Hi,

BT (our MPLS provider) have provided:

PE Router IP: 81.141.*.*
Routing Type : STATIC Loop Back IP Address: 192.168.100.1

Address Prefix: 192.168.100.1

Mask: 255.255.255.255

And that is all they have supplied. I guess my question really is:

SITE A:

WAN IP = 192.168.100.1/32 (or ip unnumbered loopback0?)

LAN IP = 10.10.1.0/24

If traffic is intiated on a different site and is destined for the above (SITE A), how does it reach the 10.10.1.0/24 if NAT is being used on SITE A.

In the above example, traffic is being routed over the network to 192.168.100.1 and then stops. It can't get pass the WAN to anything on the LAN.

eg from another site with static route 10.10.1.0 255.255.255.0 192.168.100.1:

ping 192.168.100.1 = OK

ping 10.10.1.1 (internal router IP) = NO RESPONSE

I think I have the routing set ok as traceroutes show the the CE Router > PE Router > PE Router > CE Router.

regards,

Louis

Could I confirm that I would put the following lines in the config:

LOOPBACK INTERFACE

ip int loopback1

ip add 192.168.100.1 255.255.255.255

ADSL INTERFACE:

ip int Dialer0:

ip unnumbered loopback1

LAN INTERFACE

ip int eth0

ip add 10.10.1.0 255.255.255.0

no shut

ip nat inside

ROUTING

ip route 0.0.0.0 0.0.0.0 Dialer0

ip nat inside source list 1 interface Dialer0 overload

So now with the above, I think I should be able to hit the PE router on 81.141.* .*

The PE router knows about SITE B (192.168.100.5/30) so I can ping that address.

But how do I get to the LAN side ie SITE B LAN (10.10.2.0/24)?

Do I just put on SITE A Router?:

ip route 10.10.2.0 255.255.255.0 192.168.100.5

Does the PE Router have to know about the internal LAN's or just the loopbacks?

Basic questions I know but any help would be appreciated.

I used to work for an ISP and with this kind of setup we would usually get the customer to run a dynamic routing protocol to advertise the site subnets into the VRF- in our case it was usually RIP for a site like this.

The dialer interface would be configured as ip unnumbered to the loopback address.

I am a bit confused about what kind of service you have got here. In a true MPLS environment your traffic is partitioned in its own VRF so you don't run NAT - internet breakout will be provided within the cloud via a centralised breakout (for example at a head office or DC).

An alternative to this is DIA (Direct Internet Access) which is akin to your DSL at home where your router is effectively sat on the internet and you do need to provide NAT.

Which of those do you think you have?

mfurnival wrote:
I used to work for an ISP and with this kind of setup we would usually get the customer to run a dynamic routing protocol to advertise the site subnets into the VRF- in our case it was usually RIP for a site like this.
The dialer interface would be configured as ip unnumbered to the loopback address.
I am a bit confused about what kind of service you have got here. In a true MPLS environment your traffic is partitioned in its own VRF so you don't run NAT - internet breakout will be provided within the cloud via a centralised breakout (for example at a head office or DC).

I actually think it is the above. We are going to have to breakout at our head office so I'd guess you are right in what you have said.

Now, basic question again. If the Dialer0 is configured with ip unnumbered loopback1 which is 192.168.100.1/32, how do we reach the 10.1.1.0/24 network?

I though NAT would have to be enabled in order for multiple pc's (10.10.1.0/24) to translate to 192.168.100.1/32 with ADSL?

So, can I do away with NAT and just use ip route 0.0.0.0 0.0.0.0 Dialer0 which will route everything to the PE router that it's attached to?

You've certainly given me an idea with the connection, now it's just the routing so any pointers would be great.

I was not sure from your answer what you think you have - is it MPLS or DIA?

If it is DIA then you will need to use NAT and overload on the dialer interface.

If it is MPLS then you will run a routing protocol and exchange routes with the PE router which will allow routing between your sites.

It's definetely MPLS

http://business.bt.com/assets/pdf/networking/datasheet/ip-vpn-datasheet.pdf

So from what you say:

1. set the loopback#

2. Dialer0 has ip unnumbered loopback#

3. don't use NAT

4. enable RIP

Yes, that sound about right - but it will only work if BT are running RIP on their PE router so you can exchange routes. I would have expected them to have made this clear to you as there are different ways of doing this kind of setup.

They haven't said anything about the setup. Getting hold of them is a nightmare and when you do, the person isn't sure, promises to get back to you and you never hear from them again.

I suspose I can try RIP and see what happens although I keep hearing BGP being mentioned along the lines somewhere.

Turning RIP on is as simple as enabling it on an interface - if there is something on the other end sending RIP routes you will get them. With BGP however you specifically have to configure the remote peer with an IP address and AS number. So if they have not provided these details it won't be BGP.

You could just enable RIP and see what happens - it can't hurt. Bear in mind though that the PE will only advertise to you what you have advertised into the VRF elsewhere. So if this is the only site set up so far you won't receive any routes.

I'm actually on the network now.... sort of.

I can ping our core router from our router.

I can't ping from the LAN though 10.10.1.0/24 even though I have ip route 0.0.0.0 0.0.0.0 Dialer0

I also enabled RIP but nothing showed up but I'm certainly closer.

Any ideas for the above? Once I can ping from the LAN, it's cracked!

Louis

Can you provide a "show ip route" from your branch router please? Do you have access to your core router? Can you provide a "show run " and a "show ip route" from that router too?

Hello

If this is a mpls setup, then dynamic routing doesn't have to be setup - you may only require  a static pointing to the ISP PE -

Your ISP would  also be using static's pointing to your site  but redistributed into a vrf table ( as stated by Mfurnival), so this all means it should be transparent to you.

You may need to contact your provider to make sure he is aware of your lan network ip ranges? Also I  suggest try adding the nexthop address to your own static so your router doesn't assume all traffic is directly connected.

ip route 0.0.0.0 0.0.0.0 Dialer0 x.x.x.x

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.