Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORLD

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss with Cisco expert Harold Ritter how Enterprise networks are evolving into MPLS networks to deliver an SP type service delivery to the end customers. Harold Ritter is a technical leader with the Cisco Advanced Services team for Service Provider. He is responsible for helping Cisco top-tier Service Provider customers to design, implement and troubleshoot routing protocols and MPLS solutions in their environment. He has been a network engineer for more than 12 years and is a CCIE (#4168) for Routing & Switching and Service Provider.

Remember to use the rating system to let Harold know if you have received an adequate response.

Harold might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through January 12, 2007. Visit this forum often to view responses to your questions and the questions of other community members.

55 REPLIES
Bronze

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Harold,

How is using MPLS VPN different when deployed in an enterprise network rather than a SP network?

Regards, Frank

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Frank,

In fact, MPLS VPN as such is pretty much the same whether it is deployed in an enterprise or SP context.

The market penetration is very different for the moment. This is changing rapidly as many enterprises are migrating to an MPLS based network.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Hello Harold,

I need to build a project with VRF-Lite and Backup ISDN. In my lab, VRF-Lite is perfect, but now, I need to configure a backup of Dedicated Link through ISDN Link, Dialer Interface.

So I would like to get an help to build this project. What the best way to configure a Backup link with VRF-LITE? and the routing table needs to keep separated, if possible.

Very Thanks,

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Cassio,

This is slightly off topic but let me get a shot at answering your question.

If I remember correctly from a previous posting, your scenario needs to provide backup on the CE for all the VRFs via a unique dialer interface, right?

This could probably be accomplished by using a separate GRE tunnel interface per VRF. These tunnels would use global IP addresses and would all be carried over the dialer interfaces in case of failure of the main interface. Add a couple of floating static routes for each VRF pointing at their respective tunnel interface and there you go.

Does it sound like the solution you came up with in your lab?

Let me know if that answers your question,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Thank you very much and sorry about off topic.

First question, yes, unique dialer for all VRFs.

Second question, NO, when the main link is DOWN, the CE router will be a PE router, I configured TAG switching and LDP in Dialer interface and BGP Peer VPNV4, very strange but it is working. This solution solved my problem, but I am not sure if it is correct and in the future I might be wrong.

If you want, I can share the configs and LAB.

Best Regards,

Cassio

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Interesting solution. This will certainly work but I wouldn't do that unless the CE is managed by the SP itself. Just to keep the control on the core.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Hi Harold,

If a customer uses an SP MPLS network to connect various branches,

1) can the CE router (from a SP perspective) be a P router (from the entrerprise perspective)

2) if yes, what routing protocols would you suggest to use beween the SP PE-CE and the enterprise P-PE?

3) in a small branch with an ISR (P) and 3550 (PE and CE?), what would be the best way to have the same type of functionality as MPLS across the WAN?

4) Are there any design potential issues to keep in mind?

Thanks,

Best regards,

Pascal

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

So if I undetstand you correctly, you are discussing deploying MPLS VPN in your enterprise network using your SP MPLS VPN network to connect your remote branches.

This can be done indeed using Carrier Supporting Carrier (CSC).

1) The customer P could indeed be the provider CE.

2) You could use an IGP such as RIP, OSPF, EIGRP or static routes between the SP PE-CE along with LDP for label exchange. You could also use BGP IPv4+label, which does both the routes and labels exchange.

3) Not sure I understand the difference between this small branch and the others. CSC is supported on the ISR, so it doesn't matter whether the branch is small, medium or large.

4) Make sure the device (Provider CE) you choose supports CSC.

Make sure the SP already offers or is willing to support CSC.

Support for baby giant MTU might be required between the SP PE and CE.

Let me know if you have further questions,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Thank you. I will check the CSC option.

The question in 3) relates to a branch that has an ISR and a switch (3550 or 3560). That's all, just two devices capable of routing. Could the ISR be a P and PE at the same time from the enterprise perspective?

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

The ISR in this case would act as a PE as it would be responsible for label imposition and disposition.

BTW, any device that can do label imposition and disposition (PE functionality) is also capable of doing label swapping (P functionality).

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Thanks.

On the acess switches connecting end users (multiple vlans), is it possible to assign a vrf to the vlan on the switch? In that case, the access switch becomes a PE/CE. Is it correct?

More generally, is the MPLS for enterprise compatible with a routed campus (layer 3 until the access switches)?

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Pascal,

For the access switch to become the PE, it would need to run L3 code and support MPLS.

I believe you would need something like the 3750 Metro to do that.

Let me know if you have further questions,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

hi harold

we?re currently designing a new mpls topology for one of our custome.

we?ve joining the PE?s routers using 10G ports, to build a ring.

The question is regarding the nature of these ports. Are they L2 or L3? Is it neccesary to implement STP or just we need to assing a L3 ip and run a IGP routing protocol between ports?

I appreciate in deep any document relating these questions.

Thanks in advance

christian

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

These would be L3 ports on the PEs. There is therefore no need to implement STP on the PEs themselve. STP may or may not be required if you are using a L2 topology between the PEs.

As you indicated, point to point 10 GigE connections terminating on the PEs and running an IGP on top of that topology would be ideal.

Let me know if you have further questions,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

I'm an enterprise customer currently running EIGRP in my network. Do I need to migrate to OSPF or IS-IS in order to deploy MPLS VPN?

Thnks, Ben

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Ben,

There is no need for you the migrate to ospf or isis in order to deploy MPLS VPN. MPLS VPN will work perfectly well with EIGRP as your IGP.

That beeing said, you would need to migrate to ospf or isis if you intended to deploy MPLS Traffic Engineering over that same network. MPLS TE is not an absolute most though in an MPLS VPN network.

Let me know if you have further questions,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Silver

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Harold

In a CSC environment, can my Customer PE also run AToM [FRoMPLS/EWS/ERS] also (iam assuming it is possible). Secondly, how would multicast-vpns be configured over the CsC network, will my Provider need to turn multicast-routing in the core as well ? If you could share deployment scenarios it will be useful

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Gautam,

In the CSC context, it is certainly possible to have the customer PE to act as a termination point for the pseudo wire.

As for your second question, the SP definitely needs to run mcast and offer mVPN in order for you to run mcast in your network and then in turn offer mVPN yourself to your own customers.

In this case there would be three distinct mcast domains. The P-domain and C-domain as it is normally the case for mVPN and the third one would be your own customer mcast domain.

Let me know if you have further questions,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Silver

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

What is the advantage of using MPLS VPN in an enterprise network?

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Thomas,

A rapidly growing number of entreprise customers are migrating to MPLS to offer isolation to their different customers while using the same core network infrastructures. The IT department in these companies often model themselves as a service provider to their many internal users. It therefore makes a lot of sense for them to use a technology that has already proved itself in the SP world to solve the same issue.

Let me know if you have further questions,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

hello Harold, my name is Alma and I have a problem with my catalyst 500 switch, I configured for the first time by the web console, but I make a mistake because I configure all the ports in a same VLAN (that I call datos) and then I cannot see mi web browser.I dont know how I have to configure my computer I try but it cannot works. My question is how I can to restart my switch by default values, I connect mi computer to the blink port but I cannot see my switch. Please help me. I need help.

Thanks for all and I hope you will have a very good new year.

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Hello Alma,

I suggest you post this question on the LAN Switching section of NetPro (under Network Infrastructure), where you will have much appropriate people to solve this issue.

Happy New Year to you too and everybody on the list as well.

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Hello Harold,

My need is to provide a very reliable point-to-multipoint multicast flow. We have only one transmitter and two receivers, but we need a very hight reliability degree and very fast rollover in case of a path failure.

My idea is to use L2VPN over MPLS, first PW use standard IGP path, while second use TE path, and have the two PW forming an etherchannel to assure subsecond recovery. Is this feasible ? Or any other suggestion is appreciated of course.

Thanks in advance

Maurizio

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

I do not think L2 circuit bundling is currently supported. What type of convergence time are you looking at. Why not just use MPLS TE FRR if the convergence time is so critical. You could also have sub second convergence just by tuning your IGP and using BFD for fast failure detection.

Let me know if you have further questions,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Harold,

The application is for tranport ip multicast video at 270Mbps, and fast convergence is for the purpose to minimize loss of data in case of failure. I'm ivestigating about a solution without rely on SDH protection and having a pure ip Mpls over a mix of dark fiber and POS circuits.

In my knowledge TE is not able to deliver multicast (please correct me if it is wrong). The idea of tuning IGP is fine, but in this case I need to have this application directly in the core, is it ? Any way to do this with VPLS ?

thanks for your help

Maurizio

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Thanks for the additional information Maurizio,

I have seen core networks achieving ~200 to 300 milliseconds convergence with fine tuning and BFD where needed. It all bolis down to what kind of convergence you determine to be sufficient for you.

I have seen people broadcasting two sources via different paths in the network so if one fails the other one is still on but you need the receiver to be able to monitor both streams and switch from one to the other if the primary fails.

I'm not sure you need VPLS for that kind of application. Most of the SPs (mostly MSOs) I have seen deploying similar scenarios, do it in native multicast.

Let me know if you have further questions,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Harold,

We recently purchased 8 7604's with the SUP32 10 gig blades for deployment at 8 companies. We intend to use it for our IPTV (multicast) and Internet traffic. I am looking at MPLS (in the same vrf) to carry the multicast traffic between companies (in fact have that working). As far as our Internet related traffic (Public addresses), I was not planning on using MPLS. We will be running BGP for the possibility of a second DS3 from another provider. In the future we will be adding VOD content (which will be unicast from the Set Top Boxes (private addresses) and I was planning on MPLS for that, with each company being a seperate vrf back to the centralized VOD server.

Does this sound like the correct way about setting up this network. I understand I am not providing a very good descripton, so I am trying to keep it a little generic as far as specific questions. I will try and ask those in a different thread later.

Thanks

Don Hickey

Cisco Employee

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

It is hard for me to comment on this design without having all the relevant information.

So if I understand your scenario, you are using mVPN to carry your video streams through your network, right? I have seen some Service Providers doing the same for the sake of isolating their mcast stream traffic in a VRF.

Let me know if you have further questions,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: ASK THE EXPERT - MPLS L2VPN AND L3VPN IN THE ENTERPRISE WORL

Harold,

You are correct. I am using mvpn.

Currently we have two separate networks. Our IPTV network is 1 gig links (about 480meg of traffic) between the 8 companies. We have a shared headend. The IPTV network is mostly multicast with a little unicast in there so the STB's can communicate with our encryption servers.

Our data (Internet traffic) is another network that is T-1's and DS3's. We currently have one DS3 that we all connect to.

We will soon be adding VOD which is why we purchased all the 10 gig equipment. Our plan is to combine the networks and run everything over the 10 gig links.

I wanted the multicast separated from the Internet traffic and plan to use mVPN. The VOD traffic is unicast and I was planning on a different vrf for each company back to our headend router. However for our Internet traffic, I don't see a reason to have to use MPLS to carry that traffic over the network. I guess my biggest question is should I run our Internet traffic the old fashion way, routing?

Or would there be an advantage to use MPLS to carry our traffic to the Point of Presence in our network?

Thanks

Don

1468
Views
29
Helpful
55
Replies
CreatePlease to create content