Solved: Question about Circuit l2vpn and l3vpn configuration design

DanielGutierrez615 · ‎06-22-2024

I have a question about Circuit l2vpn and l3vpn configuration design. if you see the diagram attached. We have a customer on connecting to PE bottom right corner. The blue line symbolizes l2vpn tunnel or transport, and the it will get out to the internet back out thru the green lines. My question is: is this typically done on service provider networks. I feel that the customer should always get the internet at the PE and it should go straight to the Internet router see second attachment. but there might cases where you want the internet to come out of the asr9000 to do something with this traffic, but it looks like bad routing meaning traffic going into the PE to P Core router to ASR PE Router, back out the same P CORE router to finally get to the internet what do you guys think.

MHM Cisco World · ‎06-22-2024

the L2TPv3 is L2 over L3 protocol
so the CE is send traffic to it GW to access the internet, this GW must be in other Site (other CE which we can called it DC) and I see you use ASR in DC from there the CE can access internet.
but run GW in PE is not common

MHM

View solution in original post

M02@rt37 · ‎06-22-2024

Hello @DanielGutierrez615

In service provider networks, standard practice typically involves terminating customer internet traffic at the PE router, which then forwards it directly to the internet gateway to ensure efficiency and minimal latency.

However, routing traffic through additional routers like an ASR9000 before reaching the internet might be justified if the service provider needs to perform advanced traffic inspection, apply security measures, enforce QoS policies, or offer differentiated services. While this approach can add complexity and potentially seem like inefficient routing, it may be necessary for meeting specific customer requirements or ensuring service quality. Therefore, while direct paths are generally preferred for internet-bound traffic to optimize network performance and resource usage, indirect routing through additional routers can be appropriate for fulfilling specific operational needs or service agreements.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

MHM Cisco World · ‎06-22-2024

the L2TPv3 is L2 over L3 protocol
so the CE is send traffic to it GW to access the internet, this GW must be in other Site (other CE which we can called it DC) and I see you use ASR in DC from there the CE can access internet.
but run GW in PE is not common

MHM

DanielGutierrez615 · ‎06-22-2024

yeah that's what I was thinking.

M02@rt37 · ‎06-22-2024

Hello @DanielGutierrez615

In service provider networks, standard practice typically involves terminating customer internet traffic at the PE router, which then forwards it directly to the internet gateway to ensure efficiency and minimal latency.

However, routing traffic through additional routers like an ASR9000 before reaching the internet might be justified if the service provider needs to perform advanced traffic inspection, apply security measures, enforce QoS policies, or offer differentiated services. While this approach can add complexity and potentially seem like inefficient routing, it may be necessary for meeting specific customer requirements or ensuring service quality. Therefore, while direct paths are generally preferred for internet-bound traffic to optimize network performance and resource usage, indirect routing through additional routers can be appropriate for fulfilling specific operational needs or service agreements.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.