Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
839
Views
0
Helpful
4
Replies

MPLS VPN design question

josephd2020
Level 1
Level 1

‎09-09-2020 12:08 AM

Hi,

I am being asked to research the best approach to solve our current problem and I was hoping I could be pointed in the right direction on what approach would be best to solve our issue. Currently, our issue is we have two data centers at two separate locations and each dc having 2 routers and a f5 cgnat box. customer traffic received routes are both ipv4 private and public addresses, if we receive private addresses, we forward these to our nat box to be translated before going out the internet, if its already public address we just send them off. the problem is our Internet routers are all load balancing meaning traffic can go out path in one dc and come back in the other dc and this causes issues. the interim solution that was put in place was the use of route policies + VRF instances to ensure that both incoming and outgoing traffic use the same path. We are thinking of moving to MPLS L3 VPN + Multiprotocol BGP for scalability and still addressing our asynchronous routing 

Labels:
Preview file
39 KB
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎09-09-2020 04:12 AM

Do you have any Firewall in the path - so aymetric routing will have problem.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

josephd2020
Level 1
Level 1
In response to balaji.bandi

‎09-09-2020 05:06 AM

No firewall, load balancing is configured for multiple paths and customer traffic can enter into any of this path, the problem is the return traffic can also go via any path back and this causes issues, I need to make sure that when a path is selected, that the return traffic still uses that path back... Can I configure MPLS L3 VPN + Multiprot Ebgp to support this requirement?
0 Helpful

Ruben Cocheno
Spotlight
Spotlight

‎09-10-2020 04:33 AM

@josephd2020 

 

never tried that scenario, but probably using BGP local pref/MED or communities should be enought to control the inbound/outbound.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
0 Helpful

jcockburn
Level 1
Level 1

‎09-13-2020 08:43 PM

Hi Guys, yes the best is to try and influence how you would want the traffic to flow by using BGP attributes. Mostly MED and AS-path-prepend used for influencing how return traffic must flow, and LocalPref (sometimes weight) for how you want exiting traffic to flow.

BGP is quite powerfull in that respect.

 

Also, your peering provider might also do funky stuff with BGP communities if used, maybe worth finding out. Also might have policies whereby if you set certain community values they might take certain actions....some ISPs does, other not...

To answer the question if L3VPN + MPLS config can work or help...answer as always...it depends

One word of advise, try and keep these things simple, as you will certainly troubleshoot in future and don't want to trace through multiple leaked routes etc

Hope this helps

0 Helpful
Customers Also Viewed These Support Documents