MPLS & IPSEC VPN
in [Cisco]
|
Prev: Policy Routing, raise OSPF Cost, or am I totally off base?
Next: Output Varies from Show Access-List Command
From: masterbullfrog on 22 Apr 2008 16:05 Hi Perhaps someone can help or give me a clue of what to do next! I have a client who has an mpls network and redundant ipsec vpn on each site. I have been asked to now could we send mission critical traffic over the mpls and all other non essential traffic over the ipsec vpn. Is this possible if so can someone point me in the right direction.... it seems GRE tunnelling with some routing protocol would do it but i am not 100% sure. Any suggestions would be great... thanks John
From: Darren on 23 Apr 2008 16:18
masterbullfrog wrote: > Hi > > Perhaps someone can help or give me a clue of what to do next! > > I have a client who has an mpls network and redundant ipsec vpn on > each site. > I have been asked to now could we send mission critical traffic over > the mpls and all other non essential traffic over the ipsec vpn. > Is this possible if so can someone point me in the right direction.... > it seems GRE tunnelling with some routing protocol would do it but i > am not 100% sure. > > Any suggestions would be great... > > thanks > > John Hey John, I have done this a couple of times and it worked a treat. In fact the last one I did used DMVPN for non-critical and MPLS for critical. You can also choose to encrypt or not encrypt depending on your solution. In both scenarios I did: GRE tunnels over the MPLS link (Critical) Either GRE tunnels or DMVPN for the non-critical Run a routing protocol over the network. Change the routing protocol metric to prefer your non critical network as your preferred path. Then add a route-map to your critical router forcing the next hop for selected traffic over your critical links. In essence if your traffic doesn't hit the 'critical' route-map it is deemed non-critical and therefore follows the normal path via the non-critical router. Regards Darren |