Primary on MPLS Network + Backup on Internet LL

Pain Area and aspects for consideration:

  • If any location on MPLS Network goes down?
  • Any MPLS Backbone issues with the Service Provider?
  • Will Internet provide secured communication?
  • Up to what level of redundancy?
  • How much bandwidth is required at each location?
  • Will it be manual intervention?
  • What Routing protocol needs to be run between CE-PE?
  • What would be the default-gateway IP address of LAN equipment’s?
  • How many ports required to connecting 2 Service Provider in 2 CPE’s?

 

- Solution Proposed

This solution is for those MPLS customer who are running MPLS Network from one Service provider and wanted to have backup on Internet lease Line which will be furthure termiated on Firewall/Router  and create IPSEC/GRE tunnel over Internet.Since MPLS is most secure cloud for communication and customer don’t want to compromise in terms of security, so they wanted to flow traffic over Internet but on secure tunnel. As everybody knows that most of failure happens at Last mile end of the Service Provider or CPE end which leads to high down time and less availability of the mission critical sites which affects business processes. One of the best ways to reduce down time along with security is to have Internet leased connectivity from other service provider in every Spoke location and take bigger Internet Leased connectivity at Main (HUB) location which will work as active-failover mode. Prime location should have bigger Internet bandwidth because if n no of MPLS spokes goes down in that case traffics comes through spokes over Internet and will aggregate in Main location. MPLS should be terminated on single CPE and Internet should be terminated on other CPE for high redundancy. This active-failover solution is possible with Static routing along with tracking command or BGP protocol, so CPE’s should have features like (Routing protocol + tracking command + Security) and 1 Routed port + 1 Layer2 port. Recommendation is to run static as a Routing protocol between CE-PE at WAN Side and HSRP/VRRP at LAN side where gateway IP address of all the LAN equipment’s would be Virtual IP address along with tracking command for MPLS LINKS. If MPLS link goes down in any location automatic traffic would be reroute on Internet over IPSEC tunnel without any manual intervention.

Primary on MPLS Network + Backup on Internet LL

 

 

 

 

 

 

 

 

 

 

 

 

Technical Arrangement:

  1. Customer can terminate both the Services on different Routers for better redundancy.
  2. Customer can implement this setup either on HUB and Spoke or Mesh Topology.
  3. Solution based on considering Layer2 Switch at all the locations.
  4. Recommendation is run eBGP routing on CE-PE on MPLS Network.
  5. Tracking command has to configure at MPLS-HUB location to track the MPLS-Spoke location.
  6.  Configure HSRP/VRRP at all the locations.
  7. Defaults Gateway IP addresses will Virtual IP address of HSRP/VRRP.
  8. Configure IP Sec tunnel in between HUB and spoke Internet CE Routers.
  9. Permit only LAN IP Addresses in Access list configured for IP SEC.
  10. IP peer IP will be WAN IP address of the remote CE Router.

Akshay Sharma

AKshay has a rich experience of 10+ years in data and telecom domains. He is working as a solution architect in a reputed Telecom in India from the last 5 yrs and has diversified experience in providing robust network solution to SMB and enterprise segment. His core expertise is in DSL broadband/IP/MPLS/Routing and switching with hands on multiple telecom equipment’s and had done multiple certifications into his long career.

You may also like...

2 Responses

  1. Vishnu says:

    Hi Akshay,

    We want to implement similar kind of solution, Can you please provide me the details about practicle immplementation of this.

    Thanks,
    Vishnu

  2. DrewMCronk says:

    All things are very open having a specific clarification of
    the challenges. It was really informative. Your site is useful.
    Many thanks for sharing!

    My website … DrewMCronk

Leave a Reply

Your email address will not be published. Required fields are marked *

three × 5 =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>