cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5276
Views
5
Helpful
23
Replies

MPLS routes to advertise from CE to PE

j44mistry
Level 1
Level 1

Hi,

I am new to MPLS and requirements.  

We have a new MPLS circuit being deployed between two sites. 

The ISP has asked me for what Routing Protocol , AS number and any LAN subnets I want to be advertise on CE Router.

Our Customer Router will be running EIGRP and is going to advertise 10.136.16.0/20 and 10.130.0.0 for VPN tunnels already.

So far I have told ISP that routers will need to be running BGP AS65001 on both CE routers at Site A and B.

What LAN routes need to be advertised from CE router ?  

I am hoping to have GRE VPN tunnels initiate from customer router.

Please see attached diagram.

23 Replies 23

Hello,

I still do not understand why you need tunnel. Why would your data source change over MPLS network. Can you explain more?

Masoud

Hi Masoud,

We are configuring GRE VPN tunnels over service provider network as a first instant but later on may move to using Cisco DMVPN.   This is more for security.

I just got it. You will receive two sets of Ip addresses form your service provider on both sides for the link which are routable on MPLS core(You may select those IPs). You can use those IPs for the source of your Tunnel. 

If you want to use different IPs from PE-CE link for the source of your tunnel, you need to advertise those IPs.

Then you can advertise your routes on Tunnel without depending on your service provider routing protocol.

Jon please give your opinion if I am wrong.

Masoud

Masoud

Sounds about right except the tunnel is not being created on the CEs as far as I can see.

That could be my fault for confusing the issue though :-)

So to the OP when I said your CE would pick the BGP over the EIGRP routes that was wrong because as you said in your original post the tunnels will be terminated on the customer routers in your diagram.

So the IPs you need to advertise will not be the IPs used for the CE to PE link they will be the IP subnet that connects your customer router to the CE router.

Then you simply advertise your internal IP address range across the tunnel, no need to advertise to SP unless you want to do an initial connectivity test without using the tunnels.

Jon

So if GRE tunnel is being created on customer router,  the subnet between customer and CE shuold be advertised. A better option can be advertising a loopback as well for the source of tunnel.

After creating the tunnel,customer subnets can be advertised by local routing protocol without involving service provider.

Masoud

Jon Marshall
Hall of Fame
Hall of Fame

Apologies but I didn't read your question carefully enough.

If you are going to be using GRE tunnels (not sure why ?) then you don't need to advertise all local subnets to MPLS.

You just need to advertise the GRE end points ie. you need reachability between the routers terminating the GRE tunnels and then you can simply advertise the local subnets with EIGRP across the tunnel.

Jon

Hello

So far I have told ISP that routers will need to be running BGP AS65001 on both CE routers at Site A and B.

My understand is due your above requirment , The bgp loop prevention by default will not allow you to advertised networks betrween these two sites

As each bgp trouter will see it own ASN in the route prefix and wont accept it.

Twos ways to negate this
1) On ISP PE router(s) - neighbour x.x.x.x(your sites ce router) as-override
(isp replaces your ASN with its own)

2) On your CE router(s) - neighbour x.x.x.x allowas-in
(allow prefix in even if it see its own asn in that prefix)

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Thanks Paul !

Do you know what the answer is to my last question ?

Hello

As Jon Has mentioned the MPLS vpn is ONLY private between your sites from other mpls customers in the ISP MPLS cloud, Thus it  does and will not will provide any data encryption

As long as you have NLRI between the tunnels SIP/DIP,  As per my understanding I don’t see why you cannot run ipsec/gre vpn tunnels between you sites for data encryption.

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card