Internet speed on MPLS-VPN network

Hi,

I'm having an issue and I could use some help. We have an MPLS-VPN network. All remote sites are connected to the head quarters through ADSL. Suppose one of the remote sites needs to keep it's secure MPLS-VPN connection with the central site, but also needs faster Internet connection. The question is, should we just upgrade the ADSL to a higher speed, or is it useless since the routing is being forwarded through the MPLS- VPN network? Keep in mind that using a second line for the Internet, would be our last option.

What would you do in such case?

Thanks!

Giorgos

Reply to
geoar75
Loading thread data ...

The wise snipped-for-privacy@gmail.com enlightened me with:

"It depends". Where is your gateway(s) to the outside world? Your ISP might just connect your sites with MPLS-VPN and have you take care of another line to the outside world. Or they might have a vrf with your sites, routeable etc, with a default exit point in their data center.

I'd say: contact your network provider, they should be the perfect people to tell you your options.

Mark

Reply to
Mark Huizer

Hi Mark,

We have two different lines. One for the MPLS-VPN network and another one for the Internet. Let's say the Internet line is 1Mbps and the MPLS-VPN is 4Mbps. The Internet traffic is routed through the Internet line. The remote site connects through an ADSL 2Mbps line to the central site. Would it make any difference if we upgrade the remote site's line to 8Mbps?

Thanks a lot for your time.

Giorgos

Reply to
geoar75

The wise snipped-for-privacy@gmail.com enlightened me with:

If your connection from central office is only 4Mb it's not really useful to go over 4Mb on branches, even less so, since all branches will be using that single 4Mb link from central office to your mpls-vpn. And after that your 1Mb is also a bottleneck, you won't have more than

1Mb for all your company to go to the internet.

You might look at the alternative, put up a firewall in the ISP network, also in your MPLS cloud, have that one connected to the Internet and make that your exit point, put a firewall on it etc.

Mark

Reply to
Mark Huizer

Thanks again Mark.

I think we have to upgrade the Internet line's speed to have it solved once and for all.

Reply to
geoar75

The biggest factor in determining speed is going to be the bandwidth, but you need to look at all the pieces. You need to look to see how much bandwidth you are currently using and checking all the routers that the traffic is passing through to see where the bottlenecks are (if any). You also need to make sure that DNS is working properly. If DNS resolution is slow then it make internet browsing appear "slow". The best thing you could do is add a web proxy cache. This will speed things up a lot without spending much money.

Going direct to the internet and by-passing the MPLS network might work, but this opens a whole can of worms. You will now need to maintain a firewall at each location, and it also increases the number of places that someone can break into your network.

Reply to
Thrill5

I would never let this site connect to the internet by-passing the MPLS network. I totally agree it's not safe. I'm thinking of disabling the MPLS connection, update ADSL and use an IPsec VPN connection to the company when needed. The site will have a fast internet speed and at the same time a safe connection to our network, using Cisco VPN client. It should do the trick, shouldn't it?

Thanks a lot!

Reply to
geoar75

The wise snipped-for-privacy@gmail.com enlightened me with:

You are the only one who can answer that question. If your Internet access in branch offices is more important than your connection to head office, this might be the way to go. If I remember your story correctly (great thing, to remove all context whenyou add a reply!), you have 4Mb connection to MPLS and 1Mb to internet. That means that after your suggested actions you have 1Mbit for Internet and VPN together. And add that VPN will have a non-zero overhead, that means you'll probably suffer there.

But like I said: no one can tell you what the perfect solyution for your situation is, but you. And again, I'd say: perhaps consult with your ISP, they might be useful in giving you advice.

Mark

Reply to
Mark Huizer

It's a solution that works for a lot of organisations. If the MPLS is mission-critical, however, bear in mind that a cheap internet connection may not come with the SLAs that the MPLS does.

Reply to
alexd

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.