[c-nsp] MPLS to Customer (Option B) / Multiple VRFs on CPEs
Saku Ytti
saku at ytti.fi
Tue Aug 26 05:26:17 EDT 2014
On (2014-08-26 09:56 +0100), James Bensley wrote:
Hi,
> I know this has been discussed before (more on the NANOG list) but
> what are people doing regarding MPLS down to the CPE?
I think most are not doing it.
> (i) My first idea was uRPF, on the 12000 routers it seems that uRFP
> can inspect MPLS;
Pretty sure this is not the case.
> (iii) Additional options...
RFC4364 page 32 last sentence specifically mandates that OptB implementation
only accepts label it has advertised out. But as far as I know only very
recent IOS-XR versions actually comply to the RFC here.
I think CsC implementations do label checking, but not 100% sure about it
either.
Personally I think we're missing MPLS option best fit here. Since OptB implies
you cannot have ACL, QoS or counters per connection. I'd like OptB where you
could opportunistically create new subinterface, when needed, something like
this http://p.ip.fi/BQsj.txt
> I'm all ears! Is anyone running MPLS to the customer rather than
> multiple option A perings to each CPE? When we do large roll outs of
> 1000 CPEs with each CPE having a minimum of 3 and maximum of ~10 VRFs
> we end up having thousands of peerings. MPLS to the customer really
> would be a lot simpler for config generation, automation, monitoring
> etc (also when we want PWE3/AToM) between two CPEs at different
> sites).
VRF Lite is how people who care about security do it today :/
--
++ytti
More information about the cisco-nsp
mailing list