[c-nsp] MPLS-VPN migration

Aaron Daniels - Lists lists at daniels.id.au
Fri Dec 19 02:08:49 EST 2008


I have had a few requests for this so I thought i'd put it on-list.

Thanks,
Aaron Daniels


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Aaron Daniels - Lists
> Sent: Thursday, 18 December 2008 6:13 PM
> To: 'Tim Durack'; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] MPLS-VPN migration
> 
> We just tackled this one in our organisation.
> 
> 2 Gotchas.
> 
> 1. Router-id must be different between peers, make sure your code
> supports
> vrf specific router-id.
> 2. iBGP was very messy IMHO, so we went with eBGP using local-as to
> have
> each vrf appear to be a different 65xxx AS
> 
> I can sent you my lab config's tomorrow.
> 
> Thanks,
> Aaron
> 
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Tim Durack
> > Sent: Thursday, 18 December 2008 1:54 AM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] MPLS-VPN migration
> >
> > Looking for some "creative" ideas on how best to accomplish this:
> >
> > We are migrating a traditional enterprise-style IP network to an
> > MPLS-VPN network. All the infrastructure MPLS/IGP/MP-BGP work is
> > essentially done (it's a purely PE-PE network, no P routers
> anywhere.)
> >
> > All "customer" networks are still in the global table. I need to
> > migrate them into VPN groups, but maintain full reachability between
> > global and VRFs during the migration. Route-leaking will be
> configured
> > between VRFs, and at a later stage some kind of firewall will be
> > employed between VPNs. The hard part is getting everything into the
> > VPNs first (without anyone noticing too much :-)
> >
> > Ideally I'd like to bring up BGP sessions between the global table
> and
> > VRFs on each PE. I notice I can do BGP sessions between VRFs, but
> > can't quite wrap my head around global->VRF BGP. Is this even
> > possible?
> >
> > Thanks for thinking about it.
> >
> > Tim:>
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: VRF BGP Edge.txt
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20081219/1f52a56a/attachment.txt>


More information about the cisco-nsp mailing list