[c-nsp] Internet in VRF

Mark Tinka mark.tinka at seacom.mu
Mon May 4 16:20:44 EDT 2015 


On 4/May/15 18:39, Phil Bedard wrote:
> If you have the BGP free core already built, I’d definitely do 6PE.  We’ve been doing it for many years now with no issues at all.  

I have no doubt that 6PE works. I am not second-guessing its ability -
it's been around a long time and is stable.

My concern is that it is unnecessary complexity if I can achieve the
same with native IPv6, and not have to worry about shared fate between
MPLS and IPv6 at this time.

>
> As for RSVP-TE we run that as well, but for definite reasons.  We forward different CoS over different LSPs, use it for traffic engineering, use FRR, and need support for SRLGs since we operate all layers of the network.

We've abandoned FRR from RSVP-TE, and just run (r)LFA altogether. So
much simpler, except the bugs in vendor implementations are clear signs
of infancy. But we'll get there...


>   Juniper should have SR support early next year as people are driving them to it.  ALU has it in their very recent 13.0 release, but I believe it’s still labeled as not for production just yet.  SR doesn’t do everything RSVP-TE does in a distributed control-plane, but I could see it replacing LDP.  

To be honest, one of the bigger reasons I lag behind in some of the
tech. is because the code you get it in is so new, you're likely to
break things which already work. So even after SR becomes a little
mainstream in upcoming code, it'll take me a while to trust it.

As an example, RPKI has a nasty bug in 64-bit IOS (particularly IOS XE).
The fix is now in IOS 15.5 and 16.1. Our network runs 15.3. As much as I
like RPKI, I'm having to run without it on these particular boxes - who
knows what 15.5 or 16.1 is like?

>
> We don’t run Internet in a VRF, we have no real use cases where we can’t control what we need through policy.  Our core infrastructure isn’t accessible from our customers or the Internet, but it does require using the right infrastructure ACLs. If I was doing a greenfield build may do it but having the complexity of putting different transits, peers, etc. in their own VRFs is kind of overkill IMHO.  

+1.

Mark.

More information about the cisco-nsp mailing list