06-06-2009 04:36 PM - edited 03-04-2019 05:00 AM
We have a need to set up a MAN to inter-connect multiple sites in a metropolitan area.
The sites will be connected via a 1-Gbps fiber ring.
Each location has multiple vlans, and one of the requirements is to isolate the vlans so that they can't communicate w/ each other.
One exception is the "service vlan" that contains servers & printers, which all vlans should be able to talk to.
A vlan / user group should still be able to talk to the same user group at the other locations.
We plan on running OSPF to provide routing between the locations, but are not sure how to handle the VLAN segregation and provide connectivity to the service vlan at the same time.
We'll definitely NOT do ACL's because the administrative overhead is just too much.
We're thinking about VRF Lite, so basically each VLAN will be assigned an RD.
We'd also like to use route targets to control which VLAN's can communicate w/ the other VLAN's.
However, we're not sure if this would work w/ VRF Lite, or if the full blown VRF & MPLS are required.
If the latter, we're screwed because we don't have the necessary hardware to support MPLS and gig speed at these locations. (we have a bunch of 2800/3800 routers but they can't handle the traffic rate)
06-06-2009 05:19 PM
Kevin,
You do not need a full blown MPLS deployment in order to do import/export. You can use RTs to control import/export in the context of VRF-Lite as well. You will need to configure BGP though as the import/export process is performed by the BGP process.
Regards
06-06-2009 06:06 PM
Harold,
Thank you for the prompt response.
So we'll need to run BGP on top of OSPF in order to utilize RT to control vlan access.
Is this something you'd recommend based on the requirements I've mentioned above?
We initially chose not to run BGP because we have a high speed fiber ring, and we wanted sub-second convergence.
Even if we fine-tune the BGP timers from 60/180 to something like 10/30, it's still not as fast as OSPF.
Or do you think the benefits of running BGP & VRF-Lite outweighs drawbacks such as slow convergence?
06-06-2009 11:49 PM
you need to deploy Extranet VPN...probably if you re going for vrf-lite you left with no option but to create sub-interfaces on each link......and you have to deploy bgp on single central router to implement the extranest feature...that is do the import and export......
06-07-2009 03:34 PM
Kevin,
You can still run OSPF as an IGP. BGP will solely be used to import/export routes between VRFs.
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: