Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
601
Views
0
Helpful
3
Replies

IPSLA between MPLS and S2S VPN

Deepthi
Level 1
Level 1

‎09-10-2018 11:00 AM

Hi Friends

 

My name is Deepthi and i work as a network admin. I am sorry if am troubling you with my message. I am working on MPLS, VPN and IPSLA.

 

I am new to the MPLS setups and everything and so this is getting super confused for me. Please do not mind my long mail.

 

I am currently working on 2 projects. 

 

1. Building a S2S vpn tunnel towards a AWS cloud network.

2. Building a S2S vpn as a back up when my BGP peer dies. ( planning to use IPSLA)

 

 

So, here, i had to build  a S2S tunnel from the fortigate towards the AWS cloud and then do the IPSLA from the ISR. So, it was hard and so, i decided to move my internet termination link to the ISR. 

 

So, once moved, i need to build both the S2S tunnel (1. Towards AWS cloud, 2. Towards different IP when BGP peer is down). 

 

So, My setup is like this.. 

Current setup:

 

core Switch --> Fortigate --> Internet cloud

<< Need a S2S tunnel here for AWS>>

 

Core Switch --> Fortigate ---> MPLS Router --> MPLS Cloud.

<< Need a S2S tunnel here for monitoring the BGP peer and using the back up link >>

 

Proposed setup:

 

Core Switch --> Fortigate --> MPLS Router ---> Internet & MPLS termination

<< Need 2 S2S tunnels built >> So, do i need to build them both from MPLS router or can i build one from Fortigate also.

 

 

 

I would like you to suggest how i should do these. Please let me know if there is any document i need to refer or any suggestion would do me a great help.

 

Thanks a lot. And am really sorry for troubling you.

 

 

 

 

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎09-10-2018 12:36 PM

couple of questions.

 

BGP - you have your own AS number or you peering with iBGP with Service provider.

how is your connection with AWS ?

 

it is good practice to learn by making some simple network diagram and understand the flows.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Deepthi
Level 1
Level 1
In response to balaji.bandi

‎09-10-2018 01:15 PM

So, here is the requirment exactly. 

 

We have our own AS number with Century link ISP. We are running BGP with the ISP Peer. ( this is on the ISR).

So, now am planning to migrate the Internet link to ISR. So, both MPLS and INTERNET are on the same router.

Once, this migration happens, i need to build a S2S tunnel towards the different BGP Peer or some ISP IP which they will provide me and make the MPLS as primary and the S2S as secondary link. So, i was thinking of using IPSLA between the MPLS and S2S VPN. 

 

Thats my thought. i never implemented it or tried it. So, am super confused on how to do all these.

 

Hope you can help me with suggestions.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Deepthi

‎09-11-2018 12:20 AM

You need start writing implementation plan and dependencies, Also Service outage.

 

Steps to follow  and roll back if any issue.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents