09-29-2006 02:31 AM
Hi,
Can anyone please share their experiences regarding huge L3VPN deployments, want to know things like possible issues, considerations, feasibility and general technical challenges that I might face...
I am talking about VPN with 30+ sites...
Thanks
Sultan
09-29-2006 04:04 AM
Hi Sultan,
1) Size : 30+ or 300+ what will hit your scalability is the capacity of your PE devices where you are termiating these 30 locations. if its a full mesh the PE have to be of comparable capacity.
Having said that, how many routes you are expecting per site and in total, and what is the VPNV4 route capacity of the devices has to be looked at.
2)Redundancy: You may also want to look at the redundancy part of the VPN's if there are 1 or 2 sites or these 30 as central locations, thye may need redundant connections to different PE's, where you may have to loadbalance the routes.
3)Topology: Whether these 30 sites are full mesh or hub and spoke or they require some central site services, based on that your design needs to be worked out considering the points mentioned in the above 2 points.
ALso you may want to check the considerations as whether they have existing backdoor connections which they plan to use.
To sum up, at first glance its the though of scale, then other requiremnt considereations.
Coming to your possible issues or feasibility, the issues depend on your answer of the first two points, and feasibility, should not be a problem, I hope if I tell you 800+ sites can be deployed in a hierarchial HubnSpoke topology in a stable manner, that should take care of the feasibility concern.
Also if you VPN is Internet VPN going by your subject, then also the same major considerations as specified in the first 2 points hold.
HTH-Cheers,
Swaroop
09-30-2006 08:33 AM
Hi Sultan,
If you have anything more specific, related to 30+ sites deployment you can shoot.
Would be more than happy to share whatever i know.
HTH-Cheers,
Swaroop
10-02-2006 04:44 PM
Hello Swaroop,
First up, thanks for your help... !!!
Would surely let you know further incase of any doubts/questions...
Thanks again
Cheers
~sultan
09-30-2006 08:40 AM
Too add some more...
We are doing a very large (and complicated) roll out right now. Of couple of things we have run into that you might want to keep your heads up on.
1. Be sure all your VPN's, RD's, RT's are well documented. Know if your going to use complex VPNs, overlapping VPN's and what RT's you'll need and where.
2. I would use BGP Route Reflectors over a fully messed BGP backboone, however BB RRs will only advertise the best routes, you may need to use something to differentient your routes at times. For instance we have an Internet VPN coming from two different PEs, at times we want customers to use one Internet route at one PE versus the other. For the BGP RR to properly advertise two routes within the SAME VPN we need to use Different RD's and implement SOO.
3. Use the SOO extended community, you'll never know when you might need to act on prefixes for one reason or another.
4. Look into Cisco's IP Solution Center (ISC). At first I hated this prodcut (I tell my student's GUI's are for the week and timid..hehe). But this product can help rapidly deploy VPN, L2VPNs, Service request, TE and all kinds of good stuff. It's an expensive Service provider product. But it's pretty cool!
5. Use OSPF or IS-IS on the core. For your core IGP only use OSPF or IS-IS. These protocols will scale, and there are the only two that will support MPLS TE (traffic Engineering). OSPF and MPLS go hand in hand, the really do. The OSPF super backbone makes the area 0 problem go away. But watch for backdoor routes and stuff.
Food for thought....
Karl Solie
10-01-2006 05:35 PM
"Food for thought..." sure is...
Thanks Karl
Cheers,
~sultan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: