09-10-2018 11:00 AM
Hi Friends
My name is Deepthi and i work as a network admin. I am sorry if am troubling you with my message. I am working on MPLS, VPN and IPSLA.
I am new to the MPLS setups and everything and so this is getting super confused for me. Please do not mind my long mail.
I am currently working on 2 projects.
1. Building a S2S vpn tunnel towards a AWS cloud network.
2. Building a S2S vpn as a back up when my BGP peer dies. ( planning to use IPSLA)
So, here, i had to build a S2S tunnel from the fortigate towards the AWS cloud and then do the IPSLA from the ISR. So, it was hard and so, i decided to move my internet termination link to the ISR.
So, once moved, i need to build both the S2S tunnel (1. Towards AWS cloud, 2. Towards different IP when BGP peer is down).
So, My setup is like this..
Current setup:
core Switch --> Fortigate --> Internet cloud
<< Need a S2S tunnel here for AWS>>
Core Switch --> Fortigate ---> MPLS Router --> MPLS Cloud.
<< Need a S2S tunnel here for monitoring the BGP peer and using the back up link >>
Proposed setup:
Core Switch --> Fortigate --> MPLS Router ---> Internet & MPLS termination
<< Need 2 S2S tunnels built >> So, do i need to build them both from MPLS router or can i build one from Fortigate also.
I would like you to suggest how i should do these. Please let me know if there is any document i need to refer or any suggestion would do me a great help.
Thanks a lot. And am really sorry for troubling you.
09-10-2018 12:36 PM
couple of questions.
BGP - you have your own AS number or you peering with iBGP with Service provider.
how is your connection with AWS ?
it is good practice to learn by making some simple network diagram and understand the flows.
09-10-2018 01:15 PM
So, here is the requirment exactly.
We have our own AS number with Century link ISP. We are running BGP with the ISP Peer. ( this is on the ISR).
So, now am planning to migrate the Internet link to ISR. So, both MPLS and INTERNET are on the same router.
Once, this migration happens, i need to build a S2S tunnel towards the different BGP Peer or some ISP IP which they will provide me and make the MPLS as primary and the S2S as secondary link. So, i was thinking of using IPSLA between the MPLS and S2S VPN.
Thats my thought. i never implemented it or tried it. So, am super confused on how to do all these.
Hope you can help me with suggestions.
09-11-2018 12:20 AM
You need start writing implementation plan and dependencies, Also Service outage.
Steps to follow and roll back if any issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide