MPLS VPN and DMVPN Design Challenge

MPLS VPN and DMVPN Design – MPLS VPN is used mostly as primary connectivity and DMVPN as a backup in the small medium business.

You might see in some cases DMVPN is the only the circuit between remote offices and the datacenter/HQ, or for some applications MPLS VPN might be the primary,DMVPN for the others.

 

As an example high throughput, high latency DMVPN link might be used for data traffic, low through,low latency MPLS VPN link for voice and video.

 

In this post I will give you a mini network design scenario and ask some questions, we will discuss the answers in the comment box below.

 

When you attend to my CCDE class,we will work on tens of scenarios similar to this.

 

I will update the scenarios every week with my answer.

Update : I updated the post with my answers. Also I published a new scenario which you can reach from here.

 

MPLS vpn and dmvpn design

 

 

Background Info:

In the above topology,customer wants to use MPLS L3 VPN (Right one) as its primary path between Remote office and the Datacenter.

Customer uses EIGRP 100 for the Local Area Network inside the office.

Customer runs EIGRP AS 200 over DMVPN.

Service Provider doesn’t support EIGRP as a PE-CE protocol, only static routing and BGP.

Customer selected to use BGP instead of static routing since cost community attribute might be used to carry EIGRP metric over the MP-BGP session of service provider.

Redistribution is needed on the R2 between EIGRP and BGP (Two ways)

Since customer uses different EIGRP AS numbers for the LAN and DMVPN networks,redistribution is need on R1 too.

 

Question 1 : Should customer use EIGRP same AS on the DMVPN and the LAN ?

 

Update : No it shouldn’t. Since Customer requirement is to use MPLS VPN as primary path and nothing specified for specific application only use MPLS VPN and other should use DMVPN, if the customer runs same EIGRP AS on Local Area Network and over DMVPN, EIGRP routes is seen as internal from DMVPN but external from MPLS VPN.

Internal EIGRP is preferred over external because of Admin Distance, customer should use different AS numbers.

 

Question 2 : What is the path between remote office and the datacenter ?

 

Update : Since redistribution is done on R1 and R2, remote switch and datacenter devices see the routes both from DMVPN and BGP as EIGRP external. Then the metric is compared.

If the metric ( Bandwidth and Delay in EIGRP) is the same, both path can be used (Equal Cost Multipath-ECMP).

 

Question 3 : Does result fits for the customer traffic requirement ?

 

Update : Yes. Because if customer uses different EIGRP AS on LAN and DMVPN, with just metric adjustment, MPLS VPN path is used as primary.

 

Question 4 : What happens when the primary MPLS VPN link goes down ?

 

Update : It depends. If you redistribute the data center prefixes which are received by R1 on R2, R2 sends the traffic towards switch and switch uses only R1.

Traffic from remote to datacenter go through Switch – R1- DMVPN path. From datacenter, since those will not be known through MPLS VPN, only DMVPN link is used. So DMVPN link is used as primary when the failure happens.

 

Question 5 : What happens when failed MPLS VPN link comes back ?

 

Update : This is tricky part. R2 receives the datacenter prefixes over MPLS VPN path via EBGP, also from R1 via EIGRP . When R2 receives the prefixes from R1 as an EIGRP route those prefixes shouldn’t be redistributed on R2 to send through MPLS VPN path.

If you don’t redistribute them, once the link comes back, datacenter prefixes will still be received via DMVPN and MPLS VPN and appears on the office switch as an EIGRP external.

If you redistribute them on R2, when the link comes back, R2 continues to use MPLS VPN path, so switch can do load sharing or with metric adjustment you can force to use MPLS as primary.

If it is Cisco switches or from other vendor which uses BGP weight attribute into consideration for the best path selection, then redistributed prefixes weight would be higher than the prefixes which are received through MPLS VPN so R2 uses Switch-R1 DMVPN path.

To have a great understanding of SP Networks, you can check my new published “Service Provider Networks Design and Perspective” Book. It covers the SP network Technologies with also explaining in detail a factious SP network. Click here

These are the type of questions you might encounter in the CCDE exam !

Let’s discuss in the comment box below.

Leave a Comment

Your email address will not be published. Required fields are marked *