This project had to be put on hold for few months but is now back in the design phase once again.

Hello John,

I suppose you are considering to migrate the two central offices and the 25 branch offices from an MPLS L3 VPN service where you are using eBGP as PE-CE protocol to a VPLS solution where you will be able to run directly EIGRP between your routers.

 

IF this is the case the BGP process and the route-maps for redistribution between BGP and EIGRP that you have now on your branch routers will not be needed anymore.

 

 

---

This is partly correct as we have decided to use C9000 series L3 switches instead of routers at most branches except at the 2 data centers and our call center. I believe the ISP will keep both circuits running in parallel until we are confident that the L2 circuit is routing correctly...I don't know if they mean to keep using the existing Ciena on site or add a new one. If they keep existing they will utilize another port on device for the L2 circuit.

We will continue to use EIGRP over the network as you suggested however when transiting over to the Layer 2 circuit the BGP process will be eliminated.

The idea was to setup a new L3 switch at a test branch, install a new data center router to terminate the new circuit and test connectivity and various applications that we currently use the MPLS for. If ATT is assigning a VLAN ID for the new test branch are the rest of the branches supposed to be on the same broadcast network? Unfortunately this is the part I'm struggling with as the MPLS circuit is currently a point to point PE<>CE, but the Layer 2 network design is some what of a question mark.

In an earlier post you told us "after talking to the provider our network will be a single broadcast domain."  Is that still correct? I am wondering about that based on this from your most recent post "If ATT is assigning a VLAN ID for the new test branch are the rest of the branches supposed to be on the same broadcast network?"  

If the intent is still to have a single broadcast domain in the new switched Ethernet then all branches would use the same vlan ID. Thinking about that makes me wonder whether you would want to configure the switch interfaces for the new switched Ethernet as access ports in a new vlan or would you configure the switch ports as routed ports? I am assuming that probably you will use access ports. In that case the switch in each of the remote sites would configure one interface as an access port in the specified vlan. All switches at remote sites would participate in the same vlan and so in the same subnet, which would be used as a transit link between the site and your data centers. You would run your routing protocol over this subnet. Each switch at a remote site would have its own vlans configured with their own unique IP subnets and each remote switch would advertise its subnets to the data centers. I wonder if you might want to configure the remote switches to operate as an EIGRP stub.

HTH

Rick

---

@Richard Burts wrote:

In an earlier post you told us "after talking to the provider our network will be a single broadcast domain."  Is that still correct? I am wondering about that based on this from your most recent post "If ATT is assigning a VLAN ID for the new test branch are the rest of the branches supposed to be on the same broadcast network?"  

 

---

I verified with ATT rep that we will using a single broadcast domain. It was my assumption that ATT would assign us a VLAN ID that we would continue to use going forward with the migration. We wanted to use one branch to test before we continue further with the 23 branches. Based on this we would have a single broadcast domain, with the same unique VLAN ID used at all branch locations.

You bring up a valid point regarding the access or routed port configuration since we are using L3 switches(C9000's) instead of a traditional router at most of these branches. Most branches currently have about 10 VLANs which get advertised via EIGRP back to the data centers. Our current branch switches are setup as you suggested with "eigrp stub connected summary" command issued so we could use this same configuration. 

Current setup has a fiber hand off at each location. Yes we are using ATT's MPLS architecture for connectivity. The new design which would essentially be one logical switch as you suggested - as for whether it one single broadcast domain or not I don't know, I was assuming it was going to one single domain.

We use BGP externally to connect to remote branches and EIGRP internally between to CORP centers.  EIGRP routes are selectivity advertised and controlled at these 2 head end routers(3945's) by lowering AD to 11, this way they are advertised into BGP.

I do not fully understand your comments about BGP. And that probably does not matter since I do not see BGP operating in your new switched Ethernet environment.

You comment that EIGRP routes are selectively advertised and mentioned route maps used in the current environment. Whether you can continue to do this may depend on the answer to the question that I asked about a single broadcast domain. If your new environment will be a single broadcast domain then I do not see how you can be selective about advertisement. In that case when a branch router sends an advertisement it will be received by both core routers and also received by every branch router. And when a core router sends out an advertisement it will be received by every branch and the other core. So in that environment every router will know every route. This environment would facilitate branch to branch communication since they would know about each others resources and be able to communicate directly without needing to go through the core. Whether that is good or not depends on your perspective.

If your new switched Ethernet is not a single broadcast domain then there is probably a vlan per branch (probably using QinQ or some similar technology) and communication from a branch must go through the core to get to other branches and to get outside. This would allow the core to selectively advertise to each branch.

HTH

Rick

Hello John,

as suggested by Rick if you have a port based VPLS service you can make use of a single 802.1Q Vlan tag to create multiple broadcast domains in order to get better control on how connectivity and routing is performed.

Given the low number of branch routers if a dedicated port for the new VPLS service is available on each router you can even replicate the current scenario with half devices preferring one central office router and one half of remote routers preferring the other central office router.

For doing this two broadcast domains would be enough and just playing with delay setting you can create the desired hierarchy of paths.

In each broadcast domain you would have only one central site router (or you can modify delay also on the cental site subinterfaces).

Each remote site will prefer the subinterface with default delay settings over the one with modified increased delay.

For a customer we built a VPLS "port based" able to support "plug and play" tagged Vlans between Vlan 1 to Vlan 4094.

The customer is an university and they wanted to act as  a metro ethernet service provider for departments.

Two or mode departments could build a L2 broadcast domain asking to the university stuff a Vlan id to use.

We had to create a separate VPLS for untagged frames over the same access interfaces and it worked covering all possible cases with only two VPLS.

Hope to help

Giuseppe

Sorry its been a while here - after talking to the provider our network will be a single broadcast domain. The other discussion point came about having to use a router per location because the Multipoint EVC are limited to 250 mac addresses. If I have a Layer 3 (3850) on the local side could one get away without having to use a router or am i missing something here? 

There are still some significant things that we do not know about your situation and therefore we need to be careful in our responses. If the discussion about needing a router at each site was in terms of the switched Ethernet operating as a single broadcast domain and functioning as a routed transit link (with each remote site having its own unique subnets and routing over the transit link then the "router" needed at each site is some layer 3 forwarding device and a 3850 should be fine. If the discussion about needing a router at each site was in terms of functions such as address translation, then a 3850 might not be sufficient. My guess at this point is that they are thinking of it as a transit link and a 3850 should be adequate.

HTH

Rick

Richard you may be correct however reviewing the customer implement guide I found the section that they maybe referring to. I

Thank you for the additional information. Based on this I believe that the requirement for a router is really a requirement for a layer 3 forwarding device so that the switched ethernet is a transit link and in that case I believe that a 3850 will do what you need.

HTH

Rick

Thank you for the feedback.

Have either of you had any experience with a switch such as the 3850 replacing a standard router. The 3850 will essentially take on the "role" of the router at each branch location so I want to make sure it can do QoS for VOIP, applications etc? The majority of the branches contain desktops, PBX, local DVR which records IP camera activity.