MPLS network design challenge

Similar Messages

• MPLS network design questions

  we have in our company 230 remote sites, and we are changing all of our circuits to MPLS. wondering if i need to get a high end router in our Data Center? currently we have 3925. also what is the best routing protocol to use in this kind of network? Eigrp or ospf? MPLS will be hosted by the service provider

  I have found that the provider typically wants to know exactly what routes you will be advertising when using EIGRP or OSPF. This is something they will have to configure on their network to allow. For example EIGRP routes flow from Site A to Site B and you have a new subnet to use for an application. You put the proper network statements in EIGRP and are not learning routes on the other side. You would then have to fill out a form or call a support number to get your new network to the other side.
  With BGP there is much more control over what you can advertise with adding networks. With 230 sites you will feel the benefit quickly if you start growing and adding subnets in data centers or additional sites.

• Full mesh VPN solution for on MPLS network with PE and CPEs

  Hi,
  We are trying to evaluate some best solution for Hub-Spoke mesh vpn solution in a MPLS network. The VPN hub router will be in PE router and all the VPN spoke will be in CPE.
  Can someone please let us know what will be the best vpn solution, we understands that there will be some technical limitations going with GETVPN but still we did counld find any documenation for possiblity of using DMVPN.
  How about the recent flexvpn, can fex-vpn work on this requirement, where can i get a design/configuration document.?
  thanks in advance.

  Hello,
  GetVPN is intended for (ANY-to-ANY) type of VPN communication, over an MPLS network with Hub and Spoke Topology, your best Option is to look for Cisco (DMVPN) implementation where this type of VPN is primarily designed for Hub & Spoke.
  Regards,
  Mohamed

• Venturing into MPLS Network

  Hi all, it is just my curiousity that ended up with a small discussion like this. Here's about it...
  My company has a main client which have tonnes of remote sites connecting to both their HQ and Disaster Recovery Centre. Some of the remote sites still running on frame-relay, while other is purely leased-line. There's a few question I wish I can clear up as follows:
  i. When the client have frame-relay device, what we do is create a tunnel and route all the frame-relay traffic over. Is there any advantage if we change it over to MPLS?
  ii. Even if comparing to leased-line services, what kind of advantages I can expect if our cliet migrate over to leased-line?
  iii. If one customer is running purely on frame-relay connectivity, any difficulties will arise when they want to switch over to MPLS network?
  I still never has any hands on experience on the MPLS, that's why need to gather some info in the first place, I'm currently have a glance through those MPLS guides and configuration examples, but I knew that perhaps in real-life network, things may differs, in the meanwhile I'm studying through it, hope to gather some precious opinions. Regards

  Hello,
  Regarding answer iii: What you have to use inside the MPLS cloud is MBGP to route the customer prefixes. In your LAN however you will have an IGP like EIGRP. This means you need mutual redistribution between MBGP and your IGP. So a routing loop can occur once you have at least two pathes. An Example:
  N1-CE1 - PE1 - PE2 - CE2
  with: CE1 - PE1 using RIP, CE2 - PE2 using RIP, PE1 - PE2 using MBGP and a FR PVC between CE1 - CE2 using RIP
  This would be the case when you migrate from FR to MPLS VPN and do not shut down FR the very moment you activate the MPLS links.
  What can happen in this scenario is: CE1 is announcing Network N1 through RIP to CE2 directly over the FR PVC and also to PE1. PE1 will redistribute N1 into MBGP, send the prefix to PE2, which will redistribute N1 into RIP and send the update to CE2.
  Now depending on implementation and metrics this will result in all traffic flowing over FR or MPLS (when adjusting metrics). No major problem yet.
  The problem might occur once CE1 looses network N1. It will send an update directly to CE2 and to PE1 and a race condition exists. CE2 will still have one valid path to N1 learned from PE2 and announce this one to CE1, which will announce it to PE1 and then PE2, CE2, CE1 again and so on.
  This is an intermittend or even persistent routing loop, depending on what you have done with hop count during redistribution.
  By designing your overall routing solution carefully you can avoid this scenario.
  Hope this helps! Please rate all posts.
  Regards, Martin

• In our enterprise MPLS network we are using 192.168.20.0/24 subnet, in this subnet we have not assigned the IP 192.168.20.200/30 & 204/30, But still these subnets are reachable . Are these NNI IP ...Please explain.

  In our enterprise MPLS network we are using 192.168.20.0/24 subnet, in this subnet we have not assigned the IP 192.168.20.200/30 & 204/30, But still these subnets are reachable . Are these NNI IP ...Please explain.

  I have checked with ISP, there response is like below:
  Those are the NNI to GBNET IPs for Dominican Republic. They are Network IPs. You should be able to ping them-that means they are working.
  WANRT01#show  ip route | include 192.168.20.20
  B        192.168.20.200/30 [20/0] via 192.168.20.226, 02:18:29
  B        192.168.20.204/30 [20/0] via 192.168.20.226, 02:18:29
  Here its shows from any of our MPLS site we are able to trace the IP and it seems like, 192.168.20.204/30 is one more site but in actual its not.
  INMUMWANRT01#ping 192.168.20.205
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 192.168.20.205, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 224/232/260 ms
  INMUMWANRT01#trace              
  INMUMWANRT01#traceroute 192.168.20.205
  Type escape sequence to abort.
  Tracing the route to 192.168.20.205
  VRF info: (vrf in name/id, vrf out name/id)
    1 192.168.20.226 24 msec 24 msec 24 msec
    2 192.168.20.206 [AS 8035] 232 msec 232 msec 252 msec
    3 192.168.20.205 [AS 8035] 224 msec 224 msec *

• Ask the Expert: Hierarchical Network Design, Includes Core, Distribution, and Access

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about hierarchical network design. 
  Recommending a network topology is required for meeting a customer's corporate network design  needs in their business and technical goals and often consists of many interrelated components. The hierarchical design made this easier like "divide and conquer" the job and develop the design in layers.
  Network design experts have developed the hierarchical network design model to help to develop a topology in discrete layers. Each layer can be focused on specific functions, to select the right systems and features for the layer.
  A typical hierarchical topology is
  A core layer of high-end routers and switches that are optimized for availability and performance.
  A distribution layer of routers and switches that implement policies.
  An access layer that connects users via lower-end switches and wireless access points.
  Ahmad Manzoor is a Senior Pre-Sales Engineer at AGCN, Pakistan. He has more than 10 years of experience in first-rate management, commercial and technical skills in the field of data communication and services lifecycle—from solution design through sales pitch, designing RFPs, architecture, and solution—all with the goal toward winning projects (creating win/win situations) of obsolete solutions.  Ahmad also has vast experience in designing end-to-end data centers, from building infrastructure design to data communication and network Infrastructure design. He has worked for several large companies in Pakistan and United Arab Emirates markets; for example, National Engineer, WATEEN Telecom, Emircom, Infotech, Global Solutions, NETS International, Al-Aberah, and AGCN, also known as Getronics, Pakistan.
  Remember to use the rating system to let Ahmad know if he has given you an adequate response. 
  Because of the volume expected during this event, Ahmad might not be able to answer every question. Remember that you can continue the conversation in the  Solutions and Architectures under the sub-community Data Center & Virtualization, shortly after the event. This event lasts through August 15, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Dear Leo,
  We are discussing the following without any product line, discussing the concept of hierarchical design, which will help you to take decision which model is better for you Two Layer or Three Layer hierarchical model.  
  Two-Layer Hierarchy
  In many networks, you need only two layers to fulfill all of the layer functions—core and aggregation
  Only one zone exists within the core, and many zones are in the aggregation layer. Examine each of the layer functions to see where it occurs in a two-layer design:
  Traffic forwarding—Ideally, all interzone traffic forwarding occurs in the core. Traffic flows from each zone within the aggregation layer up the hierarchy into the network core and then back down the hierarchy into other aggregation zones.
  Aggregation—Aggregation occurs along the core/aggregation layer border, allowing only interzone traffic to pass between the aggregation and core layers. This also provides an edge for traffic engineering services to be deployed along.
  Routing policy—Routing policy is deployed along the edge of the core and the aggregation layers, generally as routes are advertised from the aggregation layer into the core.
  User attachment—User devices and servers are attached to zones within the aggregation layer. This separation of end devices into the aggregation permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, it is best not to mix transit and destination traffic in the same area of the network.
  Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the aggregation layer. You can also place traffic admittance controls at the aggregation points exiting from the aggregation layer into the core of the network, but this is not common.
  You can see, then, how dividing the network into layers enables you to make each layer specialized and to hide information between the layers. For instance, the traffic admittance policy implemented along the edge of the aggregation layer is entirely hidden from the network core.
  You also use the core/aggregation layer edge to hide information about the topology of routing zones from each other, through summarization. Each zone within the aggregation layer should have minimal routing information, possibly just how to make it to the network core through a default route, and no information about the topology of the network core. At the same time, the zones within the aggregation layer should summarize their reachability information into as few routing advertisements as possible at their edge with the core and hide their topology information from the network core.
  Three-Layer Hierarchy
  A three-layer hierarchy divides these same responsibilities through zones in three vertical network layers,
  Traffic Forwarding—As with a two-layer hierarchy, all interzone traffic within a three- layer hierarchy should flow up the hierarchy, through the layers, and back down the hierarchy.
  Aggregation—A three-layer hierarchy has two aggregation points:
  At the edge of the access layer going into the distribution layer
  At the edge of the distribution layer going into the core
  At the edge of the access layer, you aggregate traffic in two places: within each access zone and flowing into the distribution layer. In the same way, you aggregate interzone traffic at the distribution layer and traffic leaving the distribution layer toward the network core. The distribution layer and core are ideal places to deploy traffic engineering within a network.
  Routing policy—The routing policy is deployed within the distribution layer in a three- layer design and along the distribution/core edge. You can also deploy routing policies along the access/distribution edge, particularly route and topology summarization, to hide information from other zones that are attached to the same distribution layer zone.
  User attachment—User devices and servers are attached to zones within the access layer. This separation of end devices into the access layer permits the separation of traffic between traffic through a link and traffic to a link, or device. Typically, you do not want to mix transit and destination traffic in the same area of the network.
  Controlling traffic admittance—Traffic admittance control always occurs where user and server devices are attached to the network, which is in the access layer. You can also place traffic admittance controls at the aggregation points along the aggregation/core edge.
  As you can see, the concepts that are applied to two- and three-layer designs are similar, but you have more application points in a three-layer design.
  Now the confusion takes place in our minds where do we use Two Layer and where the Three layer hierarchical model.
  Now we are discussing that How Many Layers to Use in Network Design?
  Which network design is better: two layers or three layers? As with almost all things in network design, it all depends. Examine some of the following factors involved in deciding whether to build a two- or three-layer network:
  Network geography—Networks that cover a smaller geographic space, such as a single campus or a small number of interconnected campuses, tend to work well as two-layer designs. Networks spanning large geographic areas, such as a country, continent, or even the entire globe, often work better as three layer designs.
  Network topology depth—Networks with a compressed, or flattened, topology tend to work better as two-layer hierarchies. For instance, service provider networks cover large geographic areas, but reducing number of hops through the network is critical in providing the services they sell; therefore, they are often built on a two-layer design. Networks with substantial depth in their topologies, however, tend to work better as three-layer designs.
  Network topology design—Highly meshed networks, with many requirements for interzone traffic flows, tend to work better as two-layer designs. Simplifying the hierarchy to two levels tends to focus the design elements into meshier zones. Networks that focus traffic flows on well-placed distributed resources, or centralized resources, such as a network with a large number of remote sites connecting to a number of centralized Data Centers, tend to work better as three-layer designs.
  Policy implementation—If policies of a network tend to focus on traffic engineering, two-layer designs tend to work better. Networks that attempt to limit access to resources attached to the network and other types of policies tend to work better as three-layer designs.
  Again, however, these are simple rules of thumb. No definitive way exists to decide whether a network should have two or three layers. Likewise, you cannot point to a single factor and say, “Because of this, the network we are working on should have three layers instead of two.”
  I hope that this helps you to understand the purposes of Two Layer & Three layer Hierarchical Model.
  Best regards,
  Ahmad Manzoor

• Office network design ideas..

  Hey all, we are upgrading to a Cisco network and wanted some input on our possible network design...
  Currently we have:
  A Juniper SSG 140 and IDP for our firewall and IDS
  3com (layer2/3) switches for our desktops
  2 Dell PowerConnect 5424 switches for our servers and firewalls
  2 Dell PowerConnect 5424 switches (separate network) for our SAN/VM hosts
  This is what we are thinking of for our next solution
  ASA 5512 for our firewall (I read we could possibly get a 25% performance speed improvement for user VPN connections?)
  2 WS-C3750x-48t-e (I think this does Layer 2/3) for our desktops
  2 WS-C3750x-48t-e for our firewalls/servers
  2 WS-C3750x-24P-L for our SAN/VM hosts
  The problem is different network services providers who are going to implement this for us are giving us different solutions
  Some desktop 3560X for desktops and 4948 for servers and others are telling me 3750x for desktops and Nexus 3048 switches for SAN
  Some are telling me we can keep SAN+VM+core traffic on the same switches and just separate them with VLANs while others are telling me we should get separate switches for them
  Basically, we just want a improved improvement with better PERFORMANCE and REDUNDANCY (esp with our core + SAN/VM traffic) without going overboard and spending a ton of money
  More thoughts:
  We need Layer 2/3 switches for core + SAN
  Do we need 10G ports?
  Let me know your thoughts...

  Hi There,
  the hardware selection actually depends on the network/site topology, number of users, traffic load and more other factors
  this is for IP network, for SAN do you mean iscsi, FCoE or pure FC SAN because these are different things and may change the HW selection,
  in general 3560 are good fro access switches and 3750 provide same capabilities with improved performance and support for swtckwise ( 3750 is a good option especially if you planing to stack them )
  for L3 it is supported on both but consider the license/image you buy with regard to the features you need
  nexus for Data center switch are the best as they are design for data center switching however you need to know, port density, 1G or 10G, do you need any FC SAN, DC load/capacity, any L3 function is required and future growth then you can decide if Nexus 3K or 5K is good for you or not
  N5K
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/data_sheet_c78-618603.html
  N3K
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps11541/at_a_glance_c45-648255.pdf
  if yo have a network topology with more details of what you need, post it here for more discussions
  hope this help
  if helpful rate

• Path Selection for Routes Across MPLS Network

  Customer hub site has two CE routers with two links connected to two seperate PE routers in the Carrier's MPLS network. At the customer's remote site one CE router on a single link is connected to PE router in MPLS network.
  How can I configure the CE routers at the hub site to advertised the same network across the MPLS network to the CE router at the remote site? Also, how can I configure the CE router at the remote site to select on of the router as the primary and the other as secondary? Can I use local-preference on the CE router at the remote site to selected on path over the other.
  I'm not sure if this makes any sense. Any help will be appreciated. Thanks

  Even with multiple RDs for VRFs belonging to the same VPN, you still need IBGP multipath, correct? Multiple RDs is just to get around the RR restriction.
  Also, you posted this message a while back:
  "If you have many VPN customers all using the same addresses (most likely rfc1918), the fact that they have different RDs and that the PE prepends the RD to the prefixes exchanged between PEs will make the same prefixes different in the MPLS VPN core
  cust1 advertises 192.168.1.0/24 with RD 1:1 therefore
  VPNv4 prefix is 1:1:192.168.1.0
  cust2 advertises 192.168.1.0/24 with RD 1:2 therefore
  VPNv4 prefix is 1:2:192.168.1.0"
  My test lab does not support the IBGP multipath command, and thus even with different RDs, it still only installs one best path.
  I understand that RD = make unique VPNv4 routes in SP space, and that RT = what to import into the VRF. However, I am having a hard time visualizing the scenario with mutiple RDs for the same VPN for load balancing purposes. I am trying to understand the logic behind it.
  Per your example, if both 1:1 and 1:2 are received by the remote PE, assuming IBGP multipath is enabled, why would the remote PE load balance between the two links? Why would it assume that the hub subnets are reachable via two different PEs, and that it's not two different, isolated VPNs altogether?
  Is it b/c you imported both 1:1 and 1:2 into a VRF at the remote PE?

• Need help on network design

  Hi guys.
  Looking for some advice on a network design.
  Please tell me what you think may or may not be wrong or missing.
  Here are the details:
  The user count is approximately 600 (desktops, laptops and Cisco IP phones) with two locations (office and data center) connected via 100Mbps guaranteed MAN line with site-to-site VPN as backup.
  Servers will all be in the Data Center.
  Edge routers to be used as site-to-site VPN connection point between office and data center.
  Edge router at data center also to be used to connect to 4 other remote sites.
  Edge networks (router and ASA) will be used to provide internet access to equipment at their respective locations. (No routing across MAN for internet access)
  Cisco 4510 to be used as user switches.
  Supervisor engines will be connected via 10G fiber to core switches.
  There will be 2x 10G connection for each supervisor module.
  Core switches are 4500x to be stacked via VSS using 10G Twinax cables.
  Core switch will also have 1G copper sfp to connect to MAN line hand-off.
  There will also be a physically (for the most part) segregated network using 3750x 
  switches that connect back to the core. We will use 1G Fiber connections.
  Here is the current kit list:
  Office Network Edge
  1x Cisco 3925 Router to connect to internet and vpn tunnel endpoint (CISCO3925-HSEC+/K9)
  1x 2GB RAM upgrade for Cisco Router (MEM-3900-1GU2GB)
  1x 1GB Compact Flash for Cisco Router (MEM-CF-256U1GB)
  1x ASA Firewall w/ IPS  (ASA5525-IPS-K9)
  Office Network Core
  2x 4500X 32 Port Switches (WS-C4500X-32SFP+) w/ IP Enterprise License
  2x 1GB Fiber SFP module per 4500X switch to connect to 3750x  (GLC-SX-MMD)
  2x 10GB TwinAX cables to stack 4500x switches together (SFP-H10GB-CU1M)
  8x 10GB Fiber SFP+ module to connect to 4510 Sup Engines (SFP-10G-SR))
  1x 1GB Copper SFP to connect to MAN circuit hand-off (GLC-T)
  1x 1GB Copper SFP to connect to ASA firewal (GLC-T)
  Distribution
  4x Catalyst 4510R+E Switches (WS-C4510R+E) w/ IP Base License
  2x Supervisor 8-E per 4510 switch (WS-X45-SUP8-E)
  8x 48-port PoE module per 4510 switch (WS-X4748-UPOE+E)
  4x 10G Fiber SFP+ module per 4510 switch (SFP-10G-SR)
  1x 2GB SD Memory card per Supervisor Engine (SD-X45-2GB-E)
  Office Network Segregated
  4x 3750X 48-port PoE Switches (WS-C3750X-48P-L) LAN Base License
  1x 1G Fiber SFP module per 3750x switch (GLC-SX-MMD)
  1x Slot module per 3750x to connect 1GB SFP modules (C3KX-NM-1G)
  Data Center Edge
  1x Cisco 3925 Router to connect to internet and vpn tunnel endpoint (CISCO3925-HSEC+/K9)
  1x 2GB RAM upgrade for Cisco Router (MEM-3900-1GU2GB)
  1x 1GB Compact Flash for Cisco Router (MEM-CF-256U1GB)
  1x ASA Firewall w/ IPS  (ASA5525-IPS-K9)
  Data Center Core
  2x 4500X 32 Port Switches (WS-C4500X-32SFP+) w/ IP Enterprise License
  2x 10GB TwinAX cables to stack 4500x switches together (SFP-H10GB-CU1M)
  3x 10GB Fiber SFP+ modules per 4500X switch to connect to 3850 switches (SFP-10G-SR)
  1x 1GB Copper SFP to connect to MAN circuit hand-off (GLC-T)
  1x 1GB Copper SFP to connect to ASA firewall (GLC-T)
  1x 1GB Copper SFP to connect to segregated ASA (GLC-T)
  Data Center Distribution
  6x 3850 24-port PoE Switches (WS-C3850-24T-S) IP Base License
  1x Slot module per 3850 switch to connect 10GB SFP+ modules (C3850-NM-2-10G)
  1x 10G Fiber SFP+ module per 3850 switch (SFP-10G-SR)
  Data Center Segregated
  1x Cisco 2951 Router to connect to internet and vpn tunnel endpoint (CISCO2951/K9)
  1x ASA 5512-X (ASA5515-K9)
  Attached diagram is just a draft.

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  A 39xx is underpowered if you want to support gig VPN tunnel.
  If your MAN is 100 Mbps (possibly "light" for 600 users), I would suggest running your port at 100 Mbps, not gig.  (This because LAN switches don't shape, and may not be able to "see" congestion or drops within the MAN.)
  You user edge (the 4500s) will be L2 or L3.  If the latter, I would recommend not using a VSS core.
  I would recommend not using the same Internet connection for both general Internet access and VPN.

• L3 mpls network with out P router, all PE to PE plus daisy chainging

  Guys, is it possible to run a core l3 MPLS network over 7600s and 3800s with out any P routers? The reason i aak is because of the particular situation where we will have to daisy chain PE routers due to lack of fiber.
  any thoughts?

  As martin says absolutley limited problems with this it will work a charm UNTIL yo urun into scaling issues. You are daisy chaining all the PEs which would also suggest to me that you are daisy chaining your RRs. In an mpls network the RR's have enough state to handle to keep them busy enough without also having to deal with passing labels about the network. Also you will have any cisco account team breaking down your door putting the fear of god into you for not having at least 2 P routers ;-). So yes you can indeed run it like you say but the lifetime of your network will be very limited indeed. If your not an SP then dont be concerned - unless you are an enterprise with 10000000s routes then id start to worry. Oh they (cisco) also state that PEs also have enough to do in their life without passing labelled packets about the place. sit and think about what your poor PE is having to do daily it could be 100 vrfs routing tables, which in turn means layer 3 lookups to find out where the packet has to go, qos, multicast, bgp, ospf, rip, eigrp, your own internal IGP, TE tunnels, RSVP - this poor router has enough to do without also adding transit traffic. ;-)

• Equivalent for an "IP accounting" in MPLS Network

  Do we have an equivalent for an IP accounting in an interface in MPLS network. I would like to know this to identify traffic flowing across a WAN interface which is being tag/label switched

  Thanks gopal. However this command "show tag-switching forwarding table" did not help me find a host in a network choking up the WAN link. I heard from one of the cisco reps saying cisco is releasing an IOS to do this in Feb. I hope that helps.

• VOIP MPLS network only 40-50% utilized

  We are in the process of upgrading our bandwidth at our branch locations into 3 Mbps MPLS networ and we only run Citrix traffic and IP Voice (Interoffice calls) from our Branch locations into our HQ.
  We expect Bandwith utilization to typically max out at 1.6 MBPS. Do you think we need to configure QoS for the voice traffic since the circuit will only be 40-50 percent utilized? My thinking was why should I configure QoS if the bandwidth is only at 40 - 50 percent. The voice traffic should have enough bandwidth to communicate over the wire.
  Is my thinking correct or should I configure QoS across this MPLS network? If I should confiure QoS what type do you recommend.
  Any responses are greatly appreciated

  Hi,
  I would configure QoS, because there are not only sunny days in life ...
  What if you catch Nimda version 7.2beta, i.e. the newest worm out there trying to blast any valid IP in your network? I would not want to explain to my CEO why we lost telephony as well ...
  So on a more technical level: QoS is needed to do resource management. As such you are right in that QoS is not needed if you have enough resources. Yet, who can guarantee this in an IP network at any point in time? I would put it QoS just as an insurance though it would not be needed during normal operation.
  Saying this I might add that this is the appropriate usage anyhow, as QoS will not solve issues arising from constant lack of bandwidth. Queueing is meant to handle exceptions. There is always the possibility of the unforseen.
  Hope this helps! Please rate all posts.
  Regards, Martin

• Running Large Backups over an MPLS Network

  We are opening up a second data center at my organization. The location is about 60 miles from our primary data center.
  At our primary data center we use an MPLS network for our WAN. We have ll remote locations on our WAN and we have a DS-3 that connects to our primary data center.
  At our new second data center we will connect it to the MPLS network.
  Do you think we should run our backups between the 2 data centers across the MPLS or do you think we should order a seperate private line or ethernet type service between the 2 data centers? All back ups from our primary data center will continually move across the network to our new secondary data center.
  Do you think MPLS is a good technology to run large back ups across? Is it reliable enough

  "Do you think MPLS is a good technology to run large back ups across?"
  Sure.
  "Is it reliable enough"
  Depends more on your MPLS provider than the technology itself.
  Two issues that may be more important to you vs. how "reliable" MPLS is, might be cost of bandwidth vs. other technologies or sharing the MPLS bandwidth with non-backup applications. The latter would depend much on what QoS that might be available to you to insure your backup traffic doesn't adversely impact non-backup traffic.

• MPLS Network Backup

  We have a MPLS network between Head office & varios branch office located across the globe. Can you suggest me the best possible backup(automatic) for this MPLS? as we are facing lot of breaks/cuts in the MPLS Network.

  This is to give a fair idea.
  Pls modify the conifg to suit your setup.
  router ospf x
  router-id x.x.x.x
  network 192.168.1.0 0.0.0.255 area 1
  network 192.168.2.0 0.0.0.255 area 1
  network 192.168.3.0 0.0.0.255 area 1
  Assumption that you have Area 0 at your MPLS CE for upwards and other VPN router upwards.
  interface fa1/0
  Description Connection ot MPLS CE
  ip add 192.168.1.1 255.255.255.0
  ip ospf cost 10
  interface fa1/1
  Description Connection to Backup VPN CE
  ip add 192.168.2.1 255.255.255.0
  ip ospf cost 100
  interface vlan 10
  Description Connection to Servers Subnet
  ip add 192.168.3.1 255.255.255.0
  HTH-Cheers,
  Swaroop

• Connectivity problems on ATM MPLS network

  We have implemented a country wide MPLS network based on 8500 platforms. We have encountered some strange connectivity problems between some PE's. Without apparent reason connectivity is lost between some PEs and restored after some time. The global routing table is perfectly stable among all the routers on the path between respective PE's. Also the LVC's & TAGs are stable and practically we were unable to find any change between the working and not working state. As a curious thing, during the outage (minutes) clearing routes into a PE VRF was restoring connectivity on the respective VRF and all other VRFs on the respective PE also!
  Has enyone seeing similar problems before?
  PE routers are 3660 series and we've tried all IOS available on CCO.

  Have you made any provisioning (upgrading connectivity) bet the PEs and Ps....I suffer such a similar problem with our network PEs and I notice that this happen after provisioning links between our PEs (RPMs in MGX 8850) and the ATM LSR (BPX 8600).
  when i issue "clear ip route vrf *" or reload the RPM.....all the VRFs operate normally again.....so I get used to such a problem after any network provisioning process but still i couldn't relate this to problems with VRFs.