Question

Two MPLS WAN links - Failover and Load balancing

Asked by: fahim

I'll try to explain the diagram (attached below) and then relate my question . The question appears a bit long because I tried to simplify it as much as possible for you guys to understand so don't be scared by the length of it . ;)

So, until recently, we had single MPLS VPN provider, connecting all over our offices and life was simple with static routes and no IGP or EGP configured (except maybe within the provider MPLS cloud).

Then we decided to reduce our dependence on a single service provider and brought in a second MPLS Service provider. Now we need to architect around the new scenario of connecting offices on separate MPLS clouds with most optimal utilisation to the investment.

Hence, soon we'll have two MPLS circuit providers, termed in the diagram as ISP1 and ISP2. The two routers attached to ISP1 & ISP2 cloud are not under our administration but would reside in our premises; at all our Sites 1, 2 & 3.

An expanded Site 1 shows that both the MPLS circuits terminate in our datacenter of Site 1.  On the ISP1 MPLS cloud and ISP2 MPLS cloud are different sets of offices and some of the times, the need of an office connected to ISP1 is to directly talk to another office on ISP2 without having to do anything with our Site 1 office or enter our internal LAN. Internal LAN has a pair of Cisco Core switches configured in HSRP mode with one of them being active and forwarding traffic. The MPLS links bandwidth varies between 4-8Mbps.

So what we decided is, first to optimise traffic by placing a WAN optimiser (could be Riverbed, Cisco, Bluecoat etc.. not yet decided). Wan optimisers do not yet have the capability to route the traffic neither are meant to.

Design needs:

1. Automatic failover of links with some sort of active load balancing;

Solution 1: Bring ISP1 and ISP2 to participate in our side of BGP and configure BGP on Cisco switches ( emulating CE) with PE routers ( ISP1 Router1 and ISP2  Router1) , lying in our premises.
Concern 1: Would this mechanism bring about auto redundancy in case connectivity to one of the ISPs goes down?

Concern 2: Would there be some sort of arrangement required amongst ISP1 and ISP2 to get this BGP thing working? The two are competitors and might not collaborate with each other but if BGP implementation is independent of these two interacting directly with each other, then it's fine.

Concern 3: Anything else that you can think of??

2. Load balancing across two links

Solution 2: Configure static routing to Sites 2 and 3 that share both links. Assign equal costs to those routes and emulate ECMP concept. For those that do not have both the links yet (Sites 4 and 5), will be having only single route with no ECMP.

Concern 1: Related to concern 1 of solution1 above. When ISP1 Router 1 fails or the whole ISP1 link fails, would the traffic destined to that path be lost and throw the whole network in a tizzy?

3. Security from Malwares

The links provided by the two ISPs are pure pipes and traffic passing through the two MPLS VPN links, though trusted (non internet) but is still coming from disparate geographically spread locations with various degrees of security mechanism implemented internally. The need is to only check the traffic for malwares (Antivirus, Trojans, etc).

Solution 3: Request both ISPs to run some sort of Cisco IPS services on their side of the routers, maybe Ciscos IOS IPS or IPS AIM module insertion.

Or ..have my own inline device in the form of Fortinet/Sonicwall UTM to take care of this aspect.

Concern: Costs??!!! UTM might as well take care of link load balancing and autofailover and I might do away with the configuration of both BGP and ECMP. But most UTM manufacturers talk about Internet links load balancing rather than MPLS VPN associated links.

Now the question is, am I missing something here? Would these concepts work in practise? Has anyone been there done this before?

Pls advise!

Previous related discussions appear here:

http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_24206772.html#a23941709

AND

http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_24253745.html

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-06-12 at 00:31:01ID24485857
Tags

WAN links

,

BGP

,

ECMP

,

Load Balancing

Topics

Network Design & Methodology

,

Network Routers

,

TCP/IP

Participating Experts
3
Points
500
Comments
7

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. MPLS and OSPF
    I'm setting up a network over two sites linked primarily by a LES circuit and as a backup a MPLS VPN link. I want to setup an OSPF area for the two sites as there are numerous vlans etc, this is all straight forward with the LES link but i've been informed by the MPLS service...
  2. What exactly constitues a MPLS CE Router?
    What kind of device is a CE Router? Clearly Cisco "Wrote the book" because they seem to publish every book on MPLS, but do the CE routers HAVE to be Cisco hardware, or can the CE device be a generic router/firewall that simply supports MPLS protocols? I've see...
  3. How to connect 2 CE routera to 2 PE routers which are us…
    Hello, I have to connect wto of my CE routers to service providers PE-routers which is running BGP MPLS network. Behind of this PE-routers is corporate network and i have separate internet connection for other traffic. Question: DO i have to run MBGP on my ce routers or jus...
  4. PE to PE regarding MPLS and BGP
    Hi experts, In regards to the PE to PE communication. When you turn on MPLS and BGP, what exactly is happening? Are the two PE's passing CE routing information using BGP over MPLS?

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: pwindellPosted on 2009-06-12 at 12:53:49ID: 24615529

The problem is going to be that the Public IP number will change when it changes lines in the failover and may break any sessions that are currently running.  It will also incapacitate any incomming traffic because the IP# that is "sought out" by the incomming connection will be tied to only one line from one ISP and will not be available.

The correct approach is to get both lines from the same ISP,...run them into the same Router,...ISP does the same on their end.  The routers now use Dynamic Routing Protocols between themselves to handle the load balancing/failover.  This kind of service is provieded by any ISP that is worth staying in business.  They make it work,..they monitor it,...they maintain it.

 

by: fahimPosted on 2009-06-12 at 21:58:19ID: 24617816

pwindell, thanks for reading it through.

I am afraid there is NO public IPs involved in this scenario. It's all private IPs thourgh and through as we never touch the Internet. Conceptually, it's Layer 3 MPLS VPN  and I am not sure if there are Public IPs involved even in the ISPs cloud, but from our perspective, we only maintain different Private Ip ranges (10.200.*.*) across all the sites ( 1,2 & 3).

Regards

 

by: pwindellPosted on 2009-06-15 at 11:16:59ID: 24631391

It doesn't matter if they are public or private.  The bahavor of TCP/IP, and the Devices involved does not change.  What I said (and shown) is still true.  

However the advantage of it being a private closed system is that you may be able to rig up the two L3 switches you have to work together with Dynamic Routing Protocols to handle the loss of a "route".  But you may have to also involve the two Provider Routers as well (4 routers would be involved),  but I doubt you'd get the two competing ISPs to work together in that manner willingly (there is nothing in it for them),...hence why this should be done with two Lines from the same provider.

That is really all I know to suggest.

 

by: QuoriPosted on 2009-08-19 at 15:16:41ID: 25137927

Bit of an update to this....

It absolutely matters if it is public of private address space as the designs are vastly different in that if it is public address space you need to design your edge routing to be globally significant - ie the correct exit point from carrier to your network needs to be selected. If it is private address space then your exit points only need to be reflected in the carrier's routing domain and thus you can use local preference (which is likely).

The designs also dramatically change if you, as a business, want to have links to alternate providers for the purposes of redundancy and business continuity. And yes, this is possible. The only catch is you need public address space from the routing registrar for your region, as well as a public AS number.

 

by: pwindellPosted on 2009-08-20 at 07:14:35ID: 25142753

It absolutely matters if it is public of private address space

It doesn't matter, when kept in the context I meant it,...I was talking about the Physical Layer,... Two lines from the same provider as opposed to doing it "home-user" style with a single line from two providers stuck into a Linksys box from Bestbuy.

I trust that a provider that this would be done through would know how to handle the protocols and the routing,...it is mostly them that is going to "make it happen" then the customer.  In each situation I've been in the provider controlled the routers at both ends of the WAN Links,...often the customer doesn't even have to credentials to log into the device. All the customer had to do was make sure their LAN's local routing scheme threw the right traffic at the right router for the right reason.

 

by: raj_sharmajiPosted on 2010-08-04 at 03:36:55ID: 33356337

I could not understand, from where the talk of Internet & Public IP's has come ?? The solution asked was " what design methedology required" in case there are 2 MPLS Service Providers for Primary & Backup MPLS links. I was looking for a solution on this very aspect !!!

Is there anybody to reply on this intelligently !!

 

by: pwindellPosted on 2010-08-04 at 08:01:17ID: 33358541

1. You are yelling at a thread that is almost exactly a year old and abandoned

2.  It isn't your thread, it isn't up to you to judge whether it was answered intelligently or to your liking.

3. Start your own thread and describe your situation to be dealt with.

I could not understand, from where the talk of Internet & Public IP's has come ??

It doesn't  matter, and doesn't change anything.

The solution asked was " what design methedology required" in case there  are 2 MPLS Service Providers for Primary & Backup MPLS links. I was  looking for a solution on this very aspect !!!

Those involved know what was asked,...they were there.   A solution was given, whether you accept or approve of the solution does not matter to me.

Rehashing the solution.....
The solution was to not get two connections from two providers.   Redundancy within the MPLS System has to come from the provider, not the end user.  You can't get the equipment from the two MPLS connections to work together and produce any kind of redundancy if they don't come from the same provider.

If the end user attempts to provide their own solution they could place a Loadbalancer behind the ISP Routers, but that would only cover a failure of one of those routers and would not cover any failures "further out".

That's why there are SLAs and that's why Providers compete/brag about how dependable their services are and how they "never go down".  The solution is for providers to be dependable,...the solution is not for the end user to purchase two services from two "crappy"  providers and then "dance back and forth" between them hoping they don't both go down at the same time.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...