11-25-2015 07:30 AM - edited 03-05-2019 02:49 AM
Hi,
I am new to MPLS and requirements.
We have a new MPLS circuit being deployed between two sites.
The ISP has asked me for what Routing Protocol , AS number and any LAN subnets I want to be advertise on CE Router.
Our Customer Router will be running EIGRP and is going to advertise 10.136.16.0/20 and 10.130.0.0 for VPN tunnels already.
So far I have told ISP that routers will need to be running BGP AS65001 on both CE routers at Site A and B.
What LAN routes need to be advertised from CE router ?
I am hoping to have GRE VPN tunnels initiate from customer router.
Please see attached diagram.
Solved! Go to Solution.
11-25-2015 01:28 PM
Hello,
I still do not understand why you need tunnel. Why would your data source change over MPLS network. Can you explain more?
Masoud
11-25-2015 02:16 PM
Hi Masoud,
We are configuring GRE VPN tunnels over service provider network as a first instant but later on may move to using Cisco DMVPN. This is more for security.
11-25-2015 02:46 PM
I just got it. You will receive two sets of Ip addresses form your service provider on both sides for the link which are routable on MPLS core(You may select those IPs). You can use those IPs for the source of your Tunnel.
If you want to use different IPs from PE-CE link for the source of your tunnel, you need to advertise those IPs.
Then you can advertise your routes on Tunnel without depending on your service provider routing protocol.
Jon please give your opinion if I am wrong.
Masoud
11-25-2015 03:40 PM
Masoud
Sounds about right except the tunnel is not being created on the CEs as far as I can see.
That could be my fault for confusing the issue though :-)
So to the OP when I said your CE would pick the BGP over the EIGRP routes that was wrong because as you said in your original post the tunnels will be terminated on the customer routers in your diagram.
So the IPs you need to advertise will not be the IPs used for the CE to PE link they will be the IP subnet that connects your customer router to the CE router.
Then you simply advertise your internal IP address range across the tunnel, no need to advertise to SP unless you want to do an initial connectivity test without using the tunnels.
Jon
11-25-2015 03:53 PM
So if GRE tunnel is being created on customer router, the subnet between customer and CE shuold be advertised. A better option can be advertising a loopback as well for the source of tunnel.
After creating the tunnel,customer subnets can be advertised by local routing protocol without involving service provider.
Masoud
11-25-2015 08:23 AM
Apologies but I didn't read your question carefully enough.
If you are going to be using GRE tunnels (not sure why ?) then you don't need to advertise all local subnets to MPLS.
You just need to advertise the GRE end points ie. you need reachability between the routers terminating the GRE tunnels and then you can simply advertise the local subnets with EIGRP across the tunnel.
Jon
11-27-2015 01:30 AM
Hello
So far I have told ISP that routers will need to be running BGP AS65001 on both CE routers at Site A and B.
My understand is due your above requirment , The bgp loop prevention by default will not allow you to advertised networks betrween these two sites
As each bgp trouter will see it own ASN in the route prefix and wont accept it.
Twos ways to negate this
1) On ISP PE router(s) - neighbour x.x.x.x(your sites ce router) as-override
(isp replaces your ASN with its own)
2) On your CE router(s) - neighbour x.x.x.x allowas-in
(allow prefix in even if it see its own asn in that prefix)
res
Paul
11-27-2015 02:25 AM
Thanks Paul !
Do you know what the answer is to my last question ?
11-27-2015 05:09 AM
Hello
As Jon Has mentioned the MPLS vpn is ONLY private between your sites from other mpls customers in the ISP MPLS cloud, Thus it does and will not will provide any data encryption
As long as you have NLRI between the tunnels SIP/DIP, As per my understanding I don’t see why you cannot run ipsec/gre vpn tunnels between you sites for data encryption.
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide