Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
359
Views
0
Helpful
1
Replies

Conceptual question on backup circuit options to MPLS network

news2010a
Level 3
Level 3

‎01-06-2011 06:12 PM - edited ‎03-04-2019 10:59 AM

Hi, can you give me your thoughts about this:

Imagine organization with 3 sites in the US, 4 sites in Europe and 2 in Asia connected via MPLS.

Requirement:
In case of failure on primary router or circuit to MPLS network, we need to provide a redundant link to get to the MPLS network.

Proposed solution:

Service Provider offers a product called "Secure Gateway", which consists of a small Cisco router connected via Internet. Then the Internet circuit traffic flows thru a firewall and securely reaches our MPLS network - OK.

Question:

Some folks in my organization are asking: Instead of paying for such "Secure Gateway" solution, why not establish an IPSec tunnel from SiteWhichFails-MPLS to AnotherSite-MPLS and from there get to the MPLS network temporarily? I thought about the following cons about this:

- I would need to verify that AnotherMPLS site has bandwidth to support the site which MPLS circuit went down? I may end up having to pay for the extra bandwidth anyway.

- If I hop to another site, risk to increase latency and impact performance and maybe break current or existing applications?

Please let me know whether my cons make sense and your thoughts and whether you have seen folks successfully hop to another MPLS site in order to provide temporary connectivity.

Labels:
0 Helpful
1 Reply 1

spremkumar
Level 9
Level 9

‎01-07-2011 05:52 AM

Hi

You can def opt out of the secure gateway solution and go ahead with point to point ipsec connectivity provided you have proper routing in place in all the location to route the traffic back properly through the ipsec tunnel.

As far my knowledge goes you got to have good SLA's available on internet links as well but that will come with additional cost factor attached to the SLA.

Also you havent clearly mentioned whether you are trying for point to multipoint communication or any to any communication here. If its any to any then the routing needs to be properly designed to tackle any kinda failure scenario.

Assume that you have any to any topo and a simple problem only with the mpls network in asia region,then rest of your locations should be able to talk to the asia regions through the ipsec tunnel.

I have worked on similar kinda setup but with mutiple protocols involved to enable the auto routing without any manual intervention.

regds

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card