[c-nsp] L3 MPLS VPN Question - Redundant Internet Access

Andy Saykao andy.saykao at staff.netspace.net.au
Mon Mar 9 21:19:27 EDT 2009


Hi All,
 
I'm trying to build some redundancy for our L3 MPLS VPN customers for
Internet access. 
 
At the moment, customers gain Internet access via their Central Site. We
configure a default route on the PE connecting the Central Site and use
BGP to redistribute the default route to all other PE's with the
"default-information originate" command like so: 
 
ip route vrf NSTEST 0.0.0.0 0.0.0.0 GigabitEthernet0/1.902 10.15.99.2
!
interface GigabitEthernet0/1.902
 description NSTEST VPN Link
 encapsulation dot1Q 902
 ip vrf forwarding NSTEST
 ip address 10.15.99.1 255.255.255.252
!
address-family ipv4 vrf NSTEST
  redistribute connected
  redistribute static
  default-information originate
  no auto-summary
  no synchronization
 exit-address-family

In the event that the VPN link to the Central Site goes down and branch
sites can no longer gain Internet access via the Central Site, I've set
up a NAT-PE for Internet traffic as a form of redundancy. 
 
[WWW] <-- [NAT-PE] <-- [Branch Site] --> [Central Site] --> [WWW]
 
To accomplish this, I configured a default route on the NAT-PE and can
"manuallly" trigger the default route to be redistributed to the PE's
when the Central Site is down - just wondering if there a way to do this
automatically so that when the Central Site is down, Internet traffic
goes via the NAT-PE and when the Central Site is back up, Internet
traffic once again goes via the Central Site??? The NAT-PE is a
dedicated router and has no CE's attached to it.
 
I've tried a few different things, but couldn't get it to work. I'm not
sure if you can alter the way iBGP behaves and maybe give the default
route learnt from the NAT-PE via iBGP a higher admistrative distance of
say 250 (rather than the default 200) so that when the Central Site is
down, the default route from the NAT-PE gets installed.
 
Thanks.
 
Andy

This email and any files transmitted with it are confidential and intended
 solely for the use of the individual or entity to whom they are addressed. 
Please notify the sender immediately by email if you have received this 
email by mistake and delete this email from your system. Please note that
 any views or opinions presented in this email are solely those of the
 author and do not necessarily represent those of the organisation. 
Finally, the recipient should check this email and any attachments for 
the presence of viruses. The organisation accepts no liability for any 
damage caused by any virus transmitted by this email.



More information about the cisco-nsp mailing list