How to set up a multiple-site MPLS VPN
Published: 01 Nov 2007 15:28 GMT
A multiple-site MPLS VPN shouldn't be too hard to get working once you understand the options.
A typical MPLS VPN will be acting as though it is one big router in the middle of your network. The diagram below shows three sites connected to an MPLS cloud:
The MPLS cloud is made up of devices known as P (provider) routers and PE (provider edge) routers.
As a customer of an MPLS network you don't have to worry about this detail. The P and PE routers together can be treated like one big router:
What you may need to worry about is the configuration of the customer edge routers that sit on your sites (labelled Site 1, 2, 3 in the diagram).
If you want internet access from sites attached to the MPLS network, there are a few other things to consider.
Although it's expensive and misses the point of MPLS, you could install a DSL circuit into each site. Another, more effective solution is to install a single, larger, internet connection into one site:
Or, if you have a forward-thinking MPLS provider, you can probably buy a service where the internet connectivity (and associated firewall) is located in the operator's network somewhere. Essentially, it's like having a fourth site in the operator's cloud.
This design is far more cost effective in terms of bandwidth; traffic from Sites 2 and 3 heading to the internet doesn't travel down the pipe to Site 1, and Site 1 can then use a smaller circuit.
With both these solutions, you need to ensure that the default route points towards the internet connection, and this will probably involve configuration of the MPLS virtual-routing environment as well as the routers at your site.
Of course, if you have a fully managed MPLS system, you should be able to get all this done with a couple of phone calls to your provider; fully managed solutions are available at reasonable rates. But if you're managing the CE routers yourself, it will take a little more work on your part, as you'll have to work out the CE configuration changes for yourself. Your provider should be able to give you details of the existing network configuration, which will come in useful.
Other options
Finally, it is possible with some operators to get internet and the private circuit delivered on two VLANs down the same physical circuit.
Typically, this would be done on larger connections — you won't necessarily be able to get two pipes in one connectivity with a DSL-based MPLS connection.
This could result in the network configuration at Site 1 looking a little like this:
Usually, this would only be an option for sites with connectivity delivered over Ethernet services. This model is also still limited by all internet connectivity coming via the connection to Site 1.
This article was written by Jim Credland, head of product security at Thus.
Did you find this article useful?
18 out of 29 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
