Thread: MPLS Issues

As some of you know, I am the lead network engineer at *Place of Business*

I am having some latency issues with my remote sites..

Here is my setup. I have commercial access trunking through 3000 series routers all going out to the main cat that AT&T owns. All routes from inside the network point to the AT&T cat (after the firewall )and all routes coming in from AT&T are forwarded directly to the firewall ( NSA 4500 (sonicwall). I recently switch to this from a Cisco ASA.

Now here is the problem. There is no way to put a router in the middle of the AT&T router and our firewall. Wanted to do this to test results between remote sites and our site without going through the firewall. 0 I can not do this as I cant control the AT&T router and we are associated with critical systems that can not lose contact with the outside world.

In short ... I have pretty much thought of every possibility for the latency but nothing to me makes sense.


The questions i have for you all are....

Do any of you use a MPLS over DSL connection to get to any of your offsite locations?

What is your average throughput to your external router?

Have any of you ever had Latency problems with MPLS?

Do any of you think this latency could be because we are physically routing these sites through the firewall 2x?
( This is what i think the problem is as stated before )

Also most of our sites only have 2 pc's and a printer that is hosted at the local site and on our print server. (the users at local site use local hosted printer)

Anyone

geez, alittle advanced for me (i'd consider myself a entry level to mid level network admin)..

what kind of routers are at the remote site? are you debugging the traffic? there might be to much IMCP traffic caused by unneeded protocols/tools on your cisco equipment.

simple equation... bring that sucker down at 3am sometime and pull the sonicwall out for some testing. I'm not able to picture the setup from your description....

[img width=700 height=196]http://www.alteredpsyche.com/images/intertron.jpg[/img]

That about it? If so, then I can assume that the firewall and cisco obviously both have outside addresses? That being the case, I can't imagine why you are having the firewall do any of the routing itself... lan to firewall to router to internet... and the reverse back in. That's the only way I would do it. Let the router do it's job and the firewall do the filtering. And never the twain shall meet.

Its not any broadcast coming from the Cisco devices .. I have only 2 interfaces open on each one...

Its setup like this

LAN>Firewall>Ex Router>Cloud

Remote Sites>Remoute site MPLS router>Cloud> Ex Router>Firewall> LAN

then if the remote sites want out of the lan it goes like this

Remote Sites>Remoute site MPLS router>Cloud> Ex Router>Firewall> LAN >Firewall>ex router > Cloud


Kanati there is no way i can take any soft of connectivity down even for small periods of time. Its for a Specific police department and they must maintain 24/7 contact with SLED....

Kanati if you have alot of knowledge with NSA devices or Loadbalancing through TCP/IP stack.... Hit me up on X fire .... I want to know if something im proposing would work...

Also,, Every firewall has to have at least 3 static routes setup otherwise it will never work. Outside IP>Inside IP Via NAT Inside IP Range to outside firewall range Via NAT.
0.0.0.0> Ex Int of firewall Source
Then 0.0.0.0 > Ex Int of firewall Destination

I can assure you there is no way to get past a firewall on both ends unless you have those 3 routes setup ...