Pain Area and things for consideration:
- How can IT Team provide Internet Connection to all the users in every location?
- By taking Internet connection at all the location will it be a cost effective solution?
- Can Service Provider offer Centralized Internet which will be shared to all the locations?
- Will it be workable if customer have Layer2 switch at HUB location?
- Will it increase Latency by taking Centralized Internet?
- Is there any Security concerns?
- What type of QOS is required for their application?
- How Internet Traffic flows from spoke locations?
- Solution Proposed
While running MPLS VPN most of the customer required Internet access for their users from that particular location. To do this IT Team takes separate link from the ISP and terminates into their LAN to fulfill the Internet requirement and this current scenario gives better uptime in terms of MPLS and Internet services but it also increase COST component which is unavoidable. To have separate Internet link for every location, it is better to have single Internet link with the bigger bandwidth from any ISP and share this through your existing MPLS Cloud to all the respective locations. This Scenario also called Centralized Internet over MPLS Cloud. Internet Sharing can be work on any of the Topology (HUB and Spoke or Mesh).It gives you better control in terms of Internet Policy which would be applicable for all the users through that Centralized Internet. But in this scenario MPLS Router and Internet Router/Firewall have to be Back-to-Back connected and MPLS Router will be further connected to Layer 2 Switch because in PC we can only configure Single IP as Default Gateway which would be MPLS Router LAN Interface. Packet Flow – HUB location users can use Internet directly as Internet Leased Line already installed at that location and if request generates from Spoke location for accessing Server, MPLS HUB Router will forward the traffic to Layer2 Switch and if request is for accessing any Website in that case MPLS HUB location Router will direct the traffic towards Internet Router/Firewall.
- Customer can terminate Internet Bandwidth on any Router or Firewall.
- Topology would be either HUB and Spoke or MESH.
- MPLS Router and Internet Router have to be back-to-back connected.
- Services Provider will advertise the Default route into Customer’s MPLS VRF and do the reverse Routing in HUB location.
- Default Gateway IP Address will be MPLS LAN Interface.
- Configure Default Route pointing towards Internet CE Router.
- CE Router should have 2 Layer3 port + 1 Layer2 port.
- CE-PE recommendation is static or BGP Routing protocol.