- Gold, 750 points or more
apologies for the long post,
I am working and an inter AS-VPN solution, the solution itself is straightforward and consist of an NNI where both our AS and peering AS establish a BGP session under address family for each VPN we wish to extend.
my question is about the different possibilities to deal with Mngt part. both my parties have agreed that hey should manage their own CPE's even when deployed at opposite sites. sho when a customer which belongs to AS1is deployed in AS2 cloud , only AS1 should have MNGT to this CPE (and other way around).
AS1 and AS2 have their own mngt vrf ( mngt1 & mngt2). subnets used must be dedicated to inter AS solution so they don't get leaked to existing mngt VRFs.
AS1 terminates manages link for AS2 CPE in mngt2 and simply peer with this vpn over NNI. AS2 then leaks it into its own MNGT vpn.
same as above , but no separate MNGT vrf for inter AS CPE's. so AS1 terminates AS2 CPE in AS2 MNGT vrf and peer over NNI.
I have previously used import maps under VRF definition, but this was more when there was a need to monitor a link which is already in customer VPN and leak it to mngt VPN.
I hope I managed to illustrate my examples clearly and look forward to some feedback.