10-15-2008 07:00 PM
Hi All,
Requesting suggestions for the following scenario, let's say we have 2 service providers (SP) offering MPLS VPNs through Option A (Back to Back VRF).
These SPs are connecting through two PE/ASBRs each, like SP As, PE_A1 and PE_A2 and SP Bs, PE_B1 and PE_B2.
PE_A1 is connected to PE_B1 and PE_A2 is connected to PE_B2, this configuration is to offer PE redundancy.
I am thinking of having HSRP between these different PEs. But reckon there has to be a better way to do this.
Any suggestions?
Thanks
Cheers
~sultan
10-16-2008 07:33 AM
Hi Sultan,
HSRP would require static routes and this will not scale that well, as you need to update the ASBR(s) each time the customer introduces a new network into one VRF.
Using eBGP as "PE-CE" protocol will give you the redundancy required with the control desired. Per VRF the design can be that of a redundant internet access for an enterprise customer, as the other side is seen like a CE. BGP is built for primary/backup scenarios, so local preference could be used.
Essentially your design question can be rephrased to: How do I offer redundant MPLS VPN access to a customer?
The answer typically will be eBGP or OSPF.
Both protocols have their pros and cons, so a more detailed look into requirements would help to decide for either one.
Hope this helps!
Regards,
Martin
10-20-2008 12:21 AM
Hi Martin,
Many thanks for your response.
I agree with you and stand corrected. So if I am using eBGP between my and other Provider PEs, should I consider BGP local-preference attribute?
Are there any potential issues I might have to deal with here?
The reason for my paranoia is because I will be doing this directly in the production network without the benefit of vetting this in a Lab.
Thanks
Cheers,
~sultan
10-20-2008 03:26 AM
Hi Sultan,
You seem to like challenges and thrilling changes ;-)
Well,
I guess what might also be interesting to you: "MPLS VPN - Inter-AS Option AB"
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_vpn_ias_optab.html
With this option you have VRF back-to-back, but only 1 MP-BGP session between ASBRs.
Gernerally potential issues are similar to a normal PE-CE situation
- protection from too many routes
- scalability in general
- PE security
- There was something I saw about BGP router-ID being the same for different VRFs and issues arising from this, but can neither remember the details nor find the reference.
Hope this helps!
Regards,
Martin
10-29-2008 11:04 PM
Hi Martin,
Thanks for your valuable suggestions and sorry for my delayed response.
I will definitely consider option B as suggested by you, for the time being I have already implemented the previous option and it is looking good so far. The plan is to migrate to option B as we scale further.
Thanking you once again for your helpful comments.
Cheers
~sultan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide