Use of BGP and MPLS VPNs: A Case Study Fred P. Baker CCIE#3555
Mar 27, 2015
Contents
• Current Network
• The MPLS VPN project
• Routing Objectives
• What we did
• How we tested
Current Environment
• Hub and spoke to 4 data centers– Sites do not in general connect to 2 data centers due
to cost and OSPF issues• Generally place servers by geography
– You servers are in the data center your links are in• Mostly Frame Relay to ATM interworking with
some private lines– 70 of some 350 remote sites have 2 links
• ATM PVC dual mesh between the data centers• 12000 agent location network done by MCI with
combination of DSL and Fractional T1
Address Space• 10.0.0.0/8
– Mostly inside – Some BP
• 192.168.0.0/16– Used all over
• 172.16.0.0/12– Extranet
• 167.127.0.0/16– Public address space– Used mostly by extranet– Some legacy inside
10.0.0.0 address allocation/11 for core 1 per data center
rt5
rt7
rt6
rt7
rt6
rt1
rt1
rt1
HO IP AddressRange
10.32.x.x - 10.63.x.x
IPX@DIP Address Range
10.128.x.x - 10.159.x.x
ADCIP Address Range
10.96.x.x - 10.127.x.x
IPC@ HIP Address Range
10.64.x.x - 10.95.x.x
CoreIP Address Range10.0.x.x - 10.31.x.x
Allstate Data Center
OS/390 VIPATotal Stub AreaAgent BB
Total Stub Area
Data CenterAreas
AREA 0
SiSi
SiSi
SiSi
SiSi
SiSi
DLSWDistribution
Router
WAN CoreArea 0
OSPFRemote SiteTotal StubATM/FR
EIGRPDual DC sites
OSPFRemote SiteTotal Stub
CoreRouter
CoreRouter
SwitchingRouter
OSPFRemote SiteTotal Stub
CoreSwitch
SwitchingMSFC
CoreSwitch
DistributionMSFC
SwitchingRouter
AccessMSFCs
DistributionSwitch
Core Router: Communicates between Data CentersSwitching Router: Talks to other routersDistribution Router: Talks to other networks/Routing domainsAccess Router: First hop router
OSPFRemote SiteTotal Stub
Direct Connect
Routing Protocol
• Single OSPF AS
• Cisco and OS/390 based routers only
• Firewalls now static routed
• Peer authentication soon
Remote sites
• AT&T frame relay at the site
• ATM into the data center
• Some ISDN backup
• A remote site is connected to a single data center (for now)
• Servers and applications tend to have geographic affinity
Remote Site swdc-all-
rt1
swdc-all-rt7
adc-all-rt7
adc-all-rt1
IPC@D LAN
ADC LAN
CoreConnection
CoreConnection
StandardAccess
with ISDN
Standard AccessE
ther
net
EhancedAccessDual Rtr
Dual WAN
Eth
erne
t
Enhanced Access
Enhanced Access
PremiumAccessDual Rtr
Dual WANMult DC
Eth
erne
t
Premium
Premium
Premium
Remote Site Switch Layer Layer 2 Network with
Spanning Tree
SiSi SiSi
VLAN 1 VLAN1
Trunk with Vlan 1, 2 Trunk with Vlan 1, 2
VLAN2
Trunk with Vlan 1, 2
MDF #1Spanning Tree RootBridge Priority 100
MDF #2Backup Root
Bridge Priority 200
Gig Fiber Gig Fiber
Cost 4
X X X
RP RP
RP
RP RP RP
DPDP
DP DP
DP DP
DPDP
Cost 4 Cost 4
Cost 4Cost 4 Cost 4
Cost 19Cost 19
Cost 3019 Cost 3019 Cost 3019
Agent Broadband
• 10,000 locations• Connected via IPSEC VPN• WorldCom managed routers• NO split tunneling• IPSec Transport with GRE tunnel to Dallas
and Hudson• Agent PCs are 10.*.*.*• Agent access is via Allstate Internet Proxy
Overview
SPOKEEIGRPAS 519
eBGPeBGP
OSPF NSSA TSAREA 160
OSPF NSSA TSAREA 161
OSPFAREA 0
10.88.212.128/2510.88.212.0/2510.151.212.0/25 10.151.212.128/25
10.66.2.240/2810.128.2.240/28
192.168.1.0/24192.168.2.0/24
192.168.3.0/24
erie-Intranet
e2 .1
e1 .1 e0 .1
e1 .2
LB0 10.12.0.69/30
e0 .241
e0 .245
LB0 10.12.0.85/30Lakewood DS1
e1 .2
e2 .131
e0 .246
e1 .130
e2 .3LB0 10.12.0.89/30
Lakewood DS2
Lakewoodback-end
e0 .2
LB0 10.12.0.45/30Sanduskyback-end
e1 .241
LB0 10.12.0.61/30Sandusky DS1
e1 .245
e0 .2
e2 .131
e1 .246
LB0 10.12.0.65/30Sandusky DS2e2 .3
e3 .130
f0/0 .4f0/1 .132
LB1 192.168.24.129/32LB2 192.168.24.254/32LINCOLN (DSL)
LB1 192.168.24.130/32LB2 192.168.24.253/32KITTY HAWK (T1)
f0/1 .133f0/0 .5
f0/0 .4f0/1 .132 f0/0 .5
f0/1 .133
LB1 192.168.24.1/32LB2 192.168.24.126/32TR (DSL)
LB1 192.168.24.2/32LB2 192.168.24.125/32IKE (T1)
WorldCom ITSO Internet LAB Connectivity
DSL SitesT1 Sites
AVENGER10.160.1.1/26
DEFENDER10.160.2.1/26
DEVESTATOR10.160.3.1/26
BURKE10.162.161.1/26
RAMAGE10.162.162.1/26
STOUT10.162.163.1/26
Hub VPN Router RedistributionEIGRP AS 519 BGP ASBGP AS EIGRP AS 519Hub site routers to not peer in EIGRP AS 519. VPNrouters only peer with DS routers at the hub sitethrough eBGP.
Downstream Router RedistributionBGP AS OSPF ProcessSTATIC Routes BGP AS network
All redistribution is controlled by route-mapstatements filtering only desired routes.
Nauticus(Allstate Lab Mockup)
Current Solution
Agent Broadband in Data Center
U9
09
77
CA
T4
Cis
co
Sy
ste
ms
29
48
GN
etw
ork
10
.15
1.2
10
.0 /
25
SC
0 1
0.8
8.2
10
.12
3
U8
54
67
CA
T3
Cis
co
Sy
ste
ms
29
48
GN
etw
ork
10
.88
.21
0.1
28
/2
5S
C0
10
.88
.21
0.2
50
U8
55
15
CA
T2
Cis
co
Sy
ste
ms
29
48
GN
etw
ork
65
.22
1.2
30
.64
/26
SC
0 6
5.2
22
.45
.68
U8
55
14
CA
T1
Cis
co
Sy
ste
ms
29
48
GN
etw
ork
65
.22
1.2
30
.0/2
6S
C0
65
.22
1.2
30
.4
C is c o 1 2 0 0 0 c s e r ie s
C is c o 1 2 0 0 0 c s e r ie s
C is c o 1 2 0 0 0 c s e r ie s
C is c o 1 2 0 0 0 c s e r ie s
GW9.DFW9
POS4/1Primary
OC-3/155MbpsPOS2/0
157.130.148.32/30 .34
.33
GE6/0
.1GE5/0 2/49
2/50
.66
HSRP Standby Group 1 =.3HSRP Standby Group 2 = .67
GE6/0
.2GE5/0
.65
2/49
2/50
Cisco Systems12008
Cisco Systems12008
U85514E2
Cisco Systems 7206VXRVPN Routers
Loopback 0 /32 from192.168.24.0/24 Network
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
FE2/0
U85515C1-CTALLSTA01US
U85515C3-CTALLSTA03US
U85515C5-CTALLSTA05US
U85515C7-CTALLSTA07US
U85515C9-CTALLSTA09US
U85515C11-CTALLSTAAHUS
U85515C13-CTALLSTAABUS
U85515C15-CTALLSTAADUS
U85515C17-CTALLSTAAFUS
U85515C19-NOT INSTALLED
U85515C21-NOT INSTALLED
U85515C23-NOT INSTALLED
U85515C25-NOT INSTALLED
U85515C27-NOT INSTALLED
U85515C29-NOT INSTALLED
U85515C31-NOT INSTALLED
U85515C33-NOT INSTALLED
U85515C35-NOT INSTALLED
.7
.8
.9
.10
.11
.12
.13
.14
.15
U85514C2-CTALLSTA02US
U85514C4-CTALLSTA04US
U85514C6-CTALLSTA06US
U85514C8-CTALLSTA08US
U85514C10-CTALLSTAAIUS
U85514C12-CTALLSTAAAUS
U85514C14-CTALLSTAACUS
U85514C16-CTALLSTAAEUS
U85514C18-CTALLSTAAGUS
U85514C20-NOT INSTALLED
U85514C22-NOT INSTALLED
U85514C24-NOT INSTALLED
U85514C26-NOT INSTALLED
U85514C28-NOT INSTALLED
U85514C30-NOT INSTALLED
U85514C32-NOT INSTALLED
U85514C34-NOT INSTALLED
U85514C36-NOT INSTALLED
.71
.72
.73
.74
.75
.76
.77
.78
.79
2/1
2/3
2/5
2/7
2/9
2/11
2/13
2/15
2/17
2/19
2/21
2/23
2/25
2/27
2/29
2/31
2/33
2/35
2/2
2/4
2/6
2/8
2/10
2/12
2/14
2/16
2/18
2/20
2/22
2/24
2/26
2/28
2/30
2/32
2/34
2/36
2/2
2/4
2/6
2/8
2/10
2/12
2/14
2/16
2/18
2/20
2/22
2/24
2/28
2/26
2/30
2/32
2/34
2/36
2/1
2/3
2/5
2/7
2/9
2/11
2/13
2/15
2/17
2/19
2/21
2/23
2/25
2/27
2/29
2/31
2/33
2/35
FE0/1 .19FE0/0 .147
FE0/1 .20FE0/0 .148
FE0/1 .21FE0/0 .149
FE0/1 .22FE0/0 .150
FE0/1 .23FE0/0 .151
FE0/1 .24FE0/0 .152
FE0/1 .25FE0/0 .153
FE0/1 .26FE0/0 .154
FE0/1 .27FE0/0 .155
FE0/1 .1FE0/0 .130
FE0/1 .2FE0/0 .131
FE0/1 .3FE0/0 .132
FE0/1 .4FE0/0 .133
FE0/1 .5FE0/0 .134
FE0/1 .6FE0/0 .135
FE0/1 .7FE0/0 .136
FE0/1 .8FE0/0 .137
FE0/1 .9FE0/0 .138
LB0 .38
LB0 .40
LB0 .425
LB0 .44
LB0 .46
LB0 .48
LB0 .50
LB0 .52
LB0 .54
LB0 .2
LB0 .4
LB0 .6
LB0 .8
LB0 .10
LB0 .12
LB0 .14
LB0 .16
LB0 .18
2/50
2/49
2/49
2/50
GE1/0
GE0/0
GE2/0
GE2/0
GE1/0
GE0/0
2/36
2/34
2/32
2/30
2/28
2/26
2/24
2/22
2/20
2/18
2/16
2/14
2/12
2/10
2/8
2/6
2/4
2/2
2/35
2/33
2/31
2/29
2/27
2/25
2/23
2/21
2/19
2/17
2/15
2/13
2/11
2/9
2/7
2/5
2/3
2/1
HSRP Standby Group 1 =.3HSRP Standby Group 2 = .67
U85515TS1
U85514TS2
FE0/0 .6FE0/1 .70
FE0/1 .5FE0/0 .69
Host Table Loopback192.168.24.252
Host Table Loopback192.168.24.254
Access to console forall U85515 equipment
and U85514TS2.
Access to console forall U85514 equipment
and U85515TS1.
2/482/47
2/482/47
OSPFNSSA
NO SUMMARYAREA 160
OSPF exceptsBGP routes via
filtering.
Network10.128.2.240/29
AS 65021
AS 65023
AS 65025
AS 65027
AS 65029
AS 65031
AS 65033
AS 65035
AS 65037
AS 65003
AS 65005
AS 65007
AS 65009
AS 65011
AS 65013
AS 65015
AS 65017
AS 65019
AS 65001
AS 65001U85515DS1
U85514DS2
.252
.125
.251
.124
swdc-mdf-rsw2loopback 010.12.0.69
swdc-mdf-rsw3
loopback 010.12.0.77
.241.244GE4/1
GE4/1.242 .243
Static routes anchoredto Allstate Loopback0
and advertized in BGP:10.0.0.0/810.32.0.0/1110.128.0.0/1164.94.5.0/24166.90.140.0/24167.127.0.0/16172.16.0.0/12192.168.0.0/16
eBGP peering
LB0 10.12.0.97/30LB1 65.218.69.29/32
LB0 10.12.0.93/30LB1 65.218.69.30/32
Static routes anchoredto Allstate Loopback0
and advertized in BGP:10.0.0.0/810.32.0.0/1110.128.0.0/1164.94.5.0/24166.90.140.0/24167.127.0.0/16172.16.0.0/12192.168.0.0/16
AllstateIrving Texas
SouthWest Data CenterSuper Hub
U85515E1
Each VPN has its own EIGRPAS 519 routing domain. EIGRP
AS 519 and BGP mutuallyredistribute routes via filtering.
GW7.DFW7
POS2/0.110
POS1/1
.109
ShadowOC-3/155Mbps
157.130.148.108/30
Agent office
glic-mdf-rsw2 - Cisco 6509port - tba
Allstate Northbrook - GGG Allstate IPC Hudson
IPC Hudson - Agency Broadband QOS Test
VLAN 66
Allstate FE - IP 10.66.2.245Mask 255.255.255.248
Test Crypto - 7200 VXR
Test Downstream - 7200
MCI Inet
Production Edge
Test 1751 Spoke -u82977
Allstate LAN - IP 10.173.193.1Mask 255.255.255.192
Production LAN switch
Production LAN switch
Topology for MCI QOS Test
FILENAME: Mciqos.vsd Page: 1 of 1Author: Network EngineeringLast Updated: July 7, 2003
Allstate FE - IP 10.66.2.243Mask 255.255.255.248
Ethernet
Static routesAllstate Data Network 10.0.0.0/8
Allstate agent LAN 10.173.185.1/26VPN router to downstream
Agent router public interfaceVPN router public interface
192.168.25.0/25
Internet/Extranet
• We do not use the default route
• There are 3 data center with ISP connections
• We code static routes to the firewalls (we don’t trust firewalls running dynamic routing protocols) and redist to OSPF
The project
• We use a single data network provider
• This is a single point of failure of that providers ATM/Frame networks
• Add a second data provider– Initially to use for the dual attached sites– Then convert 1 of the core ATM meshes to
the second provider
Layer 2 vs Layer 3 provider
• Frame Relay is layer 2 connectivity– The routers have a direct peering relationship
• Many providers are offering Layer 3– Costs are the same or even less– MPLS VPN is the data transport
• Many providers are using MPLS to move even layer 2 networks
– You have a routing relationships with the provider not with yourself
• So More complex to configure and fix• Not a simple OSPF network anymore
Which one we picked
• Layer 3…– DR becomes free do not need to run more PVCs to a
DR data center– The data center placement of servers assumption is
changing• Apps are being put to 1 DC
– Also there is more site to site traffic than we expect– So we can reduce traffic on the ATM core– And increase response time– Do dual homed sites first convert 1 link to L3– Single homed late
MPLS VPN
VPN A/Site 1
VPN A/Site 2
VPN A/Site 3
VPN B/Site 2
VPN B/Site 1
VPN B/Site 3
CEA1
CEB3
CEA3
CEB2
CEA2CE1B1
CE2B1
PE1
PE2
PE3
P1
P2
P3
10.1/16
10.2/16
10.3/16
10.1/16
10.2/16
10.4/16
Route types
• CE customer Edge– your router– run BGP to provider– Knows nothing about other customers or provider
routes
• PE provider Edge– Knows about all local customer VPNS– Has multiple routing tables
• P providers– Transport only– No customer routes
Routing objectives
• Support load share from the home DC
• Remote site goes direct to non home DC over L3
• Remote site directly to remote site
• Reduce transit of the core
• Support a L3 provider in the core replacing 1 ATM mesh
• Do not use remote sites to transit traffic
Technical Objectives
• Limit the number of bgp attributes used
• Keep the remote site configuration simple
• Do not inject the default route unless you must
• How to inject the Internet routes
BGP features we used
• As path
• Path length filters
• No export
• Backdoor
• If AS Paths are equal then router uses eBGP route
How to route
• Must look at the routes going BOTH ways– Routes to – Routes from
• The routes you advertise drags traffic to you• The routes you take in is how you route back• We load share by having each router use a
different path, then send equal cost into IGP
Result• Use MPLS VPN based L3 provider
• Remote sites 2nd link to L3
• Each data center connects to L3
• Will not use L3 to route between DCs due to QoS concerns
Frame-RelayRouter
Frame-Relay L3
L3 Router
Data Center #1Frame-Relay
RouterL3 Router
Data Center #2Frame-Relay
RouterL3 Router
Core ATM PVCMesh
BGP AS 65401 BGP AS 65402
BGP AS 650xx
Remote-Site X
iBGP
SiSiSiSi
OSPF 500
Routing
• Use BGP at remote sites– Can use OSPF with SOME providers but not all– BGP works much better– Each site is 1 AS
• EACH data center is 1 AS– This allows us to put an L3 provider in later– BGP routes BETWEEN ASes
• Address ASes from private space• This is ok because provider is a VPN
Route injection to/from BGP
• Allstate Data Center – Explicit network statements to BGP– Redist BGP to OSPF
• Remote site routes– Redist from OSPF
• Decided that using network statements to complex
– BGP routers send just default route to any switches• We will accept the extra LAN transit
• Internet routes– Redist static
Internet routes
• There will be non BGP L3 switches between Inet and allstate core
• Redist static into OSPF already
• So just redist into BGP also
• Put internet router in same AS as datacenter (have to as no direct path)
• Use sync
• Send to L3 provider and to sites over L3
BGP to L3 provider (and then remote sites
• Data center side– Send data center /11s– Send internet routes– Take routes from L3 provider– Do not forward other eBGP learned routes
• Remote site side– Send all local routes– do not forward other learned eBGP routes– Remember the no export to kill transit– Receive all routes
• Want to take L3 when I can
DC to Remote site FR
• Send all bgp derived routes
• Do as prepend of the data center AS
• This makes AS path =2 for DC on FR and L3 paths
• This makes AS Path=3 for DC to DC via ATM core so site to remote DC traffic over L3
Remote site to DC on FR
• Do as prepend of 1 AS at remote end
• Need this so FR and L3 paths have AS Path=2 so we load share
• Filter routes with AS Path >1 – I only want to send the local site routes up the
FR link– Do not want DC to send transit traffic to site
IBGP in the remote site• Set next hop self• Routers must have a shared Enet• No redist of BGP to OSPF• So cant use sync so cant transit a L3 switch• Do not forward routes I learn via FR• Do not want a transit from L3 up the FR link• Do not want a transit to L3 from FR link• Set no export attribute on routes from DC over the FR
link• This prevents site from passing them to L3• Cannot AS path filter on IBGP because I want to pass
the DC route via iBGP– Why I use no export
DC to DC
• Each site learns over ATM network with AS Path = 1
• Cannot route over L3 provider
Frame-RelayRouter
Frame-Relay L3
L3 Router
Data Center #1Frame-Relay
RouterL3 Router
Data Center #2Frame-Relay
RouterL3 Router
Core ATM PVCMesh
BGP AS 65401 BGP AS 65402
BGP AS 650xx
Remote-Site X
iBGP
SiSiSiSi
OSPF 500
Remote site to non home dc
• Non home DC sent via L3 AS Path = 2
• Home data sends via FR AS Path = 3 due to prepend– Use if L3
down
BGP AS 65401
Frame-RelayRouter
Frame-Relay L3
L3 Router
Data Center #1Frame-Relay
RouterL3 Router
Data Center #2Frame-Relay
RouterL3 Router
Core ATM PVCMesh
BGP AS 65402
BGP AS 650xx
Remote-Site X
iBGP
SiSiSiSi
OSPF 500
non home dc to remote site
• Non Home DC learns remote site routes from L3
• Home data center sends only the /11 summary
• so longest match says L3
Frame-RelayRouter
Frame-Relay L3
L3 Router
Data Center #1Frame-Relay
RouterL3 Router
Data Center #2Frame-Relay
RouterL3 Router
Core ATM PVCMesh
BGP AS 65402
BGP AS 650xx
Remote-Site X
iBGP
SiSiSiSi
OSPF 500
BGP AS 65401
home dc to remote site
• Load share• Routes from L3
have AS Path = 2
• Routes from FR have AS Path = 2 due to prepend
• So each router uses eBGP route
Frame-RelayRouter
Frame-Relay L3
L3 Router
Data Center #1Frame-Relay
RouterL3 Router
Data Center #2Frame-Relay
RouterL3 Router
Core ATM PVCMesh
BGP AS 65402
BGP AS 650xx
Remote-Site X
iBGP
SiSiSiSi
OSPF 500
BGP AS 65401
remote site to home dc
• Don’t care as much about load share
• Routes from L3 have AS Path = 2
• Routes from FR have AS Path = 2 due to prepend
• So each router uses eBGP route
Frame-RelayRouter
Frame-Relay L3
L3 Router
Data Center #1Frame-Relay
RouterL3 Router
Data Center #2Frame-Relay
RouterL3 Router
Core ATM PVCMesh
BGP AS 65402
BGP AS 650xx
Remote-Site X
iBGP
SiSiSiSi
OSPF 500
BGP AS 65401
remote site to remote site
• Use L3 network
• Learn site specific routes directly from site
• Learn /11 summaries from DCs
BGP AS 65401
Data Center #1Frame-Relay
RouterL3 Router
Data Center #2Frame-Relay
RouterL3 Router
Core ATM PVCMesh
BGP AS 65402
Frame-RelayRouter
Frame-Relay
L3
L3 Router
BGP AS 650xx
Remote-Site 1
iBGP
SiSiSiSi
OSPF 500
Frame-RelayRouter L3 Router
BGP AS 650xx
Remote-Site 2
iBGP
SiSiSiSi
OSPF 500
Agent routes
• Only dual DC connected things that don’t use BGP• Many routes summarized as /19s• I get these from MCI as OSPF externals• Have not decided how to inject them• They go to two data centers for redundancy• So I need to send them via BGP• So a router will get an OSPF external from the local MCI
connection and the other data center via BGP• eBGP < OSPF so BOOM• Use backdoor on core routers to set distance on the
agent routes to > than OSPF• So if local MCI connection up use it, else transit core
Local Testing
• Use 7 routers• 1 remote site
OSPF route not shown
• Paths– iBGP at remote– L3 – FR to home DC– Inter DC
TNG2TNG3
TNG4 TNG7
TNG1
TNG5
10.60.2.9
10.60.2.10
10.60.2.13
10.60.2.14
10.60.2.17
10.60.2.33
AS65000
AS100
OSPF
10.60.2.253
10.60.2.34
10.60.2.36
10.60.2.249
10.60.2.35
10.60.2.18
AS65001
CPOC
• Cisco Proof Of Concept
• In Raleigh and San Jose
• Lab use is free (if you are big enough)
• Send in specific test plan
• Your SE goes in a week ahead of time
• Lab is all setup when you arrive
Testing
• Test migrations• Test routing
– based on our policies– failovers
• Measure convergence• Test a migration of a core ATM mesh to L3• Get some data and experience on the MPLS
side• Try multicast over MPLS/VPN
CPOC Network Diagram
Rem ote Site #5
R_CPE_RS5_A
AS 6500510.51.x.y
Rem ote Site #4
R_CPE_RS4_A
AS 6500410.102.x.y
Data Center #4
R_CPE_DC4_A R_CPE_DC4_B
SiSi
S_DC4_A
iBGP
R_EXT 4_A
iBGPiBGP
Data Center #3
R_CPE_DC3_A R_CPE_DC3_B
SiSi
S_DC3_A
iBGP
R_EXT 3_A
iBGPiBGP
Data Center #1
R_CPE_DC1_A
R_CPE_DC1_B
SiS i
S_DC1_A
iBGP
R_EXT 1_A
iBGP iBGP
Data Center #2
R_CPE_DC2_A R_CPE_DC2_B
SiS i
S_DC2_A
iBGP
R_EXT 2_A
iBGPiBGP
AS 6540210.130.x.y
AS 6540310.100.x.y
AS 6540410.40.x.y
AS 6540110.70.x.y
Rem ote Site #1
R_CPE_RS1_A R_CPE_RS1_B
AS 6500110.80.x.y
AS 6500210.81.x.y
SiSi SiSi
S_CPE_RS1_BS_CPE_RS1_A
Rem ote Site #2
R_CPE_RS2_A R_CPE_RS2_B
SiSi S iS i
S_CPE_RS2_BS_CPE_RS2_A
Allstate Core Migration - Network Setup
iBGPiBGP
MPLS Connection
BGP Connection
OSPF Connection
AS 100L3 Provider
(MPLS)
R_Core_A
R_Core_BR_PE_E
R_PE_F
Core ATM2 Meshes
S_LS
Fram e RelayFR_1
FR_2
R_PE_A
R_PE_B R_PE_C
R_PE_D
R_PE_G
10.10.x.y
R_CPE_DC1_C
iBGP
iBGP
AS 6500310.140.x.y
Rem ote Site #3
R_CPE_RS3_A R_CPE_RS3_B
SiS i SiS i
S_CPE_RS3_BS_CPE_RS3_A
iBGPR_CPE_RS2_C
PVCs- ries ling to ecu1 (DLCI 100 to DLCI 200)- ries ling to ecu2 (DLCI 120 to DLCI 220)- muscat to navy1 (DLCI 101 to DLCI 201)- muscat to navy4 (DLCI 121 to DLCI 221)
- chardonnay to ecu3 (DLCI 130 to DLCI 330)- chardonnay to navy3 (DLCI 131 to DLCI 331)
- pinot to ecu4 (DLCI 140 to DLCI 440)- merlot to navy5 (DLCI 150 to DLCI 550)
colby
cheedar
sw i ssparm esan
brie
feta cheesewhiz
rom ano
m ozzarel la
reisl ingm uscat
sem i l lon chardonnay cabernet pinotchabl is m erlot
baldheadborabora hawai i baham as
ecu1 navy2 ecu3navy1 ecu2 navy3
crete easter caym an aruba berm uda barbados
cobbler custard cookiecake
navy5ecu4
franzia
ricotta
navy4
CPOC Learnings
• Inject all links both ATM core and L3 into BGP as they will source pings
• Turn sync off due to code defect• You must explicitly code send community in iBGP• If you reference a non-existent as-path statement NO
ROUTES• OSPF LSAs stay in the data base up to 90 minutes due
to timer jitter– This is a migration issue
• Do lots of clear routes/clear ip bgp in the migration• Need to change the BGP timers as default convergence
is 3 minutes• iBGP only sends the best route