[c-nsp] MPLS VPN Question about PE-CE - Private or Public IP?

Christian MacNevin christian.macnevin at gmail.com
Wed Aug 20 20:07:49 EDT 2008


Because you can never guarantee what addresses your customers are  
going to use, and you can't force them
to renumber, because they're paying you. And adopting a new strategy  
for each customer that breaks you just
isn't scaleable.


On Aug 20, 2008, at 4:59 PM, Brandon Price wrote:

Other than just saying "its bad" can you give some specifics as to the
problems you've run into using private addresses for PE-CE links? As
long as the SP hands out unique addresses across all of the links, what
does it matter whether they are "private" or "public" ?


Brandon

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Christian
MacNevin
Sent: Wednesday, August 20, 2008 11:13 AM
To: everton at lab.ipaccess.diveo.net.br
Cc: Andy Saykao; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] MPLS VPN Question about PE-CE - Private or Public
IP?

Agree with everyone who's agreed with point 5 :)

I've been in MPLS SPs for years and regretted every time I've seen
somebody try and use private
space for management.


On Aug 20, 2008, at 9:47 AM, Everton da Silva Marques wrote:

> On Wed, Aug 20, 2008 at 11:19:43AM +1000, Andy Saykao wrote:
>> Just wondering from those in the know, whether it's best practice to
>> implement public or private IP's for the PE-to-CE link. What's
>> everyone
>> using and why?
>
> There is a kind of best practices in a presentation from
> Cisco Networkers 2008. Slide 83 content is reproduced below.
>
> Cisco Networkers 2008
> BRKIPM-2001: Deploying MPLS VPN Networks
> by Dirk Schroetter
>
> Best Practices
>
> 1. Use RR to scale BGP; deploy RRs in pair for the redundancy
> Keep RRs out of the forwarding paths and disable CEF (saves memory)
>
> 2. RT and RD should have ASN in them i.e. ASN: X
> Reserve first few 100s of X for the internal purposes such as
> filtering
>
> 3. Consider unique RD per VRF per PE, if load sharing of VPN traffic
> is required
>
> 4. Don't use customer names as the VRF names; nightmare for the NOC.
> Use simple combination of numbers and characters in the VRF name
> For example: v101, v102, v201, v202, etc. Use description.
>
> 5. PE-CE IP address should come out of SP.s public address space to
> avoid overlapping
> Use /31 subnetting on PE-CE interfaces
>
> 6. Define an upper limit at the PE on the number of prefixes
> received from the CE for each VRF or neighbor
> Max-prefix within the VRF configuration; Do suppress the inactive
> routes.
> Max-prefix per neighbor within the BGP VRF af (if BGP on the PE-CE)
>
> Hope this helps,
> Everton
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list