[j-nsp] MPLS for management VPN question
Truman Boyes
truman at suspicious.org
Thu Jun 4 09:46:25 EDT 2009
Some notes inline:
On 4/06/2009, at 9:13 PM, Jeff Meyers wrote:
> Truman Boyes schrieb:
>
> Hi,
>
> thanks for your answer so far.
>
>> You then need to define a route-distinguisher, and route targets
>> (or simply vrf-target under the VRF) to import/export the routes
>> for this VPN from other PEs.
>
> Can you provide an example for that? That would be a L3VPN, right?
> Why would I need any routes to be known on the router? Basically I
> only need 192.168.0.0/16 to be the management subnet globally
> without any default gateways.
Ok, so if I understand this correctly, you have a management network
that you want to carry across your MPLS network and you want to make
all the devices on the management network be able to reach each other?
If the "management network" exists in multiple places, then it will
need to be appropriate subnets at each location. For example, you
might decide to break up the 192.168.0.0/16 network by assigning /24's
to each site. Then you can route between the subnets with a L3 VPN,
using the PE/MPLS Cloud as the gateway(s). You mention that you don't
need gateways ... so if you simply want to connect a management
network at layer 2 across the MPLS network, then you have about 3
options:
You can build VPLS instances (multipoint)
You can build L2VPNs (point to point)
You can build L2Circuits (point to point)
In the past I have built management networks in L3VPNs because it
provides the flexibility to allow some of these routes to be leaked
into other VRFs. However, if all you want to do is make your MPLS
network carry the management network just like a ethernet switch
would, then VPLS will be your friend.
Take a look at the documentation on L3VPN and VPLS, it should walk you
through the steps to building the configuration.
Kind regards,
Truman
>> Later on you might want to connect some of your NMS/OSS systems
>> into the VRF so they can reach the the devices on the management VPN.
>
> So I simply add the devices to the vlan 100 on the existing ae Link
> with .1q tagged vlans? No special encapsulation needed on juniper
> side?
If you are terminating VLANs, you need vlan-tagging on the major
interface, and a vlan id on the unit. Nothing special here. This is
for routing (ie. L3VPNs). When doing VPLS you need to change the
encapsulation to allow the router to grab the whole ethernet frame.
>
> Thanks,
> Jeff
>
More information about the juniper-nsp
mailing list