[c-nsp] Using MPLS PEs as gateways for access layer

Ryan L ryan.nsplist at gmail.com
Wed Nov 30 11:38:07 EST 2016 

Thanks Peter!

One other question I have been having with this is, I'll obviously have
some L2 adjacency for my FHRP between the two cores, but should I also be
running an IGP within each DC between the two on the private VRF? I don't
have any other routed devices in these sites except for the PEs, so I
wouldn't be using it for anything aside from between the two.

Route information (connected, static) can be shared via VPN amongst all
PEs, but not sure if there is any benefit to sharing things like static
routes via IGP between the two PEs within a single site (router ospf ->
redist static subnets route-map etc.) as opposed to propagating it to core
#2 at the same site via VPN/BGP. In my labbing it seems to work fine
without IGP, but devil is always in the (production) details. :)

On Wed, Nov 30, 2016 at 11:08 AM, Peter Rathlev <peter at rathlev.dk> wrote:

> On Tue, 2016-11-29 at 19:14 -0500, Ryan L wrote:
> > Is it somewhat accepted design to run L3VPN in a scenario where the
> > PEs in DC1 are vrrp active/standby for DC1 VLANs in all VRFs, and the
> > PEs in DC2 are active/standby for DC2 VLANs in all VRFs, and so on?
> > From each PE, there'd be a layer 2 path to the edge hosts within
> > those sites, and we're talking pure routing here, no state tracking
> > devices, etc. PEs would be meshed iBGP either full or w/RRs.
>
> To chime in: Using PE as the access network gateway works well IMHO. We
> have been using it for many years both in datacenters and medium/large
> enterprise access.
>
> A bad actor can almost invariably take out whatever they have a L2
> connection to, and a Sup720 isn't very resilient. Make sure you have a
> sane CoPP but keep in mind that it generally cannot match local broad-
> or multicast traffic. Hardware rate-limiters can help you with that to
> a certain degree.
>
> This is of course exactly the same whether you use VRF Lite or "real"
> MPLS L3VPN. In my eyes there's no downside to using MPLS L3VPN on the
> router that acts as gateway for a given access network.
>
> --
> Peter
>
>

More information about the cisco-nsp mailing list