MPLS with AT&T NBFW and Avaya voice/Inter Office Manager
Done a lot of research on the MPLS with MX devices - I cannot locate just what I am looking for so, hoping for help here.
Current setup - AT&T MPLS (bVPN Bundle) over 5 locations, we use AT&T Network Based Firewall (NBFW) for internet access over the MPLS (which also supports a Netbond connection for Oracle OCI-but thats another story) and each site has an Avaya Voice Server with Inter Office (4 digit dialing between locations). Each, current, AT&T MPLS router at each location has a interface that is used for the inter office dialing. Upgrading to MPLS (aVPN Bundle), the new aVPN MPLS router does not have the extra port to be used for inter office dialing. Now AT&T tells me any type of L3 device can handle the hand off for the inter office dialing (they said use VLAN tagging for this) and it works, they have done it before. Ok, so HQ, has a MX65 and the remaining 4 remote locations have a MX68, I am getting close to making the cutover (data side is done-now time for voice side) main question is has anyone worked with MPLS and NBFW ? From what I have read, MPLS has one WAN connection and one for Internet. But this setup internet runs over the MPLS.
Here is a quick overview of what NBFW is = NBFW customers access the public internet from their MPLS VPN connections via a hosted internet port that is provisioned in the AT&T network.
None of the MX devices are in use right now, just connected to internet to connect to dashboard. I cannot locate anything on the MPLS/NBFW (BTW-AT&T does not set any FW rules for me, it is wide open)
Again - looking for info on MPLS/NBFW with MX devices - maybe more info than needed above but I like to include all details that I think may be useful.
Here's my take on it. But definitely wait a bit untill others have chimed in too. They may have more experience with a setup like this than I do.
So basically what AT&T are saying is that you'd need to trunk multiple VLANs over to their router. This is not supported on the MX's WAN ports, you can only configure one VLAN per WAN port.
What I think you could do is have a LAN port trunked over to the router. One of the VLANs on it being the inter office dialing VLAN, and the other being the internet VLAN. You don't actually connect the WAN port but you do define the same internet VLAN on the WAN port. That way I think your internet traffic can be firewalled, use IDS, AMP and URL filtering which I assume is what you want and your interoffice dialing traffic is just considered as one L2 network via the MPLS (which doesn't need all those firewall features).
You could create the same architecture with a switch which may make things clearer. A trunk from the switch to the AT&T router, and then two other ports going to the MX, one to the LAN (internet VLAN), one to the WAN (inter-office dialing VLAN).
This page has more info about MX in combination with MPLS: