[j-nsp] Internet+IPVPN service on the same box
Mark Tinka
mtinka at globaltransit.net
Tue Apr 6 11:44:49 EDT 2010
On Tuesday 06 April 2010 07:57:32 pm Akhmedd Aly wrote:
> I need to know Best Practices for Internet (IPv4+IPv6)
> service implementation on Juniper boxes (J-/M-/MX-) with
> existing IPVPN (L3 VPN) 1. new simple VRF for Internet
> service with Full BGP table - is OK? What about security
> for IPVPN?
We carry the full Internet v4 + v6 BGP tables in global. The
only NLRI in VRF's are customer VPN's.
> 2. logical routers/systems for Internet PE-routers or
> IPVPN PE-routers - is OK? What about security for IPVPN?
We don't use logical systems in our network since routing
platforms have advanced significantly (that and the fact
that our network is young enough not to have too much
legacy; it doesn't hurt that we're kind o' old school, too).
However, based on threads on this list in the past years,
logical systems are pretty common with folk. Those using it
can, perhaps, provide more feedback on their use in this
scenario.
> What about Tunnel PICs? 3. dedicated PE-routers for
> IPVPN service and different dedicated PE-routers for
> Internet service (IPv4+IPv6)?
We use the same routers for customer VPN's and global
Internet access. This is a philosophical issues, especially
with pressure from customers that don't trust "packet".
We didn't see the sense in "virtualizing" the network with
MPLS and then getting off that road by using separate boxes
to run different services. But that's just us...
> Do You use dual stack option for v4+v6 on the same boxes?
Yes.
> What do You use in Yours IP/MPLS Networks?
If you mean kit-wise, we're a Cisco + Juniper house, as I'm
sure are many folk on this list.
My only issue now is that v6 has no MPLS (well, LDP, to be
exact) control plane. It's 2010, and we're still waiting...
Hope this helps.
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20100406/cd6cd3e3/attachment.bin>
More information about the juniper-nsp
mailing list