MPLS in Enterprise Campus Network

Unanswered Question
Jan 13th, 2008

Hi,


I have a query regarding implementation of MPLS in Enterprise Network. If an enterprise network is comprised of Cisco's multilayer design i.e access,distribution and core then what is the advantage of deploying MPLS in that network.


Regards,


Mujeeb



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Jon Marshall Mon, 01/14/2008 - 01:11

Hi Mujeeb


The primary reason for deploying MPLS into an Enterprise network would be for logical separation with VPN's.


Think of it like this. Instead of one physical and one logical network you could have one physical but many logical networks. The advantage of this is you can segregate and priortise depts, production/test environments etc. Yes you could do this with access-lists etc. but it is much "cleaner" and easier to administer using MPLS.


There is also something called VRF-lite which is supported on a lot more switches thah MPLS that can extend MPLS segregation into your LAN.


HTH


Jon

rmujeeb81 Mon, 01/14/2008 - 04:53


Hello Jon,


As far as segregation is concerned we can do it by using VLANs.There are important applications of MPLS in service provider networks like L2/L3 VPNs,Traffic Engineering but for Enterprise Networks I am unable to find some good design guide.Kindly send me the link of Cisco documentation regarding MPLS deployment in Enterprise/Campus design guide with MPLS if possible.


Thanks & Regards,


Mujeeb

Jon Marshall Mon, 01/14/2008 - 05:26

Mujeeb


Yes you could use vlans but your still using the same logical network. An example may help


You have a campus network where you want to have a development network and a production network running on the same physical infrastructure. You want to make sure that anyone in the development network cannot access the production network and vice-versa.


Now there are many ways you could approach this and i'm not going to list them all but lets compare the vlan approach with the MPLS approach.


Vlan approach


1) You allocate dev users into specific dev vlans.

2) You apply access-lists on the vlan interfaces to only allow communcation between this dev vlan and other dev vlans because you still have one global routing table on the L3 switches.

3) You could also optionally apply QOS to all links that the dev traffic runs over.


If your dev users are spread throughout the campus this can become a lot of administrative work and is still prone to error eg. your L3 switches with the dev and prod vlans have one global routing table. The only thing stopping your dev users accessing production is the accuracy of your access-lists.


The MPLS approach.


1) You create 2 VPN's, one for production and one for dev.

2) You still allocate users into vlans but there is now no need for all the access-lists because the L3 devices have separate routing tables for each VPN.

3) You can more easily apply TE to this setup where production and development have separate paths through some of the critical parts of your network.


The key thing is this. MPLS makes it easier to do this level of segregation because of MPLS VPN's. Service Providers have to be able to keep customer traffic separate.


if you don;t have the requirement in your network to segment different groups of users and give these users differing levels of priority then MPLS probably wouldn't do anything for you.


And yes you could use a combination of access-lists, Policy Based routing, separate routing protocols etc., it's just that on an Enterprise level MPLS scales better.


For design docs have a look at


www.cisco.com/go/srnd


Start with the Network Virtualisation guides.


HTH


Jon




Actions

This Discussion