0

We have a new MPLS service and I'm having trouble getting it to work (it seems like a routing issue). It's a T3 with two circuits: a public wan port and a private MPLS circuit connecting 2 sites. Each site has its own subnet and a gateway router before the MPLS endpoint. The carrier assures me that the MPLS link is working correctly.

Site A:

subnet 192.168.2.0
gateway 192.168.2.1
MPLS gateway 192.168.2.254
WAN iface 216.xxx.xxx.xxx

On the carrier's router facing me are 2 ports:

WAN (public internet) port is connected to my gateway's WAN port

MPLS port is plugged into a port on the ethernet switch behind my gateway (actually, it's the builtin 8port switch on the gateway)

Site B: configured exactly the same except the subnet is different..

subnet 192.168.1.0
gateway 192.168.1.1
MPLS gateway 192.168.1.254
WAN iface 209.xxx.xxx.xxx

routes defined:

site A: 

dest 0.0.0.0 mask 255.255.255.0 gw 216.xxx.xxx.xxx iface WAN1
dest 192.168.1.0 mask 255.255.255.0 gw 192.168.2.254 hop 2 iface LAN

site B: 

dest 0.0.0.0 mask 255.255.255.0 gw 209.xxx.xxx.xxx iface wan1
dest 192.168.2.0 mask 255.255.255.0 gw 192.168.1.254 hop 2 iface LAN

Any node on site A can ping 192.168.2.254 AND .1.254 but NOT any other IP on the .1.0 subnet

Any node on site B can ping 192.168.1.254 but NOT .2.254 OR any IP on the .2.0 subnet

Internet traffic is fine in both locations.

I feel like I have my fundamentals right, but I'm not making any progress. Did I miss something important? Or am I asking it to do something it should not be able to do?

Mike Pennington
  • 8,305
  • 9
  • 44
  • 87
Ken
  • 73
  • 8
  • For those newbs like me: your carrier will give you a gateway to plug your LAN into. They will want to give it a .1 address. If you have more than one internet connection, tell them to pound sand and set it to something outside your dhcp range. In my case, we got an internet connection for the WAN port and an MPLS circuit. I disabled have to set a static route on each h gateway cir the subjects – Ken Jan 13 '13 at 22:22

1 Answers1

0

This was a dumb question, really. The routes are right. The answer is "troubleshoot your routers". Site A's router was replaced 3mo. ago because of failing memory. Site B's router is 12 years old and identical to the dead router. I eliminated site B's router with a new rv110 home/office router, set the same static routes, and the forwarding worked fine. The real problem was the fact that I could only troubleshoot one end at a time (without disrupting ongoing business), and I assumed that I was doing something wrong in the configuration.

Just sharing what I've learned over the course of this adventure...

For those newbs like me: your carrier will give you a gateway to plug your LAN into. They will want to give it a .1 address. If you have more than one innet connection and your gw is already .1, tell them to pound sand and set it to something outside your dhcp range. In my case, we got an inet connection for the WAN port and an MPLS circuit, which should be plugged into either the gateway's onboard switch or any other switch on the network (it's better on the gateway switch because you have a better chance of prioritizing VOIP traffic). Create a static route on each of your gateways that points to the other side of the VPN with the carrier's gateway set to the gw address. If you can't get communication, try replacing your routers, and check your firewalls. Once I had routing working, the dafault firewall was blocking traffic and the phones couldn't communicate, even though I could ping everywhere.

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
Ken
  • 73
  • 8