[j-nsp] MPLS for management VPN question

[Jeff Meyers]

Hi,

we currently have a small number of PoPs, each equippped with a Juniper 
M-series router. On each PoP we use a local Vlan 100 for the management 
with RFC1918 ip adresses - 192.168.0.0/16.

Unfortunately, this results in scalability problems as the network grows 
since it's not possible to manage and monitor all network devices (e.g. 
network switches) from one central point.

Therefore, we want to setup MPLS in our network and create a network 
wide VPN for the management. Since my experience with MPLS is very, very 
low (as in "there is none"), I could need some help here. So here we go:

The PoPs are connected over dedicated transport links and iBGP as well 
as OSPF is running fine so far. The transport link ends in a Foundry 
core-switch, the core-switch itself is connected via aggregated-ethernet 
to the juniper m-series router. On that ae-link, we're running dot1q 
vlan tagging.


First problem: what exactly will I need for my purpose? L2VPN? L3VPN? 
Something else? The management vpn shall be reachable from every 
management device on 2 or more PoPs.


I managed to got basic MPLS running as follows:


- enabled mpls under "protocols mpls" and created a label-switched-path
- enabled rsvp for the interface ospf and iBGP is running on


Here is where I'm stuck: what would be the next steps in order to create 
the desired management VPN? The routers itself doesn't need a RFC1918 
adress within that VPN.
What encapsulation would I need on the specific interface for the 
described setup?


Thanks for any help & best regards,
Jeff