TRUNK - 7200VXR - ATM-SWITCH (NON-MPLS) - ATM-SWITCH (NON-MPLS) - 7200VXR - 1Q-TRUNK
  Thanks
  Best regards
  Daniel

  It is certainly possible to run MPLS (frame mode) on the interface/subinterface between the two 7200s, which will allow you to run EoMPLS. You should also be able to configure q-in-q in this configuration.
  Hope this helps,

• URGENT: QoS Design on Data Center MPLS - MediaNet Question...

  Hello,
  I am posting this in hopes I can get some guidance from anyone who has done this in the field.  We have a large enterprise customer with 21 sites all around the world, they have Verizon MPLS and are experiencing QoS related issues on their WAN regarding Video/Voice.  We have proposed remediating their network acccording to the Enterprise QoS SRND 3.3 and the new MediaNet SRND to account for Video and TP QoS (     
  http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html )
  Here is the problem/question that was proposed in our presales meeting and I honestly don't know where to look for an answer... I am not asking for anyone to design a solution for me, just merely point me in the right direction:
  The Data Center has a ~40MB MPLS Connection ( full mesh ) into the cloud ( Verizon )
  Site A has a 8MB connection
  Site B has a 4MB connection
  I know on the Service policy and the interfaces at SiteA and SiteB I can assign "Bandwidth xxxx" and use ~95% of the bandwidth to do queuing and shaping/policing ect.  I am not concerned with SiteA and SiteB, that I think I can handle...
  Question was posed from the customer, "How can we ensure at the DataCenter level the 40MB MPLS is "chopped" up so that only 8MB of the total speed goes to SiteA ALONG with an attached QoS policy designed for that specific site, as well as ensure only 4MB goes to SiteB with an attached QoS policy.
  So I am looking for a way to allocate bandwith per site on the DC 40MB connection going into the cloud ( so that SiteB cannot use more than 4MB ) and attach a MediaNet specific QoS Service policy to that site.  The customer does not have seperate MPLS circuits for each site, they all come into the DC on 40MB shared ethernet connection ( no VC, or dedicated circuits to other sites ). 
  Any thoughts on if this is possible? 
  Thanks!
  Alex

  This is an example I have seen and I hope that is useful to you.
  Site A
  Subnet: 172.16.1.0/24
  Site B
  Subnet:172.16.2.0/24
  HeadOffice:
  ip access-list extended Site_A
  permit ip any 172.16.1.0 0.0.0.255
  ip access-list extended Site_B
  permit ip any 172.16.2.0 0.0.0.255
  class-map match-any Site_A
  match access-group name Site_A
  class-map match-any Site_B
  match access-group name Site_B
  policy-map To_Spokes
  class Site_A
  shape average 8000000
  service-policy Sub_Policy(Optional)
  class Site_B
    shape average 4000000
    service-policy Sub_Policy(Optional)
  class class-default
    shape average 28000000
    service-policy Sub_Policy(Optional)
  Interface G0/0
  Description To MPLS cloud
  bandwidth 40000000
  service-policy output To_Spokes
  interface G0/1
    Description To HeadOffice
  bandwidth 40000000
  service-policy output To_Spokes
  It would be greatly appreciated if someone can correct this or improve it as I am still learning.
  Please see the netflow graph from one of our routers using a similar policy as above.

• Help wanted in designing a MPLS POP

  Hello,
  I have made a basic MPLS POP design and would really be thankful if anyone in the forum can help me to "vet" and improve it further and give critical comments.
  The POP design is based on VNO model (Virtual Network Operator)
  NetPros willing to extend help can contact me on [email protected] or [email protected]
  Thanks in advance.
  Cheers,
  ~Sultan

  The customer premises equipment (CPE) runs ordinary IP forwarding and normally does not run MPLS.If the CPE does run MPLS, it uses it independently from the provider. It is important to note that the edge LSRs are part of the provider network and are controlled by the provider.

• MPLS network design challenge

  Hi,
  I have a design issue for which I really like your help.
  In a MPLS network there are twoPOP gateway routers (G1,G2) peering with various MPLS VPN Service providers via B2B vrf eBGP peering are in 4 different ASN's. They inturn all peer via VPNv4 eBGP with the Core ASN which comprises of  2 Nos VPNv4 RR's and every site in the ASN haveing 2 P/PE per site. Every P/PE is peering via VPNv4- iBGP with the VPNv4 RR's. The RR's are not in the forwarding path of the traffic.
  Every site has 2 Nos CE routers and each CE router does a vrf based ebgp peering with the P/PE's.
  The P/PE routers import 2Nos RT exported by the 2 Nos POP G/w routers and inturn selects the best path and pass it to the CE routers.
  Now it is seen that the P/PE of all sites is selecting the best path adverstised by G1 instead of  G2 based on the AS PATH length and the shortest path is being adverstised by G1. So till a situation arises that the G1 is down till that time the P/PE's are forwarding the outbound traffic from the CE to G1 even also when the IGP cost is adding up high and when there is a direct link failure from the P/PE site to G1 site.
  It therefore makes sense that if the direct physical link form a P/PE site to the site G1 is located goes down ,the P/PE's then should choose  G2 via another path even when G1 is available.
  Does these sort of requirements ever come in SP environments from customers ? if so what are the solutions ..
  Thanks in advance
  Kas

  Hi kas,
  This type of requirement come to providers and there are few options which provider can implement.
  1- Play with local preference along with import map in vrf if requirement is customer specific. I mean if one customer want that G1 should be primary exit point and other customer want G2 as primary exit than he can use import map (which is similar to route-map )
  ip vrf ABCD
  rd XX
  import map ABCD
  route-target export XX
  route-target import YY
  route-map ABCD permit 20
  set local-preference >100
  2- Or you can play with As-path prepending option if you want to skip selection based on local preference.
  it is in provider interest to provide you solution. as there are options of affecting traffic by using communities.
  Please provide diagram and some config for complete solution.
  Regards
  Mahesh

• Design validation for Internet over MPLS

  We have a Network on MPLS backbone with dual service provider.
  There are 50 spoke location.
  DC and DR location
  Topology is hub and spoke with all sites accessing data hosted at primary DC.
  ALso in case of disaster all the spoke sites will connect to DR site.
  Servers at DR site are on unique IP and failover from DC to DR is taken care by BGP routing intelligence.
  Aim is to give controlled internet access to all the spoke sites from DC and incase of failure internet should be available from DR site.
  As per our design architecture we are planning to upgrade the last mile bandwidth and MPLS port of all spoke sites and central site MPLS port bandwidth to give integrated access on the same last mile for all the locations.
  Both types of traffic private and public will ride on the same MPLS bancbone and come to the primary DC site CE router.
  At CE router we will segreggate the traffic meant for datacentre and internet cloud.
  We will also deploy firewall and separate internet router and proxy server for the proposed internet connectivity to control the spoke sites traffic.
  Is this a good design.
  Pls suggest with configuration on how are we going to achiecve this
  Also currently we are using BGP between CE-PE --- it should take care of the global routing meant for Internet traffic by flooding default route across all the spoke sites
  Pls fins the existing architecute attahced.
  Any inputs on the same will be appreciated.
  Regards

  As per your post you are looking for the solution to route internet via DC and on failure via DR.
  To do this you can inject default routes from both DC and DR. in doing this all the PE's in SP1 and SP2 will have 2 defaults in the VRF table for you. But only 1 would be installed based on regular BGP path selection process.
  To manipulate and select default from DC you can change any BGP path attribute and make the DC default favourable over DR default.
  I did not understand where you are doing PBR, but anyway PBR will work in sync with CEF without putting any load on you CPU since IOS 12.0. So you can run PBR whereever you are running it.
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htm
  To answer is this a good design or not, more inputs would be required as the current diagram is insufficient with legends, and the logic behind the creation of 3 vlans in the diagram is not explained in the post.
  Its not clear which site are you designating as spoke site, as the remote sites box has dual routers and dual connections.
  Since a good design of a network is more of what your data flow and business needs are and then based upon it, the technical design should meet the requirements put forth and scale as well at the same time. Here if you agree we dont have any of those inputs as well.
  HTH-Cheers,
  Swaroop

• 6500 Virtual Switching System (VSS) design in MPLS PE PoP

  ...

  Hello,
  The VSS is not designed to function as a PE , its best fit in a DataCenter Environment where I have Multiple Links from Core/Access to the Distribution layer.
  Although VSS provides Higher backblane Throughput, Ease and Single Administartion Managment, and Redundancy SSO between SUP engines at the Control Plane, These features wont help at the MPLS edge, why? because Both Chasis have identical configuration, So I cant have two links from the CE or from the P router to the same VSS Chasis, So I have No redundancy here.
  what if a VSL link fails between the Two Chasis, Each chasis will revert to be as a standlone chasis with Identical Configuration, So I dont have redundancy here.
  The VSS would be an ideal option as a PE router  if the CE and P routers can form a direct Layer-3 Eitherchannel to each of the VSS chasis in order to benefit from a redundancy, in this case we can say we have (Intra Chasis Redundancy).
  Since this Type of Scenario is not an option, then its normaly Service Providers prefer (Inter Chasis Redundancy) by having Two Different PE routers with two different Configuration to have resilency.
  Other than that, it could quitely fit.
  Regards,
  Mohamed

• MPLS network design questions

  we have in our company 230 remote sites, and we are changing all of our circuits to MPLS. wondering if i need to get a high end router in our Data Center? currently we have 3925. also what is the best routing protocol to use in this kind of network? Eigrp or ospf? MPLS will be hosted by the service provider

  I have found that the provider typically wants to know exactly what routes you will be advertising when using EIGRP or OSPF. This is something they will have to configure on their network to allow. For example EIGRP routes flow from Site A to Site B and you have a new subnet to use for an application. You put the proper network statements in EIGRP and are not learning routes on the other side. You would then have to fill out a form or call a support number to get your new network to the other side.
  With BGP there is much more control over what you can advertise with adding networks. With 230 sites you will feel the benefit quickly if you start growing and adding subnets in data centers or additional sites.