Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1045
Views
20
Helpful
6
Replies

Setup connection(s) with ISP process??

Go to solution
CiscoPurpleBelt
Level 6
Level 6

‎02-02-2019 10:59 AM

If you have to setup a connection with an ISP that let's say will be sending your networks through their MPLS/BGP etc. cloud, how is that normally done? I am used to setting up more or point2point connections where I just point my DG to their directly connected ISP router at the site, but what about if you are setting up with the ISP and they will handle connectivity through their cloud between all your remote sites where you will be running IDK let's say OSPF. Do they coordinate setting up a BGP AS at your edge routers with them, etc.?

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-02-2019 11:10 AM - edited ‎02-02-2019 11:10 AM

 

If it is MPLS then usually you have a CE device which is a router owned and managed by you connecting to PE device which is router owned and managed by the provider. 

 

What routing protocol you run is often determined by the provider so BGP is common choice although some providers can also use OSPF etc. to peer with your CE device. 

 

Static routes are also a possibility for some small setups but as I say it often depends on what the provider offers you. 

 

Jon

View solution in original post

Go to solution
rlaneyjr22
Level 1
Level 1

‎02-02-2019 03:34 PM

As Jon stated, this does depend on the provider you are using.  In my experience, BGP was the standard and therefore easiest to get provisioned, configured, supported, etc.  They will provide you an example config for either tagged(sub-interface) or untagged interface config along with a basic BGP config.  If you do NOT want to use tagged then make sure you tell them prior to cut-over day.  It seems that some providers really try and force customers to use SVIs.  Unless you already have a public AS number you can assign to your site, they will give you a private AS number to use.  You will also need to make sure you tell your provider the networks you are advertising out to them.  Otherwise, they will be blocked by default.  This was the #1 issue.  During cut-over, have looking glass open in browser to verify public IP advertisements.

 

Just my 2 cents,

- Ricky

View solution in original post

Go to solution
BannerMOTD
Level 1
Level 1
In response to CiscoPurpleBelt

‎02-03-2019 01:16 PM

They will just create subinterfaces on the links between the PE's, like VLAN 100 for instance I would create a subinterface like g0.0.100, then configure the correct ip addressing information from there. The subinterface config is not much different from what you do with inter-vlan routing. Now for tunnels they can setup MPLS VPN's, which have a given customer in a VRF, which is basically a virtual routing instance, which will not share routes with the global routing table. Then something will get created called a route-target, which specifies what can get imported and exported in a VRF. So an ISP will create VRF's on some given PE's, then configure route-target to allow what gets exported and imported to that VRF. So you essentially have a VPN connection with your routes segmented from other customers. So then at the CE router you could advertise routes upstream to your ISP which then will be advertised over the VPN between your VRF's and you can form neighbors with routers at your other site as if your sites are directly connected. You won't see anything regarding the ISP's network or other customers.

View solution in original post

6 Replies 6

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎02-02-2019 11:10 AM - edited ‎02-02-2019 11:10 AM

 

If it is MPLS then usually you have a CE device which is a router owned and managed by you connecting to PE device which is router owned and managed by the provider. 

 

What routing protocol you run is often determined by the provider so BGP is common choice although some providers can also use OSPF etc. to peer with your CE device. 

 

Static routes are also a possibility for some small setups but as I say it often depends on what the provider offers you. 

 

Jon

Go to solution
rlaneyjr22
Level 1
Level 1

‎02-02-2019 03:34 PM

As Jon stated, this does depend on the provider you are using.  In my experience, BGP was the standard and therefore easiest to get provisioned, configured, supported, etc.  They will provide you an example config for either tagged(sub-interface) or untagged interface config along with a basic BGP config.  If you do NOT want to use tagged then make sure you tell them prior to cut-over day.  It seems that some providers really try and force customers to use SVIs.  Unless you already have a public AS number you can assign to your site, they will give you a private AS number to use.  You will also need to make sure you tell your provider the networks you are advertising out to them.  Otherwise, they will be blocked by default.  This was the #1 issue.  During cut-over, have looking glass open in browser to verify public IP advertisements.

 

Just my 2 cents,

- Ricky

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to rlaneyjr22

‎02-02-2019 03:46 PM

So they may want customers to use SVIs meaning use probably a layer 3 switch as the CE or Edge device?
Also, is there a way to hide networks from the ISP that must go through the ISP WAN to reach remote sites you know for security reasons or something?
0 Helpful

Go to solution
rlaneyjr22
Level 1
Level 1
In response to CiscoPurpleBelt

‎02-03-2019 06:23 AM

No, not use a L3 switch as the CE, but instead create a sub-interface on the CE router to encapsulate the traffic between CE and PE using the ISPs provided VLAN/tag id.  Sure, just tunnel the traffic.

 

- Ricky

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to rlaneyjr22

‎02-03-2019 09:36 AM

Can you give me an example of the configs for a sub-int connection forming BGP neighborship with the ISP as you stated is usually done, but also including sending tunneled traffic across?

0 Helpful

Go to solution
BannerMOTD
Level 1
Level 1
In response to CiscoPurpleBelt

‎02-03-2019 01:16 PM

They will just create subinterfaces on the links between the PE's, like VLAN 100 for instance I would create a subinterface like g0.0.100, then configure the correct ip addressing information from there. The subinterface config is not much different from what you do with inter-vlan routing. Now for tunnels they can setup MPLS VPN's, which have a given customer in a VRF, which is basically a virtual routing instance, which will not share routes with the global routing table. Then something will get created called a route-target, which specifies what can get imported and exported in a VRF. So an ISP will create VRF's on some given PE's, then configure route-target to allow what gets exported and imported to that VRF. So you essentially have a VPN connection with your routes segmented from other customers. So then at the CE router you could advertise routes upstream to your ISP which then will be advertised over the VPN between your VRF's and you can form neighbors with routers at your other site as if your sites are directly connected. You won't see anything regarding the ISP's network or other customers.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card