Solved: I am not clear what you mean

SJ K · ‎12-23-2016

Hi all,

I have 2 links (L3VPN MPLS) with each link connected to its own CE router which connects site A to site B.
The links are from the same Service Provider.

Right now, I have setup the following on site A

1) 2 x IP SLA tracking each PE router interface IP

2) 2 x static route to site B with tracking

If 1 of the link go down (due to ip sla tracking), i will be left with 1 static route in the routing table.

So i have achieve LB (due to 2 static route same AD/cost to the site B) and I have HA, as 1 route will be remove if its tracking go down)

However, everytime I have a new network in site A, i would need to inform the Service Provider which is kinda troublesome.

I am thinking of setting OSPF between these 2 sites.

Q1) Am i able to tunnel OSPF traffic through these L3VPN MPLS link ? Assuming the Service Provider is able to turn on OSPF on the LAN interface at the CE router. ( i am concern about the link between the CE router wan interface <---> PE routers )

Q2) Assume that there is no issue using OSPF across the 2 sites, what would be the benefit in terms of availability and load balancing in using OSPF in comparison with IP SLA above ? (assume the 2 links has equal cost)

Regards,
Noob

Michael Muenz · ‎12-24-2016

Normally the provider should offer you HA via HSRP/VRRP and do his own stuff via BGP or whatever internally. I don't think that your provider is willing to set up OSPF (would ask before).

Why don't you use IPSEC within the MPLS? DMVPN should fit your needs ...

Michael Please rate all helpful posts

View solution in original post

Richard Burts · ‎12-24-2016

Sometimes people do refer to this as L3VPN. I just wanted to be sure that I understood what your situation was. If this is a normal implementation of MPLS then you should check with your provider about what they offer about dynamic routing protocols between CE and PE routers. As I said before it would be better to have a dynamic routing solution rather than depending on IP SLA and route tracking.

HTH

Rick

HTH

Rick

View solution in original post

Michael Muenz · ‎12-24-2016

Normally the provider should offer you HA via HSRP/VRRP and do his own stuff via BGP or whatever internally. I don't think that your provider is willing to set up OSPF (would ask before).

Why don't you use IPSEC within the MPLS? DMVPN should fit your needs ...

Michael Please rate all helpful posts

Richard Burts · ‎12-24-2016

I am not clear what you mean when you describe it as L3VPN MPLS. Is this really a VPN setup or a simple MPLS setup, or something else?

If it is just MPLS then you can check with the provider about running OSPF between the CE and PE routers. If they will support running the dynamic routing protocol it will accomplish several desirable things:

- with equal cost links it will provide load balancing.

- it automatically provides dynamic failover capabilities.

- it provides the communication if you add a network, or change a network, or remove a network within your enterprise.

- it removes the complexity of doing IP SLA and route tracking.

So if the provider will support it I would believe that running OSPF would be preferable to doing the IP SLA and route tracking.

If it is a VPN setup then we would need to know more about how it is set up to be able to say whether running OSPF would be supported.

HTH

Rick

HTH

Rick

SJ K · ‎12-24-2016

Hi Micheal, Rick,

Thanks for your reply.

Sorry for calling it a L3VPN without really putting much thought into it. I always thought if i am able to route traffic across a L3 MPLS network, it is a L3VPN.

I believe my SP did ever mention if want to do OSPF across the sites, so that is the reason why i am thinking whether i should go for static route + SLA or OSPF directly.

Regards,
Noob

Richard Burts · ‎12-24-2016

Sometimes people do refer to this as L3VPN. I just wanted to be sure that I understood what your situation was. If this is a normal implementation of MPLS then you should check with your provider about what they offer about dynamic routing protocols between CE and PE routers. As I said before it would be better to have a dynamic routing solution rather than depending on IP SLA and route tracking.

HTH

Rick

HTH

Rick

SJ K · ‎12-25-2016

Hi Rick,

Please correct me if i am wrong, i read the OSPF dead timer is 40 seconds.

Assuming

R1 -> R2 -> R3 - R4

with R1 and R4 as the CE and R2 and R3 as the PE routers, if R4 is down, does that means R1 will take more then 40secs to know that the route to R4 is gone ?

Because in IP SLA, i am doing an ICMP echo every 4 seconds, so any route change, my routing table will just be stale for abt 4-5 seconds only.

Regards,
Noob

Michael Muenz · ‎12-25-2016

You can tweak the timers to subsecond values:

http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fasthelo.html

Just be sure your provider also adjust the values.

Michael Please rate all helpful posts

SJ K · ‎12-25-2016

thanks micheal!

SJ K · ‎12-24-2016

Hi Micheal,

Sorry i don't quite get you. i am a very beginner level. So you mean to tunnel OSPF traffic through IPSEC within the MPLS ?

What is the use of having IPSEC setup between the MPLS endpoint ?

Regards,

Noob

Michael Muenz · ‎12-25-2016

The main advantage of using IPSEC is, that only your peer need to be routed at provider level.

So you can add as many networks behind your routers and all are travelling through the tunnel.

Disadvantage is you loos some bytes because of the protocol overhead and you have another point of failure within the MPLS.

With DMVPN you can run OSPF inside of the tunnel:

http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/43068-dmvpn-gre-ospf.html

Michael Please rate all helpful posts

Dual links IPSLA/tracking vs OSPF - need some advice.