[c-nsp] MPLS, L2TPv3 Layer 2/3 VPN Network Options
Nick Shah
Nick.Shah at aapt.com.au
Tue Jan 4 18:40:31 EST 2005
Eric
An excellent beginner/intermediate source of reference would be MPLS &
VPN architectures VOL I (for MPLS & fixed tail VPN concepts) and VOLII
covers remote access VPN's. To get you started here's a few pointers:
- There are P (essentially CORE routers) and PE (Provider edge) & CE
(customer edge) routers
- P routers form the core, run TAG SWITCHING, LDP & OSPF (for next hop
reachability)
- PE routers run OSPF with P routers, TAG SWITCHING on the links
connected to P routers, and MP-BGP with other PE routers
- CE routers (customer edge) connect to PE routers on a particular
interface (or virtual access in case of Remote access), and they are
part of VRF. VRF assignment happens on the PE interface (where the CE
connects). This VRF is what separates 1 customer from the other. Each
VRF has "identifiers" called Route Distinguishers & Route Targets. To
simplify, keep RD & RT values unique per VRF.
- Finally customer sites wanting to be part of same VPN (or VRF) can
connect to any PE, and just by virtue of them being in same VRF they
will be able to communicate with each other (and no one else).
- The CE routers don't need any MPLS featureset. They run standard
IPPLUS (or whatever is needed) image. For P & PE you will need SP
(service provider) image.
Get 3-4 routers to be P routers, and 3-4 to be PE and 2-3 as CE, connect
them and have a play.
- Make the P & PE routers as part of OSPF area 0. Announce loopbacks
(and connected interfaces). Don't announce PE-CE links.
- After checking reachability, turn on LDP, TAG SWITCHING. Check that
labels are getting assigned etc.
- After enabling TS, running traceroutes should show you MPLS LABELS.
Most of your troubleshooting may happen here
- Finally, turn on BGP between PE loopbacks (ideally). Here you have to
use address family VPNV4. Better way would be to nominate route
reflectors. However for a small setup, you can use a meshed peering.
The above is a 5000 ft. overview of MPLS core & MPLS VPN.
Rgds
Nick
------------------------------------------------------------------------------
This communication, including any attachments, is confidential. If
you are not the intended recipient, you should not read it - please
contact me immediately, destroy it, and do not copy or use any part of
this communication or disclose anything about it.
------------------------------------------------------------------------------
More information about the cisco-nsp
mailing list