Re: [nsp] MPLS VPN questions

From: jlewis@lewis.org
Date: Sat Jul 28 2001 - 22:50:43 EDT

Next message: Charles Sprickman: "Re: [nsp] Cisco GSR 12416 vs Juniper M160"
Previous message: William Devine, II: "[nsp] MPLS & VLAN w/IBM Mainframe"
In reply to: Eric Osborne: "Re: [nsp] MPLS VPN questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

On Sat, 28 Jul 2001, Eric Osborne wrote:

> offhand, NFC. What's the MTU or IP mtu of the interface?

CE1
|
CE2--PE1---PE2---CE3

All the above links/interfaces have an MTU of 1500 except PE2-CE3 (which
is a T3) and defaulted to 4470. I also have the /24 routed to CE3
assigned to its lo0 which seems to have defaulted to 1514.

> so assuming that all traffic entering your network is at most 1500
> bytes (i.e. everything comes in via dial or ethernet, you don't have
> GigE hosts sending out 9k frames or any FDDI/TokenRing-attached
> hosts), you only need this command on intefaces with a 1500-byte MTU.
> Ethernet, FastEthernet, and Serial are the only ones that come to
> mind.

It's probably a safe bet that all MPLS VPN traffic will be originating on
10/100mb ethernet connected devices...but if we happened to hook someone
up via T3 and they had hosts connected to their CE via GigE, would we need
a much larger tag-switching mtu setting (4490)?

> whooo..that's an access/dial question, isn't it? excuse me while my
> eyes cross and I mumble incoherently...:)

Well...fortunately, I don't think we're going to have to support actual
dial-up (lots of as5248's still in our remote POPs, which I doubt will
ever have MPLS support), but I guess it could happen in some special
cases. Certain customers would probably go wild for this.

> The short answer is yeah, this is possible. As I understand radius,
> you can send the VHG per-interface commands; just send 'ip vrf <x>'
> based on authentication data. But of course you need to be wary of
> the "is it supported?" dance. Lemme go ping some folks, or let's see
> if Siva knows. :) What code version are you looking at?

Actually, IIRC, MPLS isn't supported on any of the access-server
(5300/5400/5800) platforms, so dialing into an MPLS VPN may not be an
issue we have to worry about, but DSL connections I really hope are
supported.

-- 
----------------------------------------------------------------------
 Jon Lewis *jlewis@lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Next message: Charles Sprickman: "Re: [nsp] Cisco GSR 12416 vs Juniper M160"
Previous message: William Devine, II: "[nsp] MPLS & VLAN w/IBM Mainframe"
In reply to: Eric Osborne: "Re: [nsp] MPLS VPN questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:47 EDT