Pain Area and aspects for consideration:
- How can IT Team provide Internet Connection to all the users in every location?
- By taking Internet connection at all the location will it be a cost effective solution?
- Can Service Provider offer Centralized Internet which will be shared to all the locations?
- Will it be workable if customer have Layer3 switch at HUB location?
- Will it increase Latency by taking Centralized Internet?
- Is there any Security concerns?
- What type of QOS is required for their application?
- How Internet Traffic flows from spoke locations?
– Solution Proposed
While running MPLS VPN most of the customer required Internet access for their users from that particular location. To do this IT Team takes separate link from the ISP and terminates into their LAN to fulfill the Internet requirement and this current scenario gives better uptime in terms of MPLS and Internet services but it also increase COST component which is unavoidable. To have separate Internet link for every location, it is better to have single Internet link with the bigger bandwidth from any ISP and share this through your existing MPLS Cloud to all the respective locations. This Scenario also called Centralized Internet over MPLS Cloud. Internet Sharing can be work on any of the Topology (HUB and Spoke or Mesh).It gives you better control in terms of Internet Policy which would be applicable for all the users through that Centralized Internet. But in this scenario MPLS Router and Internet Router/Firewall will be connected/terminated on Layer3 Switch and PC will have default gateways of the Layer 3 Switch. Packet Flow – HUB location users can use Internet directly as Internet Leased Line already installed at that location and if request generates from Spoke location for accessing Server MPLS HUB Router will forward the traffic to Layer3 Switch and if request is for accessing any Website in that case MPLS HUB location Router will direct the traffic towards L3 Switch and L3 Switch forward towards Internet Router.
- Terminate Internet Bandwidth on any Layer3 Device or Firewall for policy Routing.
- MPLS Router and Internet Router will be terminated on Layer3 Switch.
- Topology would be either HUB and Spoke or MESH.
- Services Provider will advertise the Default route into Customer’s MPLS VRF and do the reverse Routing in HUB location.
- Configure the Default Route in Layer 3 Switch with Gateway IP address of Internet Router.
- Configure the reverse Route for all remote spoke IP Pool at Layer 3 Switch pointing towards MPLS CE Router.
- Default Gateway IP Address will be Layer3 Switch IP.
- CE Router should have 1 Layer3 port + 1 Layer2 port.
- CE-PE recommendation is static or BGP Routing protocol.