Backup link resiliency/scalability

Started by LynK, January 09, 2015, 12:32:35 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

LynK

January 09, 2015, 12:32:35 PM Last Edit: January 09, 2015, 12:55:28 PM by LynK
Hey guys,

I labbing up a potential future environment for our WAN network. Currently we have mostly single circuit MPLS environment for most of our branches. What I would like to be able to do is, utilize the bandwidth of a cable connection backup with mGRE + IPSEC and have a HQ router running iBGP over the tunnel interface. Once this is setup the branch router will have an eBGP over MPLS, and an iBGP over mGRE. I can then use PBR/PfR to segment sensitives data (EF/AF41) over mpls, and everything else over mGRE link.

I am curious about your thoughts on this solution, or is there a simpler way of doing this while also having two active links?

Sys Admin: "You have a stuck route"
            Me: "You have an incorrect Default Gateway"

LynK

#2
January 09, 2015, 02:31:11 PM
@winter,

thanks for the docs. the command "neighbor next hop self all" makes the ability to utilize iBGP that much sweeter. As for the second document, quite a tease.... is it worth 40 bucks?
Sys Admin: "You have a stuck route"
            Me: "You have an incorrect Default Gateway"

wintermute000

#3
January 09, 2015, 05:21:03 PM Last Edit: January 09, 2015, 06:19:04 PM by wintermute000
I haven't read it myself lol. But Ivan is a God amongst networkers. He wrote MPLS and VPN Architectures vol. 1 and 2 which is basically the MPLS-VPN / AToM bible.
I would always go with EBGP unless you have a thousand sites,  always spoke,  e.g. retail shops. You retain much more control.


Segmenting traffic is easiest done via more specific routes (your fallback is easy as the main link has the supernet route i.e. no intervention required), everything else is greatly increasing complexity. Don't forget you'll need to influence return traffic as well i.e. you'll need to start getting fancy on the branches as well as the head-end.... the only clean way of doing this is with per prefix load sharing i.e. more vs less specific routes. see the other thread Setit started for an idea of what we're tossing up. 

Fred

#4
January 10, 2015, 09:41:22 PM
Have you seen the Cisco Validated Designs for Branch/WAN.  If you haven't read through them, you should.  The entire cvddocs.com repository is full of good material.

The VPN WAN Design Guide might be particularly apropos.
Print
Go Up Pages1
User actions