[c-nsp] MPLS VPN Question about PE-CE - Private or Public IP?

Everton da Silva Marques everton at lab.ipaccess.diveo.net.br
Wed Aug 20 12:47:35 EDT 2008


On Wed, Aug 20, 2008 at 11:19:43AM +1000, Andy Saykao wrote:
> Just wondering from those in the know, whether it's best practice to
> implement public or private IP's for the PE-to-CE link. What's everyone
> using and why?

There is a kind of best practices in a presentation from
Cisco Networkers 2008. Slide 83 content is reproduced below.

Cisco Networkers 2008
BRKIPM-2001: Deploying MPLS VPN Networks
by Dirk Schroetter

Best Practices

1. Use RR to scale BGP; deploy RRs in pair for the redundancy
Keep RRs out of the forwarding paths and disable CEF (saves memory)

2. RT and RD should have ASN in them i.e. ASN: X
Reserve first few 100s of X for the internal purposes such as filtering

3. Consider unique RD per VRF per PE, if load sharing of VPN traffic is required

4. Don't use customer names as the VRF names; nightmare for the NOC.
Use simple combination of numbers and characters in the VRF name
For example: v101, v102, v201, v202, etc. Use description.

5. PE-CE IP address should come out of SP.s public address space to avoid overlapping
Use /31 subnetting on PE-CE interfaces

6. Define an upper limit at the PE on the number of prefixes received from the CE for each VRF or neighbor
Max-prefix within the VRF configuration; Do suppress the inactive routes.
Max-prefix per neighbor within the BGP VRF af (if BGP on the PE-CE)

Hope this helps,
Everton


More information about the cisco-nsp mailing list