cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1629
Views
0
Helpful
24
Replies

Help on VPLS integration @ CE end

sateeshk10
Level 1
Level 1

Hi,

I have attched diagram for easy understand.

Service provider VPLS means think that point to point link full mesh between my locations.

option 1:

My communication should happen through HEADOFFICE only.

In future i may required comunication directly between Branchoffice also.

planning to run the EIGRP. pls provide the config for the same at all locations

Regards

sateesh

24 Replies 24

Harold Ritter
Level 12
Level 12

Sateesh,

VPLS a logical broadcast interface between all CEs. Did you mean that traffic between the branch sites need to go through the head office site or it doesn't really matter?

If you need to force all traffic through the head office then maybe point-to-point l2vpn between all the branches and the head office (hub and spoke design) would be a better fit.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi,

I spoke to SP as per them they are going to connect all the offices on single broadcast domain that what i know.

My plan is very simple:

1) At each location I am going to assign the IP where the SP interface terminated.

HQ: 192.168.1.1

BO:192.168.2.1-5.1 for all branch off and run EIGRP on all the location.

1)All BO should contact HQ like hub & spoke

2) Sometimes i need to contact to from BO trgh HQ to another BO or direct to another BO.

flow diagram:

BO-HQ-AnotherBO

BO- antoher BO directly

Regards

sateesh

Sateesh,

Why not just allowing traffic from one branch to the other directly, security?

You can't have all of the branch routers on different subnets and have them peer with yet another subnet at the hub site.

You could have several subnets configured on the hub site interface to the cloud and a different subnet at each spoke but that would still be an issue for eigrp but would work just fine with static.

The best approach would still be to have the same subnet everywhere and runn eigrp on top of it.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi,

Thanks for your Immediate reply. I am ready to any config as per your suggestion

could pls let me know the sample oonfig at HQ and BO how it would be so, that i can start working one that.

regards

sateesh

Sateesh,

You still haven't answer the question about why you need all the traffic from BO to go through HQ.

The simple approach would be to have all sites on the same subnet and to run eigrp between all of them as follow:

HQ:

int xxxx

ip address 192.168.1.1 255.255.255.0

router eigrp 1

netw 192.168.1.0

BO #1:

int xxxx

ip address 192.168.1.2 255.255.255.0

router eigrp 1

netw 192.168.1.0

BO #2:

int xxxx

ip address 192.168.1.3 255.255.255.0

router eigrp 1

netw 192.168.1.0

BO #3:

int xxxx

ip address 192.168.1.4 255.255.255.0

router eigrp 1

netw 192.168.1.0

BO #4:

int xxxx

ip address 192.168.1.5 255.255.255.0

router eigrp 1

netw 192.168.1.0

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi,

Thanks for your valuable reply.

You still haven't answer the question about why you need all the traffic from BO to go through HQ.

Ans: As my BO will always contact HQ.

If you any other solution i am ready to do as i am not getting exact idea on how to do at CE end.

On config you haven`t mentioned the any other EIGRP parameters.

On interfiace i will keep same IP as you provided.

IN EIGRP config can i gave diffrent subnets at each location or 192.168.1.0/21 and at each location one subnet like 192.168.1.0,2.0,3.0 so on.. Is it ok.

If you have any other solution pls let me know.

Regards

sateesh

Sateesh,

Thanks for the additional information. I understand now that BO to BO traffic going through HQ is not an absolute must. The configs I provided will do the job then.

Since VPLS creates a virtual broadcast media, the core facing interfaces at HQ and all BOs need to be the same subnet (192.168.1.0/24 for instance in my example). As far the other interfaces, you ca use anything you want.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi,

Now I got some idea..But still i have some concerns about config, as per your config seems to be plain config. But I need all shold communicate to HQ.

But as per your config Each location will have all the locations routes its seems to be..

Ex:

1) A,B,C,D locations connected to SP VPLs (full mesh)

2) A,B,C,D will have full routes of each location ryt

3) suppose if i want to communicate from B. It may go via C to A location(best path) like B-C-A.

4) If any body want to communicate to A he shld contact directly to A. not like B-C-A as "C" is not having enough BW for trasit.

Thanks in advance.

Regards

sateesh

Sateesh,

In the configuration I proposed, all locations will be able to access all other locations directly. The best path will always be the direct path. Is that what you meant? Is that what you want?

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi,

1)All the locaction should not communitcate.

2) All the locations should communicate HQ only directly.

3) it should not touch to BO Ex: ppl want to communicate to HQ he should communicate directly to HQ only. he shld not come via another BO to HQ.

BO- HQ directly, Not B0-B0-HQ

AS per your it seems to be it may tocuh another B0 to HQ as depends on best path. sometimes best path might be B0-B0-HQ like this.

As per the config how we will now its direct path?

Best path should be direct to HQ only..this is the requirement.

Regards

sateesh

Hi Ritter,

Awaiting for your reply.

Thanks

sateesh

Sateesh,

May I ask you again why you do not want traffic to go from one BO to the other directly? Are you going to perform any type of filtering at the HQ router?

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi,

why you do not want traffic to go from one BO to the other directly?

option1:

1)If my traffic is going trgh BO, I need to loose some BW at BO during transtion

2)B0 should not have any contact to other BO.

3) all the BO souhl communicate to HQ only there is no contact between BO`s

option2:

If I enable communication between B0`s as per our previous config. How can restrict some access..

Regrds

sateesh

Sateesh,

Also bear in mind that even if you force traffic through the HQ, you will still need to implement ACL to prevent one BOs to talk to one another.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México