[c-nsp] MPLS-VPN migration

Arie Vayner (avayner) avayner at cisco.com
Thu Dec 18 02:11:42 EST 2008


Another option is to attach the existing network to the relevant VPN as
a CE, and maintain connectivity to the non-migrated sites through the
old topology, while every migrated site would become reachable via the

In this case you just connect the old network through an "ASBR" to a
major PE (you can have 2 or 3, but would be easier in active/standby if
BW is not the issue etc as you would be creating backdoor links inside
the VPN). As soon as the old network is connected, you can run expand
the IGP of the global routing into the VPN, so reachability would be

Let me know if you want to explore this a bit more.


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tim Durack
Sent: Wednesday, December 17, 2008 17:54
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] MPLS-VPN migration

Looking for some "creative" ideas on how best to accomplish this:

We are migrating a traditional enterprise-style IP network to an
MPLS-VPN network. All the infrastructure MPLS/IGP/MP-BGP work is
essentially done (it's a purely PE-PE network, no P routers anywhere.)

All "customer" networks are still in the global table. I need to
migrate them into VPN groups, but maintain full reachability between
global and VRFs during the migration. Route-leaking will be configured
between VRFs, and at a later stage some kind of firewall will be
employed between VPNs. The hard part is getting everything into the
VPNs first (without anyone noticing too much :-)

Ideally I'd like to bring up BGP sessions between the global table and
VRFs on each PE. I notice I can do BGP sessions between VRFs, but
can't quite wrap my head around global->VRF BGP. Is this even

Thanks for thinking about it.

cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list