[c-nsp] MPLS speakers behind unreliable link

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Tue Jan 13 15:39:14 EST 2009


Pshem Kowalczyk <mailto:pshem.k at gmail.com> wrote on Tuesday, January 13,
2009 21:19:

> Hi Oli,
> 
> 2009/1/13 Oliver Boehmer (oboehmer) <oboehmer at cisco.com>:
>> Pshem Kowalczyk <> wrote on Tuesday, January 13, 2009 01:18:
> 
> {cut}
> 
>>> 2. Somehow connecting all the remote PEs to local P/PEs (multiple
>>> remote PEs connected to one local P/PE) and using local PE as sort
>>> of aggregation point, that would hid the instability of the DSL
>>> network. We haven't done anything like this before, so I'm not even
>>> sure if it can work - using ISIS create L1 domains from the remote
>>> PEs, make the local P/PEs a L1L2 devices and use L2 to connect to
>>> the core. Would label distribution work in a scenario like that
>>> assuming LDP for the next-hop and MP-BGP for vpn information? After
>>> all a ISIS L1 is a completely stub network, so it shouldn't see any
>>> routes from L2. Is that the case also for LDP (i.e. LDP will not
>>> generate a label for a FEC (prefix) that is not advertised into a
>>> L1 domain?) 
>> 
>> This would work, but you would need to leak the BGP next-hops (or L2
>> PW router-IDs) from the L2 into the L1 areas to provide an
>> end-to-end LSP. I would consider this a reasonable approach. Make
>> sure you use a dedicated loopback address range for all your remote
>> devices so you can easily create an ACL for route leaking
>> ("redistribute isis ip level-2 into level-1 distribute-list <ACL>").
>> 
>> Obviously, the result of link flaps (i.e. loopbacks coming and going)
>> would still be propagated throughout the whole domain, but you can
>> use a less aggressive prc-interval setting on your nodes. So
>> achieving aggressive, sub-second ISIS convergence could be a
>> challenge if the network is not stable.
> 
> What if I only distributed an aggregate out from the L1L2 device to
> cover all of the L1 loopbacks? Obviously this way the L1L2 box would
> have to do a L3 lookup, but this way there would be no flaps visible
> at all. I could do the same in the other direction (by injecting only
> loopbacks aggregate) into L1 domain. Or am I completely wrong here?

unfortunately this doesn't work (yet [1]). Any aggregate breaks the
end-to-end LSP that you need between the PEs for L2VPN/L3VPN services.
So you would at least advertise the /32 loopbacks throughout the
network.

	oli

[1] http://tools.ietf.org/id/draft-swallow-mpls-aggregate-fec-01.txt


More information about the cisco-nsp mailing list