[c-nsp] MPLS design in a non-MPLS cored network - was Re: MPLS and VLAN on same FE or GE interface ?

Wed Jul 4 11:39:15 EDT 2007

On Wed, July 4, 2007 3:29 pm, Reuben Farrelly wrote:

> I am in the process of reworking/migrating some of our existing
> infrastructure - and working with tagged MPLS and VLAN traffic in this
> sort of config is certainly something I expect I will doing real soon.
>
> In our situation we have 4 7200s/NPE-G1s running MPLS at diverse sites
> but also have 3550s and 3750s routing in the core of the network, and
> another 4 or 5 7200s about to be merged as part of a network migration
> with another ISP quite soon.
>
> Obviously without core switches which understand and support tagging, it
>  seems like we are somewhat limited in terms of choices for expanding our
> MPLS mesh without creating an even mess of hacks (presently set up with
> P-2-P GRE tunnels, an ATM PVC and trunks which can carry tagged VLANS).
> We are running OSPF internally throughout the network, and it carries all
> our customer routes in it (about 350 summarised prefixes).

Infrastructure routes too?  I'll come back to this in a minute...

> What does and doesn't work generally speaking?  Does it require, as I
> suspect, a fairly detailed and careful design to make sure no MPLS tagged
> traffic hits the core switches at L3 at all?

If you want to be able to do a gradual migration, yes, I believe it does. 
If the network's sufficiently simple that you can make all the changes on
a flag day, you might be able to get away just flattening it all.

> How do you do this if like us you're running iBGP for MPLS and need
> loopbacks to talk to each other?  Instances of isolated VRF-lite config
> on the MPLS devices linked at L2 possibly in a ring design, to contain
> and control a separate routed redundant backbone that -is- fully MPLS
> aware?  Or just flatten the 3550/3750s to be only L2 devices?

Remember for iBGP that you just need a mesh of peerings, not necessarily a
mesh of links.  As long as the loopbacks are carried in your IGP, you can
build the iBGP mesh on top of whatever topology is appropriate to your
geography / connectivity.

I think I'd approach this something like:

- Set aside a range of VLANs for inter-PE (7200) links, and make sure they
are not in use for anything else on the switches - especially that they
have no L3 / SVI interfaces existing in the network.

- Configure those VLANs to provide the direct L2 connections you want
between PEs

- Bring up an IGP on those links (either another OSPF instance, or
something else of your choosing).  The IGP should only have the PE
loopbacks in it (maybe the point-to-point links as well, to help with
diagnosing connectivity problems).

- Bring up an iBGP mesh between loopbacks

- Migrate the customers (can be done one at a time) so all L3 termination
is on the 7200s, ie if a customer is physically connected to a switch on a
L3 port, reconfigure it as a switch port and build a dedicated VLAN to the
nearest 7200.

- Once the customers are all migrated, you can kill the old OSPF instance
and flatten the switches to L2-only devices.  (Modulo whatever you need to
leave for remote management).

Good luck!

Regards,
Tim.