hello mpls engineers!

I have a complex scenario whereby requested by customer to implement based on the topology. I’m not sure whether this can be implement or not. I would like to have your opinion regarding this scenario.Herewith, I attach the network topology.

Basically, HQ, Site A, Site B, Site C are in the same vpn and it’s fully meshed. The internet connection is via HQ (ISP A). Technically speaking “default information originate” is place here. All the traffic from the site(s) to the internet must go through HQ. Before this, the server is inside HQ LAN. No issues at all

However, now they are already migrating their server into ISP B which provides MPLS/VPN and Internet Connection. By the operational nature of ISP B, for customers that have servers in the IDC, they will be routed through IDC-GW and adversite to Internet-GW and plus with Internet access through IDC.

The challenge is that, this server must be particularly available through ISP A and ISP B which mean source may come from ISP A or ISP B.

In the mean time, the server would like to be in the same VPN, but accessible to public.

My concern is that:

How do we control each site(s) going to internet must go through HQ ( via ISP A )? Since it looks like to be a multi-homing internet connection. I’m worried that each site(s) could possibly leak via ISP B.

2)Since the server in the same vpn, each site(s) should be able to go through MPLS/VPN rather than ISP A?

Need your ideas, expertise and advise how go go about this. Perhaps some of MPLS/VPN features available for these type of scenario?

Thank you very much.

Regards,

maher