Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4111
Views
5
Helpful
23
Replies

MPLS routes to advertise from CE to PE

Go to solution
j44mistry
Level 1
Level 1

‎11-25-2015 07:30 AM - edited ‎03-05-2019 02:49 AM

Hi,

I am new to MPLS and requirements.  

We have a new MPLS circuit being deployed between two sites. 

The ISP has asked me for what Routing Protocol , AS number and any LAN subnets I want to be advertise on CE Router.

Our Customer Router will be running EIGRP and is going to advertise 10.136.16.0/20 and 10.130.0.0 for VPN tunnels already.

So far I have told ISP that routers will need to be running BGP AS65001 on both CE routers at Site A and B.

What LAN routes need to be advertised from CE router ?  

I am hoping to have GRE VPN tunnels initiate from customer router.

Please see attached diagram.

Labels:
Preview file
91 KB
0 Helpful
23 Replies 23

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to j44mistry

‎11-25-2015 01:28 PM

Hello,

I still do not understand why you need tunnel. Why would your data source change over MPLS network. Can you explain more?

Masoud

0 Helpful

Go to solution
j44mistry
Level 1
Level 1
In response to Masoud Pourshabanian

‎11-25-2015 02:16 PM

Hi Masoud,

We are configuring GRE VPN tunnels over service provider network as a first instant but later on may move to using Cisco DMVPN.   This is more for security.

0 Helpful

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to j44mistry

‎11-25-2015 02:46 PM

I just got it. You will receive two sets of Ip addresses form your service provider on both sides for the link which are routable on MPLS core(You may select those IPs). You can use those IPs for the source of your Tunnel. 

If you want to use different IPs from PE-CE link for the source of your tunnel, you need to advertise those IPs.

Then you can advertise your routes on Tunnel without depending on your service provider routing protocol.

Jon please give your opinion if I am wrong.

Masoud

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Masoud Pourshabanian

‎11-25-2015 03:40 PM

Masoud

Sounds about right except the tunnel is not being created on the CEs as far as I can see.

That could be my fault for confusing the issue though :-)

So to the OP when I said your CE would pick the BGP over the EIGRP routes that was wrong because as you said in your original post the tunnels will be terminated on the customer routers in your diagram.

So the IPs you need to advertise will not be the IPs used for the CE to PE link they will be the IP subnet that connects your customer router to the CE router.

Then you simply advertise your internal IP address range across the tunnel, no need to advertise to SP unless you want to do an initial connectivity test without using the tunnels.

Jon

0 Helpful

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to Jon Marshall

‎11-25-2015 03:53 PM

So if GRE tunnel is being created on customer router,  the subnet between customer and CE shuold be advertised. A better option can be advertising a loopback as well for the source of tunnel.

After creating the tunnel,customer subnets can be advertised by local routing protocol without involving service provider.

Masoud

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-25-2015 08:23 AM

Apologies but I didn't read your question carefully enough.

If you are going to be using GRE tunnels (not sure why ?) then you don't need to advertise all local subnets to MPLS.

You just need to advertise the GRE end points ie. you need reachability between the routers terminating the GRE tunnels and then you can simply advertise the local subnets with EIGRP across the tunnel.

Jon

Go to solution
paul driver
VIP
VIP

‎11-27-2015 01:30 AM

Hello

So far I have told ISP that routers will need to be running BGP AS65001 on both CE routers at Site A and B.

My understand is due your above requirment , The bgp loop prevention by default will not allow you to advertised networks betrween these two sites

As each bgp trouter will see it own ASN in the route prefix and wont accept it.

Twos ways to negate this
1) On ISP PE router(s) - neighbour x.x.x.x(your sites ce router) as-override
(isp replaces your ASN with its own)

2) On your CE router(s) - neighbour x.x.x.x allowas-in
(allow prefix in even if it see its own asn in that prefix)

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
j44mistry
Level 1
Level 1
In response to paul driver

‎11-27-2015 02:25 AM

Thanks Paul !

Do you know what the answer is to my last question ?

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to j44mistry

‎11-27-2015 05:09 AM

Hello

As Jon Has mentioned the MPLS vpn is ONLY private between your sites from other mpls customers in the ISP MPLS cloud, Thus it  does and will not will provide any data encryption

As long as you have NLRI between the tunnels SIP/DIP,  As per my understanding I don’t see why you cannot run ipsec/gre vpn tunnels between you sites for data encryption.

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card