|
apps
2 posts
 |
Hello, i had a mpls design question, currently we are designing a mpls network consisting of 7 locations.(5offices and two data centers) .All 7 locations will be communicating with each other over MPLS. We have internet links at each data center and traffic to the internet will be exiting through the two data centers and both serve as backup's to each other. CE routers are either 3800 or 2800 series.We will be running BGP between CE and PE. And there is a firewall at each location behind the Customer edge router. There is a neccessity of encrypting traffic to the data centers and hence how can i encrypt internal traffic between location and data center, can i do ce-ce ipsec (site to site) tunnel over mpls. Or is it possible to do remote access ipsec vpn from each location to the datacenter, so that if a user wants to connect to the datacenter resources, then they can use the ipsec client to connect to the datacenter over MPLS links. |
|
bluepackets
25 posts
|
Either option sounds like it would work in this case, however, if I were doing the implementation, I would perform bulk encryption between the sites and the data centers. There are many options available to do this (a simple L2L implementation, encrypted P2P tunnels, multipoint tunnels, etc.), however, I think a question you should be asking is: what your needs are today and what will they be tomorrow? For maximum flexibility, I would utilize a redundant DMVPN overlay implementation. Make both data centers a DMVPN hub and each site a spoke. Depending on your current and future needs, you have a choice between the phase (1, 2 or 3) you implement. It should be noted that this will obviously be a vendor "lock-in" type situation, as I'm not aware of any DMVPN implementations outside of Cisco (though you stated the CE's will be Cisco devices in the immediate term, anyway). |
Viewing 1 - 2 of 2
- 1