Forgive me for this as this has been dropped upon me from a great height and hopefully if there is a solution specified, it may help somebody in the future.

We are moving onto an MPLS network (BT Clear IP ADSL Connect)
Our head office has already been setup (not by me) and I am are now trying to setup the branch offices to connect to the head office.
At the moment, we have a bog standard setup as follows:

SITE B (our branch office)
WAN = 82.82.82.82 (public router IP)
Router IP = 10.1.1.1 (private router IP)
LAN subnet = 10.1.1.1/24
The 10.1.1.1/24 communicated with SITE A (Corporate Headquaters) with an IPSEC tunnel. So nothing unusual about this setup as it's a bog standard office to office setup.

BT have now enabled our ADSL line and supplied the following details:

PE ROUTER IP: 1.2.3.4 (which I understand is the provider edge router and the entry into the MPLS network)
STATIC LOOP BACK IP ADDRESS: 10.1.1.1 (obviously specified by somebody to the ISP as it was our LAN router address)
ADDRESS PREFIX: 10.1.1.1.
NETMASK: 255.255.255.255

Currently, our WAN IP for this site is 82.82.82.82 and our LAN IP range is (as above) 10.1.1.1/24

What i'm trying to find out is:

1. Do i now have to change my WAN address to:
WAN IP: 10.1.1.1 (and discard the public 82.82.82.82)
MASK: 255.255.255.255
GATEWAY: 1.2.3.4 (ISP's PE ROUTER)

2. If so, what happens to my internal addresses (10.1.1.1/24)? Do i have to change them totally eg WAN IP= 10.1.1.1 (which was the original LAN IP of the router), and add a new LAN subnet eg 192.168.1.1/24 or do i just turn off NAT?
Can a static route help here? The net mask is also throwing me here ie it's /32 rather than /24 so if I was to just enable routing (no nat), how could I connect to a client eg 10.1.1.132?

3. The IPSEC VPN's that we run, do we need these any more? I don't think we do as (CE ROUTER SITE B=10.1.1.1) > PE ROUTER > MPLS NETWORK > PE ROUTER > (CE ROUTER SITE A=10.2.2.2)

4. If i wanted to provide internet access to the internet from the LAN, does this break out at the entry PE ROUTER or does it have to go all the way through the MPLS network and out via a proxy on the other side eg at our head office?

It looks to me as if what once was a private network being tunneled over the public internet via IPSEC, is now about to become a totally private network without the need for IPSEC and there isn't a need for a public IP address?
Probably some silly questions here but it's been dumped upon me all of a sudden.

iswizzle wrote:
1. Do i now have to change my WAN address to:
WAN IP: 10.1.1.1 (and discard the public 82.82.82.82)
MASK: 255.255.255.255
GATEWAY: 1.2.3.4 (ISP's PE ROUTER).

Have you actually tried this to see what happens?
Effectively you are going on to BTs own core network but I might be wrong,
When I used to deal with an MPLS via global crossing you had to create an IPSEC to their Shafto (backdone) and that would then do all the routing to the other sites.

Hi,

1) Interesting one that one, you normally configure a public IP as the loopback or the point to point WAN link to ensure the device is reachable via some means. BT IP Clear is a unmanaged wires only service in that the customer supplies the CE devices and informs BT Wholesale what IP addresses to configure on the PE. What is puzzling me, is that you normally give a non LAN IP address as your WAN link, otherwise you are not using any NAT as the LAN and WAN ip addresses are the same. As you have highlighted your using a /32 for your WAN address and therefore you may have issues with the advertising of you LAN range.

2) You only need to configure the WAN ip address range. Either a static route or BGP/OSPF is used between the CE-PE to provide peering and therefore NLRI . I suspect from the configuration you've been given that its a static route and all traffic is given the default gateway of the PE device. You don't need to change your LAN addresses as the VRF tables in the PE devices will take care of the VPN routing.

3) You don't need IPsec VPNs as the MPLS network is effectively replacing these. Also as you are using non-ripe ip addresses, you cannot connect remotely using IPsec outside of your own MPLS VPN.

4) That depends on the VRF configured within the PE. BT can configure this to 'bleed' internet traffic out of the VRF into the global routing table, but its not normal practice. Normally a Cisco device is configured as the CE, therefore a 2nd sub interface would be configured and via route maps, only corporate traffic would be routed via the MPLS VPN, the remainder would be via the 2nd interface. So you left with situation, that if only a physical link is configured and a single virtual link within that, then all traffic will transverse to your head office

Regards

Martyn

Thanks Martyn,
I can see that you are well versed in this whereas it's completely new to me. The IP addresses of the router were given to BT by somebody else and I suspect they may have given the wrong information as they handed over just the internal IP address of the routers and no LAN subnet information.

Would I be right in saying that I think I may have to contact BT and specify different IP addressing for them to enter into their PE router?
If so, with the above example, would I have to specify:
1. A WAN IP different from the LAN IP range? Where would you get this from or would you just make one up?
2. A LAN IP range eg 10.1.1.0/24?

Forgive me if they are silly questions but MPLS is all new to me and we've only ever used NAT & IPSEC before.

Issy

iswizzle,

did you manage to connect your draytek to BT IP Clear Superfast Service. We have just purchased MPLS Private Network and have got our Cisco Routers installed at out Support Centre.

The circuit for the fibre is coming up on the Daytek 2860n VDSL Router but cannot get PPOE to connect.
PE Router IP: 81.*.*.*
STATIC Loop Back IP Address: 10.10.18.254
UserName **************************@adslconnect.bt.com Password - BBEU************

any advice on how to confihure would be great.
I can get these to connect to BT infinity no Problem...

Dan