Question

  • Creator
    Topic
  • #2171113

    MPLS Centralized Internet

    Locked

    by cabudja ·

    We recently migrated everyone to MPLS, and each site now goes through the main business site for Internet access. The issue is this, the outlying sites experience significant latency when accessing web based applications, with the application timing out during high volume periods. I ran pathping from one of the outlying sites, as well as from the main business site, to the same path. The total time for the route from the outlying site was 1148ms, from the main site it was 394ms. The outlying sites are routed to go back through the main site, instead of directly out to the Internet. All the hops once out of the intranet were the same, but the hop time was significantly less from the main business site. I know routing, but I am not a routing expert by any means. It just seems significantly odd that the speed, especially once outside our network, would be so drastically different. Is there a way to set the routing to allow the outlying sites access to the Internet directly from their routers without going back through to the main site? There is a VPN in place as well. Thanks in advance.

All Answers

  • Author
    Replies
    • #2887284

      Clarifications

      by cabudja ·

      In reply to MPLS Centralized Internet

      Clarifications

    • #2887280

      Yes, you certainly can give each site their own Internet access

      by robo_dev ·

      In reply to MPLS Centralized Internet

      I might mention that at least 25% of the questions I see here on TR seem to be folks at those remote sites rigging up a cable modem without the knowledge or blessing of IT, so your question is the first legit one I’ve seen 🙂

      Assuming that the VPN is a site-to-site VPN, then what you’re setting up is a split-tunnel on the router that does the VPN. This may or may not be possible, depending on the router/VPN device you’re using.

      http://en.wikipedia.org/wiki/Split_tunneling

      Split tunneling can bring up some security issues, but it can be done properly without creating huge issues.

Viewing 1 reply thread