My first thought was DMVPN as well. I know running GETVPN over MPLS can cause some issues and you need to do tweaking with tcp adjust-mss and mtu, which would also apply to DMVPN. Multipoint GRE would also (sort of) eliminate the need to do redistribution to and from the provider AS if you really wanted to get around it. Also, I seem to remember someone running BGP over DMVPN with the hub as a route reflector. I will try to find the article.
________________________________ From: Mohammad Moghaddas <[email protected]> To: Adam Booth <[email protected]> Cc: CCIE_RS OnlineStudyList <[email protected]> Sent: Tuesday, June 11, 2013 8:43 AM Subject: Re: [OSL | CCIE_RS] Multi-VRF CE Hi Adam, thanks for your reply. Unfortunately this is the only SP which is able to provide MPLS-VPN service on those locations. You are right, one of the issues on tunnels is exactly MTU (and TCP MSS) On Tue, Jun 11, 2013 at 4:39 PM, Adam Booth <[email protected]> wrote: > Hi Mohammad, > > I guess if you aren't in a position to get your SP's account manager to > want to keep a ~300 site customer happy and you cant get an alternate > provider, perhaps if you can handle the MTU impact of the additional > tunnels, could you look at tunnelling over the SP network building a hub > and spoke topology using something like DMVPN? It's not really covered in > the R&S blueprint and falls under the Security banner if you want to read > up on it. > > Cheers, > Adam > > > On Tue, Jun 11, 2013 at 8:48 PM, Mohammad Moghaddas < > [email protected]> wrote: > >> Hi. >> >> We have 290 sites over an MPLS cloud having IP reach-ability to each >> other. >> The topology is as below: >> >> different VRFs<--site1--PE1---"P routers" ---PE2---site2-->different VRFs >> >> So the provider has established the connectivity between all sites. >> >> As the topology, we have different networks on each site, and each network >> requires isolated routing-table and connectivity to the same VRF on the >> other sites. >> Unfortunately the provider's policies doe not allow having sub-if to PEs >> and having eBGP to PE and exchange our VRFs' labels and the routing table. >> I mean that they just only provide the base connectivity to other sites >> without any isolation between our local VRFs. >> I should point that our topology is Hub'n'Spoke. So I imagined >> implementing >> one tunnel from each site for each VRF to the hub. I know that this not an >> efficient way. >> >> So, what's your opinion? >> >> Best Regards, >> M. Moghaddas >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
