Re: dynamic routing over MPLS cloud

tato386 · ‎05-24-2006

Until recently I had all my remote office networks connected to a frame-relay network for connectivity to the home office and I also had low-cost DSL circuits as backup links. I worked this by running RIP on the frame-side and floating static routes pointing to the DSL connection. If the frame went down the remote office routers would bring up tunnels via the DSL and the home office router would also use floating routes to use the PIX that the remotes would VPN to.

Now management has switched to MPLS and my old system no longer works because the vendor says that they do not use any type of dynamic routing protocol for the customer LAN subnets. I am looking for some kind of dynamic routing protocol solution that would work with this scenario:

Inet--1710a--MPLS_rtr---MPLS_Cloud--MPLS_rtr--1710b-Inet

The key here is that I need a routing protocol that will allow my 1710s to talk to each other over the MPLS cloud even though the MPLS routers do not participate in any routing protocol. Is there such a thing? I am only experienced with RIP which I understand will not work here. I have also used BGP for multi-homing Internet links but I don't see how I would use that in this situation.

I also realize that I can problably rig up some kind of policy routing with ip sla commands to ping nodes for reachability and set default routes but that seems to convoluted and complex and I would rather leave that type of thing as a last resort.

Any ideas?

Thanks and sorry about the long post.

Diego

olorunloba · ‎05-24-2006

I will suggest that you create a GRE tunnel across the MPLS cloud, using the WAN interface addresses (connecting to the MPLS network) as the tunnel end points. You could now run your RIP across the tunnel.

For example the following could be part of the config on one of the CE routers.

inter e0

description connection to mpls cloud

ip add 10.1.1.1 255.255.255.0

int e1

description LAN interface

ip add 192.168.1.1 255.255.255.0

int tun 0

ip add 20.1.1.1 255.255.255.252

tun source 10.1.1.1

tun destination 10.1.2.1

router rip

network 20.0.0.0

network 192.168.1.0

ip route 10.1.2.1 255.255.255.255 10.1.1.254

tdrais · ‎05-24-2006

Most people run BGP to the MPLS provider but assuming you can't do this you can just us GRE tunnels.

Depends on how much of the MPLS any to any you are going to need. If your data is mostly hub and spoke you can put gre tunnels between the remote sites and the main site. Traffic will still pass between the sites it will just do so via the main location.

You of course can build a full mesh of tunnels but that gets to be a huge pain to maintain. If you need any to any look at a feature call Dynamic Multipoint VPN (DMVPN). It make the configuration less painful.

It also reduces the memory requirements since tunnels are only built when they are used.

Even though DMVPN is very nice I would not do it unless you really needed to. It tends to be very confusing at first

tato386 · ‎05-24-2006

The GRE tunnel idea is a good one but unfortunately I can use it. The MPLS vendor is providing QoS for the MPLS traffic based on IPs of voice devices. The GRE tunnels will "hide" the true source and destination IPs inside GRe packets and therefore break the QoS. I would also think that any type of VPN solution like DMVPN would tend to also break the QoS. I guess I am out of gas here, huh?

Thanks,

bbaillie · ‎05-25-2006

Many encapsulation/encryption methods transfer the original DSCP,TOS values to the encapsulated/encrypted packet. GRE in the Cisco use does this as well with the command qos-preclassify. whether you do it to the tunnel interface or physical interface depends on your need. here is the link. http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtml

Cheers,

Brian

m.blake · ‎06-09-2006

One thing is a little unclear in this doc. Do you need to use a policy-map on either the physical / tunnel interface? Or, will the router pass the existing DSCP packet marking to the tunnel header by only configuring the "qos pre-classify" command and nothing else?

My voice gateway is marking packets with dscp 46 and I want these markings passed up to the tunnel header for my mlps provider to perform QoS.

rais · ‎05-25-2006

I dont understand one thing: if you wont be using any dynamic protocol with the ISP how do you get to other sites from a given site. Are you using static routes?

Thanks.

tato386 · ‎05-26-2006

That's the main problem. There is no dynamic routing protocol running on the MPLS cloud. (Or at least that is what the vendor tells me.) I am trying to find a way that I can run some dynamic routing protocol accross the MPLS on my own. So far it looks like GRE tunnels might be my only option.

sean · ‎06-09-2006

Any MPLS provider that is trying to offer you transit should be willing to run a protocol with you, as it will be isolated in your own vrf. You could run RIPv2, OSPF, or BGP. If you don't need fast convergence and are looking for a simple protocol, RIPv2 is not bad. It is normally a good option as the provider can then use the redistribute transparent option and allow you to influence your own traffic (if you had multiple exit points) with an offset list. If you need more, I would recommend BGP as it is a powerful protocol but still relatively easy.

If they are offering you MPLS VPN support, they have to have a dynamic routing protocol. BGP is required to support the extensions that are needed for the VPN.

Hope this helps.