I know mpls is good for SPs but how can we implement and justify mpls for an enterprise/banks with branches over 1k.
Is there any existing "private" mpls based enterprise network implemented for such a scenario and how is it justified besides using fast switching which cef can also achieve.
Hi, it all depends on what you want to achieve. So take for example you have multiple departments within the bank and there is some requirement that one department should not be able to talk to another department. In this case you can create VRF's per department and limit each department to talk to only other parts of the same department. The users might be diverse so one section of that department is located in location XYZ and the other section of that department is located in location ABC. If you have a relatively small network than you can accomplish the same with VRF-Lite without using label switching. If you have users spread across than ideally you would want to use label switching and VPNv4 sessions between your PE routers to provide connectivity. This way your Core routers do not have to know about every network and they can just label switch the traffic to the next hop eventually getting to your PE routers. Hope that was what you were looking for in terms of usability. Thx
Unless you're planning on implementing other clients on the network, what is the purpose of the MPLS? Standard routing would work well if you segment the network into several major "hubs" to which many branch "spokes" are attached and managed using OSPF. Then interconnect the hubs together using iBGP. It would be straightforward and permit the connectivity you require. If you NEED IPSEC type of security on the circuits, you could create individual encrypted sessions back to a VPN concentrator and then encrypt the traffic across the backbone between hubs. However, I would assume that all of your banking applications are already encrypted using HTTPS or something similar for their communications, in which case, the additional encryption would be overkill.
HI, [Pls Rate if HELPS]
Justify the MPLS VPN as scenario:
VPN services can be offered based on two major models:
Overlay VPNs, in which the service provider provides virtual point-to-point links between customer sites
Peer-to-peer VPNs, in which the service provider participates in the customer routing
About Overlay VPN's:
VPN is implemented with IP-over-IP tunnels:
Tunnels are established with GRE or IPSec.
GRE is simpler (and quicker); IPSec provides authentication and security.
VPN is implemented with PPP-over-IP tunnels.
Usually used in access environments (dialup, digital subscriber line).
Service provider infrastructure appears as point-to-point links to customer routes.
Routing protocols run directly between customer routers.
Service provider does not see customer routes and is responsible only for providing point-to-point transport of customer data.
About Peer to Peer VPN's:
The only difference is: Here the Service Provider participates in the Customer Routing. PE Router exchanges Customer routers through the core network.
How to treat VPN's:
Here you need to consider every branch router as CE ie., Spoke Router but not the application itself. If the application are hosted only @ HO means access will be easy.
If the applications are hosted @ various offices using of RD & RT Values in MPLS-VPN will help a lot in implementation.
How to Implement:
You can implement using pure MPLS-VPN Services. The HUB can be implented and all SPoke are treated as CE Routers. The IPSec session are to be established as said before.
The SP will implement the VRF with FRD & RT Values. The same will be imported @ spoke locations to access the Servers @ HO.
Hope I am Informative.
PLS RATE if HELPS
Guru Prasad R