[c-nsp] L3 MPLS VPN Question - Redundant Internet Access
Andy Saykao
andy.saykao at staff.netspace.net.au
Mon Mar 9 21:19:27 EDT 2009
Hi All,
I'm trying to build some redundancy for our L3 MPLS VPN customers for
Internet access.
At the moment, customers gain Internet access via their Central Site. We
configure a default route on the PE connecting the Central Site and use
BGP to redistribute the default route to all other PE's with the
"default-information originate" command like so:
ip route vrf NSTEST 0.0.0.0 0.0.0.0 GigabitEthernet0/1.902 10.15.99.2
!
interface GigabitEthernet0/1.902
description NSTEST VPN Link
encapsulation dot1Q 902
ip vrf forwarding NSTEST
ip address 10.15.99.1 255.255.255.252
!
address-family ipv4 vrf NSTEST
redistribute connected
redistribute static
default-information originate
no auto-summary
no synchronization
exit-address-family
In the event that the VPN link to the Central Site goes down and branch
sites can no longer gain Internet access via the Central Site, I've set
up a NAT-PE for Internet traffic as a form of redundancy.
[WWW] <-- [NAT-PE] <-- [Branch Site] --> [Central Site] --> [WWW]
To accomplish this, I configured a default route on the NAT-PE and can
"manuallly" trigger the default route to be redistributed to the PE's
when the Central Site is down - just wondering if there a way to do this
automatically so that when the Central Site is down, Internet traffic
goes via the NAT-PE and when the Central Site is back up, Internet
traffic once again goes via the Central Site??? The NAT-PE is a
dedicated router and has no CE's attached to it.
I've tried a few different things, but couldn't get it to work. I'm not
sure if you can alter the way iBGP behaves and maybe give the default
route learnt from the NAT-PE via iBGP a higher admistrative distance of
say 250 (rather than the default 200) so that when the Central Site is
down, the default route from the NAT-PE gets installed.
Thanks.
Andy
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
Please notify the sender immediately by email if you have received this
email by mistake and delete this email from your system. Please note that
any views or opinions presented in this email are solely those of the
author and do not necessarily represent those of the organisation.
Finally, the recipient should check this email and any attachments for
the presence of viruses. The organisation accepts no liability for any
damage caused by any virus transmitted by this email.
More information about the cisco-nsp
mailing list