[c-nsp] MPLS, L2TPv3 Layer 2/3 VPN Network Options

Eric Kagan ekagan at axsne.com
Tue Jan 4 06:59:37 EST 2005 

He have a few opportunities to provide several customers a private network
design.  (nothing new here). Instead of the typical old fashion private wan
(i.e. private frame, pub ip/vpn), I would rather design with newer
technologies allowing us to leverage our existing hardware platforms (Cisco
7200 with chan ds3, ATM DS3).  I am trying to get an idea of what technology
to use and how to configure our end (and customer end) to allow us to create
a private network for the customer that will scale to multiple sites across
multiple router, etc.  I'd like to be able to configure multiple different
customers among the Chan DS3 and have them be completely private from each
other and allow them to assign and use any private IP scheme within their
network.  Lastly, if possible, I'd like to be able to offer internet
bandwidth and other services (Firewall, IDS, etc).
 
I have done countless google searches and read through endless docs on
L2TPv3 and MPLS with VPN options, but I can't seem to grasp how to do this
with multiple circuits on same or different routers. I have come up with an
idea to dedicate a 36x0 or equivalent router to terminate the loops and
truly make it a private customer aggregation router, but this will become an
administrative nightmare sooner than later. The ideal scenario would be for
us to use our existing gear to terminate the circuits and allow the customer
to be able to configure the local CPE as if it was a regular Point to Point
T1 and their routing protocols work between sites, etc but with us in
between.  
 
Among the documents, I found some L2TPv3 examples, but most seemed to be 2
sites talking back and forth - not multiple sites.  The MPLS configs seem to
be very detailed and require extensive commands.  I have done a few design
and lab tests, but I am looking for some advise and pointers either off-list
or on (if others are interested in this as well) from people who have
extensive knowledge in this area.  I would also be willing to pay for some
consulting time on the side to assist with the design and configuration.
 
Thank you
 
Eric

More information about the cisco-nsp mailing list