ceberts
asked on
MPLS VPN
I'm changing over from a Qwest MPLS solution to Windstream MPLS and I'm a bit confused and just looking for some info. With Qwest my Setup looked like HQLAN -> Cisco 2811 -> Qwest Managed Router -> Qwest -> Qwest Managed Router -> Cisco 1841 -> BranchLAN.
Turnup is about a week or so out and I'm just trying to understand how this is going to work.
This Windstream MPLS is a MPLS VPN solution that I'm not familiar with. They requested some free IPs to use on my private LANs for equipment. They just sent me what they're configuring their transport gear for in the HQ location:
interface GigabitEthernet1/1/2.1229
description 3Mb VPN
encapsulation dot1Q 1229
ip vrf forwarding vrf
ip address 10.0.0.253 255.255.255.0
service-policy input BestEffort-3Mb
service-policy output BestEffort-3Mb
exit
What's throwing me off is why they are using a vlan other than default and if they're using a private address on the interface that i'll be hooking this directly into my switch. My default gateway is 10.0.0.254 so on my router would I be adding a route to my branch office to go through 10.0.0.253?
To further specify my current setup these are the interfaces on my 2811:
FA0/0 - LAN
FA0/1 - Public IPs/Internet
FA0/0/0 - Current Qwest facing MPLS link
So when we move over to Windstream I won't be using FA0/0/0 anymore?
Turnup is about a week or so out and I'm just trying to understand how this is going to work.
This Windstream MPLS is a MPLS VPN solution that I'm not familiar with. They requested some free IPs to use on my private LANs for equipment. They just sent me what they're configuring their transport gear for in the HQ location:
interface GigabitEthernet1/1/2.1229
description 3Mb VPN
encapsulation dot1Q 1229
ip vrf forwarding vrf
ip address 10.0.0.253 255.255.255.0
service-policy input BestEffort-3Mb
service-policy output BestEffort-3Mb
exit
What's throwing me off is why they are using a vlan other than default and if they're using a private address on the interface that i'll be hooking this directly into my switch. My default gateway is 10.0.0.254 so on my router would I be adding a route to my branch office to go through 10.0.0.253?
To further specify my current setup these are the interfaces on my 2811:
FA0/0 - LAN
FA0/1 - Public IPs/Internet
FA0/0/0 - Current Qwest facing MPLS link
So when we move over to Windstream I won't be using FA0/0/0 anymore?
ASKER
We'll have an IA Voice+Data for internet and phone lines out as well. But it looks like they have a separate Adtran unit installed for that. I understand why they'd put my service on a vlan but I thought they should only use the vlan on the provider side and not the customer side. They marked the port that I assume was going to be plugged into my network as vlan 1229, so effectively I won't be able to communicate with it as we only run on the default vlan (no IP phones just a pure data network).
Its all for potential use, what if you wanted another VPN isolated from the other, this would be simple to implement, very flexible and maintains seperation all teh way to your handoff, no mixing, enhanced security as well.
harbor235 ;}
ASKER
I'm pretty sure I understand the provider side. But what I'm looking for is how I hook up to this on the client side. My current default gateway is 10.0.0.254, so basically the default route out to the internet will go out the IA, but any traffic out to the branch office will route out through 10.0.0.253 with my current understanding. However 254 can't talk to 253 if 253 is on vlan 1229 and 254 is on vlan 1. So unless I'm missing something, either my provider needs to change the port that faces my side to vlan 1 or I change my entire network to vlan 1229?
I think i see what you mean but your are leaving out some of the technical details.
what is IA?
Did they provide the GW info? is there HSRP running ? I ask because .253 physical could use .254 VIP. if not the GW may be .253.
They should be telling you what needs to be done on your side, do you have a picture showing what they provide and what you provide?
is this what you have?
MPLS cloud
|
CE (transport gear? .253 GigabitEthernet1/1/2.1229 )
|
| -10.0.0.0/24
ur 2811?
| -10.x.x.x/24?
Draw what you have?
harbor235 ;}
ASKER
The IA is just my T1 that handles our internet and phone lines. This should be how the network looks I believe.
hqnetwork.png
hqnetwork.png
ASKER
And sorry I forgot to address your other questions, they haven't mentioned HSRP. Nor any gateway info. I was under the impression that any traffic for my branch office needs to be directed out 253 while any other internet traffic heads out 254 to the T1.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The internal devices are all on that 2960 switch and are part of my 10.0.0.0/24 network, I forgot to put the cloud in the image to picture it. But what you said pretty much confirms what I"m thinking. I'll verify with them next week before I reconfigure my routers but I just wanted to make sure I was heading into this with as much understanding on my part as possible. Thanks for your help.
ASKER
Just need to talk with provider about VLAN tag on their interface facing my network but other than that I'm pretty clear on how this works.
The are trunking vlans to you so in the future if you want additional services they can extend them to you rapidly. New services would be an additional vlan on the trunk. They also could provide internet to you via an additional vlan as well. Are you buying just a L3VPN without internet? They did it to extend additional services to you seamlessly.
harbor235 ;}