MPLS at the Customer Edge

Unanswered Question
Mar 25th, 2008

Greetings, ive been tasked with putting together an MPLS solution for one of my customers.

We were originally going to be using individual WAN links and running a DMVPN on top for routing and security between sites.

There will be 1 HO and 8 remote sites, a single ASA 5510 and 3800 ISR will sit at the HO and 2800 ISR's at all other sites.

The HO will have a single leased line terminating on ethernet and all other sites will be on SDSL.

Im semi aware of the capabilities of MPLS and that peering is normally achieved by using BGP, OSPF, RIPv2 etc but haven't any practical experience of configuring a collection of routers for customer sites.

If someone could answer the questions below it would be much appreciated.

1. Do all routers at customer sites run BGP or other dynamic routing protocols to advertise there internal networks into the cloud or is just one router namely the HO Router run BGP and all other sites use statics to enter the cloud?

2. I continually see references to Layer 2 and Layer 3 (IPVPN) MPLS designs, can you utilise a Later 2 MPLS Network and run IPSec/GRE on top for security and routing purposes?

3. Is MPLS a fully meshed topology by default or is a requested feature?

4. Are there any CE router configuration examples available to see a real world configuration?

Any help would be much appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mheusing Wed, 03/26/2008 - 04:10

Hi,

To answer your questions let me first describe the MPLS services in simple words from a customer perspective:

MPLS L3VPN = IP router

MPLS L2VPN (AToM, EoMPLS) = P2P link ("CAT5 cable simulator")

MPLS L2VPN (VPLS) = LAN switch

Now to your questions:

A1) As a MPLS L3VPN from a customer perspective looks like one IP enabled router, the question can be rephrased: Where in an IP network would you choose static routing, where dynamic routing?

The answer will depend on what features are needed with respect to backdoor links, convergence time, redundancy, frequence of address changes etc.

You can apply all your IPv4 routing experience to design a solution. Depending on the requirements you might use static everywhere, or only at remote sites or dynamic protocols everywhere.

Given your requirements of setting up a DMVPN between all sites, static routing everywhere seems feasible, as you only need to route DMVPN "endpoint" IP addresses. So only few routes and presumably pretty stable. Redundancy, load sharing etc. considerations might lead to choose a dynamic protocol.

A2) L2VPNs are probably less suited in your case, as Ethernet over MPLS requires many P2P links and does not give you any to any connectivity unless you manually setup a full mesh, which does not scale well. The EoMPLS solution pretty much looks like a Frame Relay solution.

VPLS is rather complex for the task at hand and you are much more restricted with your choice of PE hardware than with L3VPN.

Nevertheless, the solution is possible.

A3) The connectivity is determined in MPLS L3VPN by configuring the "right" route-target import and export statements. As such any-to-any is easy to achieve. In most implementation any-to-any will be used unless there are specific requirements making it not desireable.

A4) CE routers are not at all aware of any MPLS specific part. As such they will look like any other IP router - keep in mind, the MPLS L3VPN looks like one big IP router to the CEs.

To summarize: given your requirements above, I would go for a MPLS L3VPN solution announcing the IP addresses for the DMVPN endpoints (ASA, 3800, 2800).

Hope this helps! Please rate all posts.

Regards, Martin

Actions

This Discussion