[c-nsp] Private IP in SP Core

Reuben Farrelly reuben-cisco-nsp at reub.net
Mon Mar 11 06:23:47 EDT 2013


On 11/03/2013 8:52 PM, Gordon Bryan wrote:
> Andrey/Andrew,
>
> It will be a very small network to begin with - single P router,
> single PE router and a number of switches for hosting. This will
> hopefuly quickly scale to a dual-site configuration with two P
> routers and two PE routers but even then it will still be small in
> the grand scheme of things.
>
> In terms of Internet services, I was planning on delivering these in
> an Internet VRF and there is no requirement for a full routing table
> yet

"Yet" perhaps being the operative word here - it's much harder to undo 
these sorts of things later on - so yes, perhaps a good time to be 
asking the question.  Faced with moving from a VRF to the global table 
in the future is, well, I shudder at the thought.

For that smaller number of routers and core, it's probably also a 
relative non-issue as to if you use public IPs or not - just do it, it's 
not like you're going to need lots and lots of public IP addresses to do 
this sort of thing anyway.  It guarantees you'll have unique IPs to iBGP 
or eBGP to, with traceroutes that probably work especially if the 
business sells or acquires or needs to join with another AS, for example 
(or even if one of your downstream suppliers uses BGP for a L3 service).

I would also recommend you keep Internet in the global VRF - that's what 
"most" people seem to do and what "most" people seem to do is often also 
the "most" tested code path and "most" likely you'll not run into issues 
that "most" other people haven't done before.

I've worked with both - and in $JOB-1 I built everything with fully 
public IPs.  For a PE with perhaps 200 tails terminated on it, it only 
cost us 3 public IPs for the MPLS and IP network, so it really wasn't 
much overall.

You'll use 60x or more IP addresses of you use public IPs on customer 
facing PE-CE WAN interfaces.  Not that I'm advocating either way on 
that, but keeping this all in perspective here - using a tiny number of 
public IPs for your MPLS and core IP routing is an easy win with 
relatively little price to pay.

It would have been fantastic if we could run MPLS over IPv6 transport 
instead as this would have been a totally moot point then, but I don't 
think that's an option yet :-(

Reuben


More information about the cisco-nsp mailing list