On Tue, Nov 07, 2000 at 05:33:33PM +0530, Vinod Anthony Joseph Cherunni wrote:
> Hi All,
>
> Thanks once again for your valuble help. I am sorry for taking up so much
> of your time, Kindly pls clarify a few points mentioned.
>
> 1.I understand flooding the entire network topology with IGP updates is'nt
> scalable. What would be the right approach for a service provider with OSPF
> as the IGP, designed with multiple areas to offer end-end MPLS VPN
> services. Is it migrating to IS-IS?
There is a difference between MPLS Traffic Engineering (which needs a
link-state IGP) and MPLS used for your core forwarding protocol (which
you may or may not run other services on top of, like MPLS VPNs).
In the latter case, MPLS really doesn't care what your routing
protocol is.
>
> ("IS-IS networks tend to be a single much larger level, rather than several
> small areas like OSPF has"). Kindly explain a little on this.
>
level-1 routers pick their closes level-2 router and default route
towards it, so if you have multiple levels and multiple exit points
between levels, you can get suboptimal exit routing. Route-leaking
helps this somewhat, tho.
Note that I am expressly *not* starting an ospf-vs-isis war. I work
for a vendor - I don't really care which one you run. :) Before
asking other ospf-vs-isis questions, please see Dave Katz's excellent
slides from the Albuquerque NANOG.
> 2. Are the Cisco IGX series switches MPLS ready? Since they are only layer
> 2 devices (FR/ATM), what will be the usefulness of being MPLS ready.
> Because I feel it makes better sense for providers to use the BPX series,
> which provide Layer 2 & Layer 3 functions built in. This will provide a
> transparent view of the network to routing protocols, which are generally
> hidden in ATM networks, Correct me if I am wrong? Just trying to see what
> will fit in for our SP network.
>
I know there's a lot of MPLS work going on in the wan-switching side
ofthe house, but know nothing about capabilities and such.
> 3. This question is just out of the way, While offering MPLS VPN
> services,what is the mathematical formulae for understanding how bandwidth
> and distance relate to ping response times. How will it be possible to
> offer an MPLS VPNs & commit on roundtrip times.
>
see
"Computer Networks - A Systems Approach" by Peterson & Davie
"Quality of Service in IP Networks" by Armitage
"An Engineering Approach to Computer Networking" by S. Keshav
among others.
> 4. Another long standing confusion on how do we provide MPLS services for
> mobile users, providing a dialup user seamless access to his corporate site
> without using any encryption like IPSEC etc. Is it possible to do so
> similar to doing it on leased circuits.
>
remote-access is another area I get to plead ignorance in. I know
there's a lot of work going on in that arena, but not enough to
comment on it. Short answer is that yes, I believe it's possible.
> 5. And lastly, While providing Internet access for a VPN customer, As
> mentioned if I provide a default route in the global table, How does the
> route statement apply, I mean how will I ensure that destination prefixes
> that are not allowed to be routed for a particular customer do not choose
> the global static route. For eg If VPN customer A is only authorized to
> access destination prefix "192.168.100.0" which is part of his Intranet, &
> if he tries to access another another prefix say "172.27.135.0", Will the
> global table having the default route be referenced?
>
If you have an 'ip route vrf foo 0.0.0.0 0.0.0.0 1.2.3.4 global', then
all packets whose destinations are not in the vrf foo routing table
will be sent towards 1.2.3.4, as seen in the global table.
If a customer is only authorized to get to routes in his VPN, don't
give that VPN a default global route.
eric
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:20 EDT