• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1218
  • Last Modified:

MPLS Network Design

Hello,

I have to help design a mpls network..  I am trying to learn as much as possible by reading but really need some interactive input.  Here is a history and the equipment i have to work with....

We have 4 offices in the US.  Currently they all have seperate ISP for internet access.  We also have two sites in the UK.   Linking them all together are openvpn ssl tunnels.  We have a mesh networking meaning each site has its own link to all other sites.   We are upgrading our network to an all MetroE/MPLS network with one service provider for our interoffice connectivity only.. each site will still have its own internet access.  THis does not include the UK offices.. they will not be on mpls....
The provider is Paetec, they offer a layer 3 MPLS network.. so we are going to use ebgp on our routers.(thats all they support)

Each site has a ASA5110, a cisco 2811 router and CAT 2960 Switches....  these are inplace already and are in production, the routers currently provide our video conferening units a dedicated network (T1s).. the video will be moved on the the mpls network, freeing up the routers for the mpls....  

IS there an industry standard way to link all sites together?  MY boss mentioned placing the mpls routers in their own vlan.. and then trunking the vlan on the outside with the existing internal subnets that we have in place at each site.. not sure what he mean't by that.. I thought you turned on bgp, set the as tags and then the network appeared to all be on the lan....  

Any practical real world help would be great...
0
hang10z
Asked:
hang10z
1 Solution
 
Paul SolovyovskyCommented:
I would place the MPLS on the inside of each LAN.  For each site I would use the MPLS router or a layer 3 switch as the default gateway so that if it's a MPLS subnet it will forward, if not it will use the route of last resort which will be the firewall at each location.  

The reason to use a L3 switch or MPLS router for default gateway at each site is that the ASA's do not allow for split horizon (do not allow outbound packets to come back in on the same interface)

This keeps things simple.


My $.02
0
 
baltrasCommented:
there are two options:
1. (expensive) order mpls vpn service from global vpn service provider. in this case most probably you will be echanging layer 3 information with service provider.
2. (cheap) order cheap Internet access, put your own IPSEC VPN enabled devices and build your own vpn on top of it

actualy now as i understood you are using option 2. you have openssl tunnels over the internet
0
 
touchstar-bradyCommented:
Make your life easier: choose the managed router option from the provider.  Trust me.  Just trust me.  If done wrong, MPLS can make you bald and old, fast.

Most providers will offer this for a nominal fee, because most MPLS issues come from issues with the CPE configuration.  They will also assist you with the optimal CPE configuration that you need.  With that being said...

You will want the inside interface of the MPLS router on the subnet and VLAN that the hosts are going to be accessing it, INSIDE the firewalls.  Your MPLS network will be connecting sites that are all behind a firewall, creating a VPN by default.  And as Paulsolov said, ASA's dont allow for split horizon... but to go further than that, you dont want the ASA processing rules on what will really be "local" traffic.  
0
 
hang10zAuthor Commented:
Actually I figured it all out and I have a worldwide MPLS network...

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now