(Switched CCO accounts)

I have multiple sites spread across a WAN that all peer to each other and a 7206 at a NOC. Between each BGP peer is a layer3 packet encryptor. The manufacturers of the packet encryptor advertise that their product will preserve the MPLS header information. The network is statically configured in a full mesh that uses standard BGP used to exchange routes. I want to implement MPLS and route reflectors and ditch the staticly created full mesh so that the design becomes easier to manage as the network grows. MPLS works in my lab as long as all egress interfaces are on the same subnet. Once I put the hop in the middle, the model breaks. I have tag switching in place on all egress interfaces. Thanks.

Any reason you need MPLS in this scenario? Are you running MPLS VPN or some other form of MPLS service?

For MPLS to work, you need all L3 devices in the path to participate in the label exchange. If one device doesn't support MPLS/LDP, the workaround would be to run a GRE tunnel across it and to configure LDP on the tunnel.

Hope this helps,

All routers are PE or P....no CE routers. There are only CE interfaces connecting to customer workstations/phones off of PE routers...that is why we need MPLS to the site. The configuration requires a full mesh. Is there a way to dynamically create the GRE tunnels? Or do I have to manually configure a GRE tunnel from each node to each node? Thanks.

You actually could do MPLS VPN without running MPLS in the core if you wanted. This solution is called MPLS VPN over IP tunnels. The tunnels are created dynamically. It is described in the following document:

Hope this helps,

Here's the link:

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1829/products_feature_guide09186a0080227c91.html

hritter,

This looks like a good solution. I couldn't access the link btw... I found an alternative article on cisco.com. One question...can QoS be applied to multiple types of traffic while traversing the GRE tunnel? i.e. can VOIP traffic still be prioritized over data traffic as it leaves the egress interface on the PE router? Thanks. This looks like it might be what I am looking for.

I can send you a copy of the document by email if you want. As far as QOS is concerned the answer is yes since the DSCP value carried in the original IP packet is copied on the encapsulating IP packet (l2tpv3 tunnel).

Hope this helps,

hritter,

I am going to invite you over for Xmas dinner :) I believe this is excactly what I am looking for. Thank you very much for your support. Please email the document to erik@fairbanks.net. Thanks again.

Is there any hope of this feature migrating to lesser platforms any time soon? In particular, is it expected to be supported on 2800 and 3800 series routers? It would solve a dilemma I'm currently having regarding deploying MPLS in our WAN.

We might well eventually end up with MPLS anyway, for other reasons. But at the moment it would be a good point solution for some needs we currently have.

BTW, for those having difficulties accessing the linked document, you can get to it by either changing "partner" to "customer" (if you have customer-level CCO access) or by removing "partner/" entirely if you have no CCO login. This holds true for, I believe, all documents like that.

Unfortunately, this specific feature is only supported in the 12.0S train for the moment. This train doesn't support the 2800 and 3800 series.

Let me know what your requirements are and I

Yes, I knew that 12.0S did not support the 2800 and 3800s. I was just wondering if there were any plans to add support for this to, say, 12.3T for example. ;)

Anyway, what I'm trying to get done is relatively simple. I need to be able to provision MPLS VPNs across a non-MPLS backbone. A simple workaround is to just build GRE tunnels and run MPLS across them, but I was hoping for a solution that wouldn't become a configuration nightmare if we get more than a couple of sites with the same VPN. Odds are it won't end up being necessary to configure more than perhaps 3 sites with the same VPN, so I'll likely just end up doing this until (if) we transition to a full MPLS backbone.

If you have any other suggestions, feel free to chime in.

Thanks,

Brad