[c-nsp] Internet inside a VRF?

[Robert Raszuk]

One additional point as I think most comments assumed such equation:

Internet in a VRF = requirement for MPLS in the core.

It does not.

You can run mGRE encapsulation between ASBRs/PEs and the fact that 
behind GRE header of the packet sits vpnv4/v6 mpls label would have no 
bearing on the design of your core. No need to deploy LDP or RSVP-TE 
then worry that /32s of PE loopbacks are starting to hurt when number of 
such PEs grows ;)

Also those who wish to send all paths between their ASBRs today may just 
do that by different RD configuration rather then with add-paths network 
wide OS code upgrade.

----

There is one more advantage of using VRFs for Internet ... in fact just 
came to me this morning. You know there is all this buzz about securing 
internet with RPKI which will allow various parties/courts to mess with 
it and cherry pick who has right to be in the Internet and who does not.

So even if you would keep Internet in the global table as today rather 
then dropping reachability for those forbidden guys due to RPKI telling 
you to do so (in the even of no other bgp path present) you could just 
export it to a VRF called Dirty_Internet and provide for those customers 
who are happy with it a chained lookup (global-vrf) or (vrf-vrf) .. if 
no route to the dst in the Clean_Internet global table go to vrf.

That way we could easily maintain two parallel internets without in fact 
paying twice for it as only hopefully a very small percentage or 
nets/paths would be considered "dirty".

Mechanics of doing it are yet to be drawn on the whiteboard .... There 
are number of ways one could go about doing such design.

Regards,
R.