[j-nsp] MPLS for management VPN question

Truman Boyes truman at suspicious.org
Wed Jun 3 23:42:59 EDT 2009 

Your PE routers can provide a way to reach your management segments  
around the network. You can create a routing-instance (VRF) for  
management, then put an IP address on the PE router for VLAN100. You  
will do this at each M-series.

You then need to define a route-distinguisher, and route targets (or  
simply vrf-target under the VRF) to import/export the routes for this  
VPN from other PEs.

Later on you might want to connect some of your NMS/OSS systems into  
the VRF so they can reach the the devices on the management VPN.

Truman


On 3/06/2009, at 10:09 PM, Jeff Meyers wrote:

> Hi,
>
> we currently have a small number of PoPs, each equippped with a  
> Juniper M-series router. On each PoP we use a local Vlan 100 for the  
> management with RFC1918 ip adresses - 192.168.0.0/16.
>
> Unfortunately, this results in scalability problems as the network  
> grows since it's not possible to manage and monitor all network  
> devices (e.g. network switches) from one central point.
>
> Therefore, we want to setup MPLS in our network and create a network  
> wide VPN for the management. Since my experience with MPLS is very,  
> very low (as in "there is none"), I could need some help here. So  
> here we go:
>
> The PoPs are connected over dedicated transport links and iBGP as  
> well as OSPF is running fine so far. The transport link ends in a  
> Foundry core-switch, the core-switch itself is connected via  
> aggregated-ethernet to the juniper m-series router. On that ae-link,  
> we're running dot1q vlan tagging.
>
>
> First problem: what exactly will I need for my purpose? L2VPN?  
> L3VPN? Something else? The management vpn shall be reachable from  
> every management device on 2 or more PoPs.
>
>
> I managed to got basic MPLS running as follows:
>
>
> - enabled mpls under "protocols mpls" and created a label-switched- 
> path
> - enabled rsvp for the interface ospf and iBGP is running on
>
>
> Here is where I'm stuck: what would be the next steps in order to  
> create the desired management VPN? The routers itself doesn't need a  
> RFC1918 adress within that VPN.
> What encapsulation would I need on the specific interface for the  
> described setup?
>
>
> Thanks for any help & best regards,
> Jeff
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list