Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
0
Helpful
6
Replies

vpn 0 and tloc redundancy question

MichaelKim24362
Level 1
Level 1

‎08-18-2024 08:02 AM

Controllers are in Internet.

There are 2 x cedges in DC.  1 x MPLS on MPLS cedge and 1 x Internet on INET cedge .

There are 2 x cedges in each Branch.1 x MPLS circuit on MPLS cedge and 1 x Internet circuit on INET cedge .

TLOC Extension works for connecting MPLS cedge through INET cedge.

However, control connections are only through Internet circuit.

I'm trying to establish backup control connections through MPLS, but I could not find proper information yet.

There is a way to do so by adding separate MPLS router in front of cEdge in Datacenter. This method is simply directing branch WAN network to internal and Firewall => Controllers. (attached "Topology_TLOC_Backup_solution.png")

However, what I want to achieve is without separate router as image attached "Topology_TLOC_Backup.png". The red traffic flow to connect controllers in Internet.

Is it possible? 

 

Labels:
Preview file
61 KB
Preview file
63 KB
0 Helpful
6 Replies 6

Kanan Huseynli
VIP
VIP

‎08-21-2024 05:53 AM

Hi,

tunnel enabled interfaced is hardcoded, does not allow transit underlay traffic through router.

Use loopback interfaces both for mpls and internet on DC-MPLS connected router.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

MichaelKim24362
Level 1
Level 1
In response to Kanan Huseynli

‎08-22-2024 05:31 AM

Thank you for your help.

Do you mean just add loopback to VPN 0? Hum.. Hope you can provide little more explanation.

My config is INET cedge has TLOC extension for MPLS cedge.

MPLS cedge has TLOC for INET cedge.

INET cedge has NAT enabled for MPLS cedge to give Internet access.

Should loopback need to be added on both edges?

0 Helpful

MHM Cisco World
VIP
VIP
In response to MichaelKim24362

‎08-22-2024 05:53 AM

As I mention LO can not use for tloc extensions (I will double check maybe cisco change this but I am sure until last check it still not support that)

Anyway 

In cedge use 

Ping ip <vbond> source-interface <interface use for extension>

Check if you can connect to vbond via mpls using extension 

MHM

0 Helpful

MichaelKim24362
Level 1
Level 1
In response to MHM Cisco World

‎08-22-2024 06:03 AM

MPLS Cedge can ping to controller (vmange, vbond, vsmart) through INET Cedge.

L0 is not yet used. Just interface between MPLS and INET Cedges with physical interface.

That is why branch cannot access controllers through DC MPLS Cedge=> DC INET Cedge => Internet.

I tried TLOC extension on MPLS Cedge WAN interface but that interface is already VPN0, so not working.

I'm could not find proper solution to achieve my goal. I thought L0 may work as Kanan's comment.

0 Helpful

MHM Cisco World
VIP
VIP
In response to MichaelKim24362

‎08-22-2024 06:10 AM

Can I see config of tloc extensions in both side ?

MHM

0 Helpful

MHM Cisco World
VIP
VIP

‎08-22-2024 04:29 AM

Your tlco extension missing NAT to NATing mpls IP to internet and access to controller 

Note:- LO can not use for tloc extensions 

MHM

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card