Questions

MPLS Centralized Internet

+
0 Votes
Locked

MPLS Centralized Internet

cabudja
We recently migrated everyone to MPLS, and each site now goes through the main business site for Internet access. The issue is this, the outlying sites experience significant latency when accessing web based applications, with the application timing out during high volume periods. I ran pathping from one of the outlying sites, as well as from the main business site, to the same path. The total time for the route from the outlying site was 1148ms, from the main site it was 394ms. The outlying sites are routed to go back through the main site, instead of directly out to the Internet. All the hops once out of the intranet were the same, but the hop time was significantly less from the main business site. I know routing, but I am not a routing expert by any means. It just seems significantly odd that the speed, especially once outside our network, would be so drastically different. Is there a way to set the routing to allow the outlying sites access to the Internet directly from their routers without going back through to the main site? There is a VPN in place as well. Thanks in advance.
  • +
    0 Votes
    robo_dev

    I might mention that at least 25% of the questions I see here on TR seem to be folks at those remote sites rigging up a cable modem without the knowledge or blessing of IT, so your question is the first legit one I've seen :)

    Assuming that the VPN is a site-to-site VPN, then what you're setting up is a split-tunnel on the router that does the VPN. This may or may not be possible, depending on the router/VPN device you're using.

    http://en.wikipedia.org/wiki/Split_tunneling

    Split tunneling can bring up some security issues, but it can be done properly without creating huge issues.

  • +
    0 Votes
    robo_dev

    I might mention that at least 25% of the questions I see here on TR seem to be folks at those remote sites rigging up a cable modem without the knowledge or blessing of IT, so your question is the first legit one I've seen :)

    Assuming that the VPN is a site-to-site VPN, then what you're setting up is a split-tunnel on the router that does the VPN. This may or may not be possible, depending on the router/VPN device you're using.

    http://en.wikipedia.org/wiki/Split_tunneling

    Split tunneling can bring up some security issues, but it can be done properly without creating huge issues.