Multiple Customer Default Routes over MPLS Cloud

Similar Messages

• EIGRP Routing across MPLS Cloud

  I appologize if this has been covered but I dont see any exact hits...
  We are working with our Service Provider to implement MPLS between our remote sites and main campus. We are currently using PtoP T1 in a hub and spoke model. We are running EIGRP in our entire environment.
  We would like to continue to run EIGRP in our environment but the SP does not support this protocol through the cloud. I would prefer not to introduce any new routing protocols into our environment such as BGP. (I believe SP is running BGP).
  I have read snippits that I can us e GRE tunnel between sites and send EIGRP routing updates via this tunnel.
  Can anyone support this method or are there better alternatives? If I implement GRE, I will still need to configure static routes so GRE knows how to reach the remote sites. I also cannot find any literature on how to configure GRE tunnels and use them ONLY for routing updates. I would think sending all traffic via GRE would cause additional overhead.
  I will also have a need to send Multicast traffic between sites. I have read that GRE is the way to do this. To me it seems GRE will serve dual purposes.. first to allowing Dynamic routing updates between sites and also to allow Multicast traffic.
  I appreciate any comments or suggestions!

  Hello Phil,
  using GRE tunnels to build an overlay would deny one of the greatest benefits of MPLS L3 VPN: the peer model where each CE talks only with local PE node.
  unless you have a small number of sites this approach is not recommended.
  What if a new site is added in the future? you would need to configure a tunnel GRE to the new site in each of the existing sites.
  You could run a DMVPN  ( that is to use mGRE) to solve this but it has some complexity.
  You can run BGP without using mutual redistribution: BGP allows to advertise internal networks using the network command even if they are not directly connected to the CE router but learned via EIGRP.
  So it is enough to redistribute only BGP into EIGRP by setting a default seed metric (it requires five values in EIGRP and it is necessary or redistribution will not occur)
  router bgp 65001
  neigh PE-address remote-as SP-AS-number
  network 10.10.10.0 mask 255.255.255.0
  network 10.10.20.0 mask 255.255.254.0
  no auto-summary
  ! note:if auto-summary is disabled you need to provide the exact mask / prefix length
  router eigrp 100
  redistribute bgp 65001
  default-metric 10000 1000 255 1 1500
  ! BW delay reliabilty load MTU
  Hope to help
  Giuseppe

• DMVPN Default routes (over internet and over tunnel)

  Hello all,
  I want to implement a DMVPN (using OSPF) solution in which all routers are connected to the internet and all of then have dynamic IP addresses (except hub). Because of this each router have a default gateway pointing to the ISP IP address.
  With this solution I want a spoke to skope topology and I also want all customer internet traffic to go via central site. The problem is that I need a defaut route to reach other spokes and this way traffic to internet via central site does not use the tunnel.
  Is there any feature that alow to overcome this situation?
  Regards,
  João Carvalho

  Absolutely. You can do this easily with VRF Lite. Configure a separate VRF for your customer, place the tunnel interface and the customer's VLAN into the VRF and run your OSPF process within the VRF. This allows the router's global routing table to keep a default gateway to the ISP, but lets you define the customer's default gateway as the DMVPN hub. I have a dual-hub DMVPN network with a couple of hundred sites using exactly this approach.

• FR over MPLS

  Dears,
  hope you support me understtanding the following:
  i have the following topology:
  now i need CE1 and CE2 communicate to CE3 ( CE3 connected to mpls through ethernet)  over MPLS cloud  and be aware that mpls cloud working perfectly but my head stund at how to make CE1 and CE2 connect to customer VRF  on PE router through FR switch .
  please i need your support.
  thanks in advance             

  Check whether you have enabled IP CEF .
  ip cef distributed !
  CEF switching is pre-requisite for label Switching frame-relay switching
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800ca6ce.html

• Cell-relay over MPLS using MGX 8850

  we have existing ATM network using TDM links between MGX 8850 & have PVCs for voice & data traffic. We are planning to migrate the same over MPLS network
  following is the setup.
  MGX1----> PE1 ------>MPLS Cloud ------> PE2 ---->MGX2
  As per this plan we will terminate existing TDM trunks to PE routers at both the end & map VPI/VCI values at PE routers for virtual ATM pvcs over MPLS cloud.We are using cell-relay over MPLS with VC mode. My query is, can we enable MPLS L3 & L2 on the same last mile in this scenario? We want to have one IP over ATM interface on same ATM interface at PE router & make that part of VRF & enable L3 MPLS VPN between all the sites for any to any data transfer. For data we don't want to use L2 MPLS as its any to any & it will end up with too many ATM PVCs.
  In this setup PE router & MGX will be configured in NNI-NNI at both end. If we want to create one sub-interface at same ATM interface at PE router end, then that port need to be in UNI. Is it possible to use same ATM trunk port as NNI & UNI?
  In MGX 8850 we have RPM,AXSM & VISM modules.

  the following document should give you some idea,
  http://www.cisco.com/en/US/products/hw/modules/ps2797/products_module_installation_guide_chapter09186a0080086f9a.html

• OSPF prefer learned route over local

  Hey
  I am deploying a new VPLS between 8 offices. The plan in to have all the offices get internet access through the main office. So basically all the satellite offices will only have access to the VPLS WAN link. The main office will advertize a default route to the rest of satellite offices over OSPF.
  Each office currently has its own internet connection. I would like to maintain each office's internet connection until we have completed deployment of the VPLS and have thoroughly tested it.
  So my question is this. How to i configure OSPF to prefer the learned default route, over the default route it has statically configured?
  thanks for your help
  Dan

  Dan
  Without knowing the full topology it's difficult to say for sure but as a general answer you can't really.
  Even if you tried to set the AD of OSPF to be the same as the static route, which I'm not sure would be a good idea, the locally configured static would have a better metric.
  I think you are basically going to have to test by advertising out the default route via OSPF, making sure it is in the OSPF database at each site and then remove the locally configured default to test internet connectivity via your main branch.
  Or you could try using PBR to bypass the routing table which would allow you to test central internet connectivity but it doesn't confirm your OSPF routing is working properly.
  Jon

• Is it recommended to use HSRP or multiple default between Core Layer Switch and Customer Edge Router?

  My client is asking me for following
  Client is using Router as edge device. 2  WAN links from different service provider ( each 20 Mbps)  are getting terminated on the router. There are internal servers present in the network. Client want to make setup such that even if one wan link fails  internet users should be able to access web server. Moreover if the edge router fails there should be secondary edge device so that there is device redundancy ?
  As per my understanding, in this scenario we need to do static one - to - one natting(belonging to WAN interface subnet). If we use two routers as Customer edge ans if we connect core layer switch to these two router, is it recommended to use HSRP/VRRP/GLBP or two default route on core switch pointing to two routers with equal ad value. we will also track the wan link with help of ip sla.
  which is recommended solution  Router redundancy protocol or Default routes.?

  Just had another read of this post and some other points have come up.
  1) I assumed your secondary link was for redundancy but you talk about terminating both SP links on the same router in your first paragraph.
  Did you mean this or are you going to be terminating a link per router ?
  2) are you using the second router purely for backup ?
  3) something you didn't ask about but is relevant is the IP addressing. Are you using provider independent addressing or does each SP provide you with an address block.
  If it is the second then you are going to have an issue with the web server. The problem is which provider's IP do you use for the web server ie.
  if you use the primary provider IP then that will be the DNS record on the internet. If the primary router fails then the IP address will change on the secondary router but DNS will still be handing out the primary IP.
  If you enter both IPs (primary and secondary) into DNS then you would get load balancing but this means both links will be used and the secondary would not just be backup.
  In addition if one of the links fails then DNS does not know this so it will still be handing out the failed address as well as the address that is still up which means some connections will work and some won't.
  Jon

• Inject BGP Default Routes into Multiple VRF before Best Path Selection

  Hello, 
  I have the following setup:
  Multiple Border Routers with eBGP sessions to external AS. We receive a default route from this multiple AS to keep the Table manageable. We noticed an important part of our traffic was been SW routed instead of CEF when we had the Full Internet table. Router Resources came to the ground when we changed to a default. 
  Now I want to separate this default routes into different VRF. Attached is the Diagram. 
  My question is,  the multiple default route all go into the BGP Table. The BGP table then select the best route and place it on the RIB and then to the FIB. 
  I want to redistribute the different Route on the BGP table prior to the Best path selection algorithm and placed on the RIB. 
  How can I achieve this?

  Hi,
  Redistribution of multiple routes to same prefix is not possible. Even if you have configured BGP multipath and all different bgp routes got installed into routing table, during redistribution only route will be redistributed. 
  Also would like to understand the requirement of redistributing multiple BGP routes in to IGP. As per your diagram, 3 different eBGP sessions are on three different routers, so you can prefer eBGP route over iBGP received from other routers and can distribute eBGP route to IGP from each router. Thus you will have three different default routes in to IGP in core.
  Please don't forget to rate this post if it has been helpful
  - Akash

• Creating a default route "shared" among multiple tenants?

  Hi!
  I'd like to ask if it's possible to create a default route to an external L3 network that can be shared by multiple tenants?
  I've tried various methods such as creating the External Routed Network under the Common tenant, but I was unable to see how it could work. Usually, for external layer 3 access within a tenant, a contract would be created between the external routed network and the desired EPG, but across tenants, I couldn't find a way to create a contract between the external routed network in the Common tenant and the EPG in another tenant.
  Could someone walk me through the steps to do this? Or do I really have to create a separate External Routed Network for the default route for every single tenant?
  In addition, my understanding of the "Common" tenant seems to be quite sketchy even after reading the documents; I'm not quite sure what exactly is shared by this tenant, or how we could use this tenant to provide shared services to other tenants. If anyone could give a quick run-down on how we could use the Common Tenant, that would be really fantastic.
  Thank you!

  Hello again,
  At this time, if I'm not mistaken, the only way to accomplish this is to have All the BDs in the common tenant/VRF and the EPGs in the particular user tenant where they belong. Since you are still using only 1 VRF (the common tenant) the contract between the L3 out in common to the EPGs in user defined tenants can be a standard "private network" scope contract. 
  The other option if having the BDs in common is not an option, is to have an external L3 per tenant. 
  I tried the recreate over the weekend and was also unsuccessful in find a loophole. I thought i could implement an exported contract interface for inter tenant communication between an external epg and a user defined tenant/epg but it did not work. 
  Hope this helps. 

• Injecting Global default Routes into a MPLS VPN

  Hi,
  I have a PE router running MPBGP which receives two default routes to the internet through an IPV4 BGP session. I need to import these routes in to a VRF and export them to different customer VRFs so that these VRFs are able to access Internet.
  I have used the feature called "BGP Support for IP Prefix Import from Global Table into a VRF Table" (URL:http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00803b8db9.html#wp1063870)
  and imported these routes into a VRF.
  The issue is these routes are not propagated to any of the other PE routers which has customer VRFs configured.
  Has anybody tried this or a similar method to inject a dynamic default route into a MPLS VPN.
  Any suggestions would be highly appreciated.
  Thanks
  Subhash

  Hi Subhash,
  is there anything preventing you from terminating your internet BGP sessions in a VRF? Then everything should go smoothly, i.e. standard VRF import/export.
  So possibility A) create a VRF Internet, move bgp neighbor commands there and use filters preventing anything but the default route, then use route targets to distribute the default route into other VRFs.
  Possibility B) use static routing with packet leaking. Could look like this:
  ip route vrf Internet 0.0.0.0 0.0.0.0 global
  ip route vrf Internet 0.0.0.0 0.0.0.0 global 250
  ip route Serial0/0 !assuming this is where the customer router connects.
  Note: the BGP peer IP does not have to be directly connected! There has to be a LDP label for it though. so include your BGP peers network into your IGP and the backup will work, when you loose the link to the peer.
  Hope this helps! Please rate all posts.
  Regards, Martin

• Distribution of default route of four different ISP in a WAN MPLS

  We´ve a MPLS Network, there is a vrf, the Green vrf, in wich are the users, now we are going to have four connections to internet in each one we are going to be receiving the default route, but we want to control the use of that connections, so if you are an user in one PE your default route must be provided depending on the region in wich you are. We´ve route reflectors.
  How can we make the distribution of the default route depending of the region in wich the user is, such that the PE_11 gets his default route from the PE_ 1 and not from the PE_3, and the users in the PE_13 gets his default route from the PE_3 and not from the PE_5.
  If we put the four defaults route in the vrf green an let bgp works, the route reflectors are going to distribute de best route that they learn, so will be only one ”best” default route out of the four we are having, and we need to balance the traffic.
  How can we solve this?
  The equipment involved is 7613 with IOS 12.2(33)SRD3

  Hello.
  If your PE_1, PE_5, PE_6 and PE_3 use different RD for the vrf, RR would reflect all the "default gateways" as they are different in terms of VPNV4 prefix.
  So, now you need a solution to prefer one PE over another. The best would be to use communities, like:
   PE_1 - injects 1:1
   PE_3 - injects 1:3
   PE_5 - injects 1:5
   PE_6 - injects 1:6
  Now regions could have following routing policy:
   if community matches 1:1 then
     set local-pref 140
   elseif community matches 1:3 then
    set local-pref 130
  Per region you would assign high LP for "closer" exit-point.
  Now you have typical configuration per region and failover mechanism between them all.

• Setting The Default Route in a Jumpstart Install with Multiple Interfaces

  Greetings,
  I'm performing a Jumpstart install on a SPARC v240 server, which has multiple network interfaces. I'm trying to configure all of the interfaces as part of the Jumpstart setup. However, Jumpstart doesn't like the default route that I'm supplying. If I add the default_route parameter anywhere but under the first interface, Jumpstart complains that the default route is missing (by making me add it after it dumps out to the suninstall screens. If I add the default route under the first interface, Jumpstart dumps me to the suninstall screen which says that the route could not be added.
  What am I doing wrong ? Am I trying to get Jumpstart to do something that it won't do ?
  Here is my sysidcfg file. The file shown below will cause Jumpstart to dump to the suninstall screen, which will indicate that the route cannot be added:
  Please wait while the system information is loaded... /
  Please wait while the system is configured with your settings...
  The route provided could not be added at this time. If you wish to accept the
  route provided, press 'Accept' and the address will be added for reboot,
  otherwise press 'Cancel' and provide another address.
  1. Accept
  2. Cancel
  Enter the number corresponding to your choice [1]
  Here is the sysidcfg file:
  name_service=NONE
  network_interface=bge0
  {hostname=conwe125
  ip_address=10.15.8.122
  netmask=255.255.0.0
  default_route=158.73.175.254
  protocol_ipv6=no}
  network_interface=bge1
  {ip_address=10.15.9.122
  netmask=255.255.0.0
  protocol_ipv6=no}
  network_interface=bge3
  {ip_address=158.73.175.117
  netmask=255.255.0.0
  protocol_ipv6=no}
  network_interface=ce0
  {ip_address=10.16.0.208
  netmask=255.255.0.0
  protocol_ipv6=no}
  network_interface=ce3
  {ip_address=158.73.175.118
  netmask=255.255.255.0
  protocol_ipv6=no}
  root_password=5Z5XTytD2Eddo
  security_policy=NONE
  terminal=vt100
  system_locale=en_US.ISO8859-1
  timezone=US/Eastern
  timeserver=localhost
  Thanks In Advance,
  Chris Hanrahan

  That sysidcfg seems a bit odd anyway, have you by any chance put the different interfaces of your jumpstart server into it? Normally you won't need to specify a default router since the jumpstart will figure it out anyway.. Does your jumpstart server have an interface on each network you want to jumpstart?
  7/M.

• Response Groups - Duplicate "Built In" Services - Multiple Default Routing Endpoints

  Hello,
  I have a Lync 2013 deployment that has been migrated from OCS 2007, to OCS 2007 R2, to Lync 2010, and now to Lync 2013. I am including that information as that may be important for the following discussion.
  When the Response Group Service starts, it logs four error messages which I will place at the bottom of this post. The error messages point to duplicate routing endpoints for the same service. Upon review, it appears to me that I have duplicates of the following
  two services, when I look up the below SIP addresses with Get-CSApplicationEndpoint.
  Announcement Service
  RGS Presence Watcher
  My guess is that during one of these migrations, we ended up with a duplicate service. The problem is - how do I get rid of the duplicate, and how do I know which is the duplicate and which I want to keep? Error messages below.
  Lync Server 2013, Response Group Service was not able to establish the application endpoint.
  The following exception occurred when establishing application endpoint associated with 'sip:RtcApplication-9ebda80c-12e1-4db6-b5f3-f0dc9585ad4d@<scrubbed>.com': System.InvalidOperationException - The ChannelDispatcher at 'net.tcp://<server scrubbed>:8404/'
  with contract(s) '"IAgentSignInOut", "IMatchMaking"' is unable to open its IChannelListener..
  Cause: Failed to connect to Front End server or the Front End server is misconfigured.
  Resolution:
  Check the Front End server for errors.
  Application endpoint for Contact object cannot be created.
  The following exception was thrown during application endpoint creation for Contact object 'sip:RtcApplication-8e1e15ac-09d4-4271-b961-6757feabd621@<scrubbed>.com'. The Response Group associated with this endpoint will not be available.
  Exception: System.ArgumentException - Only one default routing endpoint is allowed per platform. The platform already contains a default routing Endpoint.
  Inner Exception: ~
  Cause: Networking problems with the Front End server, or Front End server configuration problems.
  Resolution:
  Check for eventual SIP errors on the Front End servers.
  Lync Server 2013, Response Group Service was not able to establish the application endpoint.
  The following exception occurred when establishing application endpoint associated with 'sip:RtcApplication-11e8fb5c-9847-460c-9e60-0f34834f8b37@<scrubbed>.com': System.InvalidOperationException - The ChannelDispatcher at 'net.tcp://<scrubbed>:8404/'
  with contract(s) '"IAgentSignInOut", "IMatchMaking"' is unable to open its IChannelListener..
  Cause: Failed to connect to Front End server or the Front End server is misconfigured.
  Resolution:
  Check the Front End server for errors.
  Application endpoint for Contact object cannot be created.
  The following exception was thrown during application endpoint creation for Contact object 'sip:RtcApplication-1c871209-add1-40a6-87bb-07884eb879b5@<scrubbed>.com'. The Response Group associated with this endpoint will not be available.
  Exception: System.ArgumentException - Only one default routing endpoint is allowed per platform. The platform already contains a default routing Endpoint.
  Inner Exception: ~
  Cause: Networking problems with the Front End server, or Front End server configuration problems.
  Resolution:
  Check for eventual SIP errors on the Front End servers.

  Hi,
  Have you reviewed this blog? You may check the ownerpoolID in rgsconfig database.
  http://blog.lync2013.org/tag/lync/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Load balancing using multiple default routes

  Hi Guys,
  I just want to ask does creating multiple default routes on my router provides load-balancing on my WAN side? As far as i know, for example if I have two default routes on my router and let say I have two users connecting to the internet, the first one might go to the first WAN link while the second user might go to the second WAN link.
  Thank you so much
  Rex

  there are the difference between, load balancing and load sharing..which we need to understand.
  load sharing means you have 2 users, user A and User B, user A wants to use ISP1 and user B wants to use ISP2. this is called load sharing. and can be achieved via PBR (Policy based routing).
  we should not try to use load balancing for Internet traffic with 2 different ISPs.

• Path Selection for Routes Across MPLS Network

  Customer hub site has two CE routers with two links connected to two seperate PE routers in the Carrier's MPLS network. At the customer's remote site one CE router on a single link is connected to PE router in MPLS network.
  How can I configure the CE routers at the hub site to advertised the same network across the MPLS network to the CE router at the remote site? Also, how can I configure the CE router at the remote site to select on of the router as the primary and the other as secondary? Can I use local-preference on the CE router at the remote site to selected on path over the other.
  I'm not sure if this makes any sense. Any help will be appreciated. Thanks

  Even with multiple RDs for VRFs belonging to the same VPN, you still need IBGP multipath, correct? Multiple RDs is just to get around the RR restriction.
  Also, you posted this message a while back:
  "If you have many VPN customers all using the same addresses (most likely rfc1918), the fact that they have different RDs and that the PE prepends the RD to the prefixes exchanged between PEs will make the same prefixes different in the MPLS VPN core
  cust1 advertises 192.168.1.0/24 with RD 1:1 therefore
  VPNv4 prefix is 1:1:192.168.1.0
  cust2 advertises 192.168.1.0/24 with RD 1:2 therefore
  VPNv4 prefix is 1:2:192.168.1.0"
  My test lab does not support the IBGP multipath command, and thus even with different RDs, it still only installs one best path.
  I understand that RD = make unique VPNv4 routes in SP space, and that RT = what to import into the VRF. However, I am having a hard time visualizing the scenario with mutiple RDs for the same VPN for load balancing purposes. I am trying to understand the logic behind it.
  Per your example, if both 1:1 and 1:2 are received by the remote PE, assuming IBGP multipath is enabled, why would the remote PE load balance between the two links? Why would it assume that the hub subnets are reachable via two different PEs, and that it's not two different, isolated VPNs altogether?
  Is it b/c you imported both 1:1 and 1:2 into a VRF at the remote PE?