[c-nsp] MPLS-VPN migration

Aaron Daniels - Lists lists at daniels.id.au
Thu Dec 18 03:12:46 EST 2008


We just tackled this one in our organisation.

2 Gotchas.

1. Router-id must be different between peers, make sure your code supports
vrf specific router-id.
2. iBGP was very messy IMHO, so we went with eBGP using local-as to have
each vrf appear to be a different 65xxx AS

I can sent you my lab config's tomorrow.

Thanks,
Aaron

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Tim Durack
> Sent: Thursday, 18 December 2008 1:54 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] MPLS-VPN migration
> 
> Looking for some "creative" ideas on how best to accomplish this:
> 
> We are migrating a traditional enterprise-style IP network to an
> MPLS-VPN network. All the infrastructure MPLS/IGP/MP-BGP work is
> essentially done (it's a purely PE-PE network, no P routers anywhere.)
> 
> All "customer" networks are still in the global table. I need to
> migrate them into VPN groups, but maintain full reachability between
> global and VRFs during the migration. Route-leaking will be configured
> between VRFs, and at a later stage some kind of firewall will be
> employed between VPNs. The hard part is getting everything into the
> VPNs first (without anyone noticing too much :-)
> 
> Ideally I'd like to bring up BGP sessions between the global table and
> VRFs on each PE. I notice I can do BGP sessions between VRFs, but
> can't quite wrap my head around global->VRF BGP. Is this even
> possible?
> 
> Thanks for thinking about it.
> 
> Tim:>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list