[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.2

Two MPLS WAN links - Failover and Load balancing

Asked by fahim in Network Design & Methodology, Network Routers, TCP/IP

Tags: WAN links, BGP, ECMP, Load Balancing

I'll try to explain the diagram (attached below) and then relate my question . The question appears a bit long because I tried to simplify it as much as possible for you guys to understand so don't be scared by the length of it . ;)

So, until recently, we had single MPLS VPN provider, connecting all over our offices and life was simple with static routes and no IGP or EGP configured (except maybe within the provider MPLS cloud).

Then we decided to reduce our dependence on a single service provider and brought in a second MPLS Service provider. Now we need to architect around the new scenario of connecting offices on separate MPLS clouds with most optimal utilisation to the investment.

Hence, soon we'll have two MPLS circuit providers, termed in the diagram as ISP1 and ISP2. The two routers attached to ISP1 & ISP2 cloud are not under our administration but would reside in our premises; at all our Sites 1, 2 & 3.

An expanded Site 1 shows that both the MPLS circuits terminate in our datacenter of Site 1.  On the ISP1 MPLS cloud and ISP2 MPLS cloud are different sets of offices and some of the times, the need of an office connected to ISP1 is to directly talk to another office on ISP2 without having to do anything with our Site 1 office or enter our internal LAN. Internal LAN has a pair of Cisco Core switches configured in HSRP mode with one of them being active and forwarding traffic. The MPLS links bandwidth varies between 4-8Mbps.

So what we decided is, first to optimise traffic by placing a WAN optimiser (could be Riverbed, Cisco, Bluecoat etc.. not yet decided). Wan optimisers do not yet have the capability to route the traffic neither are meant to.

Design needs:

1. Automatic failover of links with some sort of active load balancing;

Solution 1: Bring ISP1 and ISP2 to participate in our side of BGP and configure BGP on Cisco switches ( emulating CE) with PE routers ( ISP1 Router1 and ISP2  Router1) , lying in our premises.
Concern 1: Would this mechanism bring about auto redundancy in case connectivity to one of the ISPs goes down?

Concern 2: Would there be some sort of arrangement required amongst ISP1 and ISP2 to get this BGP thing working? The two are competitors and might not collaborate with each other but if BGP implementation is independent of these two interacting directly with each other, then it's fine.

Concern 3: Anything else that you can think of??

2. Load balancing across two links

Solution 2: Configure static routing to Sites 2 and 3 that share both links. Assign equal costs to those routes and emulate ECMP concept. For those that do not have both the links yet (Sites 4 and 5), will be having only single route with no ECMP.

Concern 1: Related to concern 1 of solution1 above. When ISP1 Router 1 fails or the whole ISP1 link fails, would the traffic destined to that path be lost and throw the whole network in a tizzy?

3. Security from Malwares

The links provided by the two ISPs are pure pipes and traffic passing through the two MPLS VPN links, though trusted (non internet) but is still coming from disparate geographically spread locations with various degrees of security mechanism implemented internally. The need is to only check the traffic for malwares (Antivirus, Trojans, etc).

Solution 3: Request both ISPs to run some sort of Cisco IPS services on their side of the routers, maybe Ciscos IOS IPS or IPS AIM module insertion.

Or ..have my own inline device in the form of Fortinet/Sonicwall UTM to take care of this aspect.

Concern: Costs??!!! UTM might as well take care of link load balancing and autofailover and I might do away with the configuration of both BGP and ECMP. But most UTM manufacturers talk about Internet links load balancing rather than MPLS VPN associated links.

Now the question is, am I missing something here? Would these concepts work in practise? Has anyone been there done this before?

Pls advise!

Previous related discussions appear here:

http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_24206772.html#a23941709

AND

http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_24253745.html
Attachments:
 
MPLS-106.jpg (74 KB) (File Type Details) 
MPLS redundancy
MPLS redundancy
 
[+][-]06/12/09 12:53 PM, ID: 24615529Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06/12/09 09:58 PM, ID: 24617816Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06/15/09 11:16 AM, ID: 24631391Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Network Design & Methodology, Network Routers, TCP/IP
Tags: WAN links, BGP, ECMP, Load Balancing
Sign Up Now!
Solution Provided By: pwindell
Participating Experts: 2
Solution Grade: A
 
[+][-]08/19/09 03:16 PM, ID: 25137927Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]08/20/09 07:14 AM, ID: 25142753Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091021-EE-VQP-81 - Hierarchy / EE_QW_3_20080625