cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4331
Views
10
Helpful
8
Replies

MPLS vs normal ipsec or gre vpn

hromano2087
Level 1
Level 1

Greetings to all.

I am trying to deterjine whether ee actually need mpls between offices or if normal vons would suffice.

Our corporte site holds apps that users access through remote desktop servers, needing only print jobs to send to their printers.

The offices rarely transfer traffic between them, so 90% of the traffic or more is what i peeviously mention.

We have 7 sites conecting to the main corporate site where we have our servers.

Her in mexico MPLS is extremely expensive, through our ISP TELMEX.

Can someone please recomend a solution that would suffice this such as a normal E1 (in mex we dont use T1) with IPSEC or GRE. Basically can someone tell me if its worth us paying more than twice as much for MPLS for the use we have through it?

Thank you

Sent from Cisco Technical Support iPhone App

8 Replies 8

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

I've found properly configured tunnels (e.g., GRE, GRE/IPSec, VTI, mGRE, DMVPN) across the Internet almost as effective as any dedicated private WAN cloud technology.

Thanks all for your comments :)

hromano2087
Level 1
Level 1

Greetings and thanks for the reply.

Sent from Cisco Technical Support iPhone App

In my opinion with private WAN you can get some traffic SLA's (QoS) etc. but with IPsec VPN, etc across the cloud its best effort. I mean stuff gets there when it gets there. Private WAN is like a registered mail and you know it wil get there and if it doesnt your ISP has to answer to you. But VPN's across the internet have no guarantee and you cant blame your ISP for it as the issue could very well be on the upstream(congestion, transport issues) etc.

Hi Kishore,

Nice reply!

I believe that from the viewpoint of the customer, the choice between MPLS or IP-based VPN is indeed mostly focused on QoS guarantees and, surely, the cost. The fact is that even if the customer chooses MPLS, it is going to be implemented by a SP, not by the customer. On the other hand, IP-based VPNs are mostly implemented on CE/CPE devices, and so the customer has to be well acquainted with the VPN technology used.

It boils down to what the customer requires. If best-effort connectivity is okay, no special QoS requirements are required, and the customer is fine with running its own VPN implementation, there's not much to think about

Best regards,

Peter

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Kisore and Peter, of course you're both correct in that private WAN vendors do (supposedly) guarantee bandwidth, and MPLS vendors, often offer some QoS options for user traffic running across MPLS.

You're also both correct that Internet providers only offer "best effort" across their infrastructure, but I've found most ISPs (including those in Mexico and the rest of South America) usually have sufficient bandwidth capacity (for low bandwidth links, i.e. E1s) that the principle congestion points tend to be the (same E1) links to the ISP.  When this is true, using QoS policies to manage bandwidth between sites, I've found, often provides performance similar to private WAN technologies.

For example, for the OP's HQ site and its seven branches, if each branch has a site-to-site VPN tunnel to HQ (i.e. hub-and-spoke), and bandwidth was shaped such that HQ would not overrun a branch's bandwidth, and the aggregate of all the branches was shaped such that HQ's bandwidth would not be overrun, performance is often like a series of hub-and-spoke p2p links.

Hello Joe,

Thank you very much for updating this thread! I absolutely agree with you. Generalized answers like mine are always somewhat imprecise.

Best regards,

Peter

Leo Laohoo
Hall of Fame
Hall of Fame

I've worked with a worldwide WAN provider (SITA/Equant) back in 2001 to 2005.  Back then, FrameRelay and ATM were the king-of-the-road.  During those times, big clients who have MPLS are mostly in ATM links.  And I agree with Kishore:  When a client has an MPLS service and the link should go down I am expected to get on top of this issue like chickenpox in a crowded subway train.

Then the advent of cheap xDSL came into the picture.  Sure they were cheap but it came with the SLA (or lack of):  Best effort.  So companies who switched from MPLS links to xDSL (and run whatever encryption you can think of) come face-to-face with the reality that if your link to should go down for a week, then there's no court in the world who'll side with you.

My gist is this:  In some cases, I would go service MPLS but there are cases where I could deal with xDSL links.  Sites which I would prefer to have MPLS links are those that I can't-live-without such as DR sites, DC, sites with high volume transactions or VIP sites.

I mean you can still "reason" that you can have redundant routers and links (heck, you can even provision each xDSL goes to different exchanges), but there's still a question of xDSL's latency and contention ratio.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: