Thanks Indeed!!! For your valuable points , but still I have few more to be answered.

1. If I use CE's (VPN) OSPF as routing protocol , then what routing protocol been advisable to use between PE - P and P-P. For. ex.: If I use OSPF then what will be the complication's will occur or If I use IS-IS what will be the complications and Which one will drive me in a correct sceneriao.

2. I have 16 major sites and Iam planning to run each sites as a separate VPN's , Is it advisable to run like this or all sites as one VPN.

3. Which will suite me ? either L3 MPLS VPN or L2 MPLS VPN and in what type of sceneriao will able me to choose L3 or L2 MPLS VPN

Thanks Indeed for your open comments !!! Once again Thanks for you. But still I have few queries..

1. The sceneriao where Iam going to implement is Iam having almost 16 major sites in which all equipped with STM-1(155 mbps) P-P

2. Thanks for your advise for choosing MBGP between PE-PE

3.Iam already in selection of any-to-any connectivity , but now iam afraid from your comments , could you please explain what sort of compliocations will raise if I use L3mpls vpn - any-to-any and If I want to use L2 mpls vpn then in what type of setup you want to go further.

When I refer to problem as it relates to 'any-to-any', I am talking about the N-squared scalability problem of full-mesh peering of multiple customer routers over a traditional FR or ATM backbone. Any new site that a customer will want to add to such a backbone will require that the customer order many more virtual-circuits and then create a whole slew of new peering sessions. Clearly you can understand why this is a problem. L3 MPLS VPN's eliminate this N-squared scaling problem because customer routers no longer have to peer with other customers routers, they peer with a VRF on a provider router. This is the only clear advantage that L3 MPLS VPN's hold over other solutions.

But the real question is how many customers really have any-to-any peering? I'm not talking about peering within the provider, I'm talking about customer peering. For example, how many customers really have lots of branch offices that actually communicate with each other a lot, enough to justify any-to-any peering? At this time, almost none. Most customer networks are set up such that most of the WAN traffic consists of traffic from a branch office to a main "headquarters" office, and branch office to branch office traffic is low. Therefore, most customers really only need a hub-and-spoke model of peering.

So my point is, the advantage of L3 MPLS VPN's consists of eliminating the problems of customer any-to-any peering. But right now, how many customers really have this problem? Very few. So if you provide this service, how many customers will really want to order it? I regret to say that the answer will probably be very few. Your company will certainly find it difficult to earn high profits from such a service, because the fact is, the service doesn't really provide anything that most customers can't get already get by ordering a different service.

And the problems of L3 MPLS VPN's are well documented. Basically, you are taking partial responsibility for customer routing, which is a very dangerous thing. For example, what if one of your customers accidentally imports the entire BGP table and then propogates it to one of your PE's? Almost certainly, your router will crash, which takes down every customer attached to that PE. Or what if a customer's network is unstable? This will mean that the PE's VRF route table will be unstable which is very stressful for that PE. Things like that. So basically you end up with all these problems with linking your routers with a customer's routers, so any problems that a customer is having will become your problem also.

Which is why I'm much more enthusiastic about the L2 MPLS VPN's, which is simply providing L2 services like FR, but using IP and MPLS in the core of the provider. For example, Cisco's martini-draft implementations in its AToM technology. Or Juniper's kompella or martini-draft implementations. Either way, you are no longer linking the provider's network to the customer's network. If a customer's routing is having problems, it doesn't affect the provider's network. As long as you are properly providing L2 connectivity, your job is done. If the customer's routing is broken, it is not your problem because you are not responsible for providing routing services.

Thanks once again for your patience !!! of giving me the right indications.

Now !!

1. Basically Iam having an ATM Backbone and Iam in the phase of moving to MPLS VPN Architecture , and the current requirement Iam not going to be an ISP now but in future yes!!, The design which iam doing right now is as though like a corporate network .

2. I had major 16 sites to corporate with MPLS VPN , Still to decide L2/L3 Mpls vpn.

3. If and all I want to go L2 Mpls VPN , Is this will work for any-to-any comm.

4. Access will be HQ -to- Major sites - to - branches -to-HQ

Again, I have to ask, why MPLS VPN's?

If you want to merge your ATM and your IP routers together into a unified network, then implementing MPLS is good enough. You don't need to implement VPN's right now. Why not wait until MPLS VPN technology is more proven? The technology has only been out for a short while, so there are bound to be bugs.

L2 MPLS VPN's work for any-to-any just like traditional ATM. The customers have to worry about how they want to connect and if they decide they want any-to-any, then they will have to request multiple virtual circuits, just like ATM. And like I said before, the major advantage here is that you're not linking your routers with the customer's networks, so if they are having routing problems in their network, it doesn't affect you. As long as the virtual-circuits you are providing are functioning, your job is done, you don't need to worry about if the customer can route or not.

I should have added that L3 VPN's do have one other advantage over L2 VPNs, in that L3 VPNs are more standardized. They have actually attained RFC status, whereas L2 VPN's are still drafts. So I guess you could say that L3 VPN's are probably more stable and have better inter-vendor operability. But in any case, either one is still very new. There are bound to be problems with either technology. So why implement VPN's if you don't have to? You can just stick to normal MPLS (which is also fairly new, but does have a clear benefit in unifying your IP routers with your ATM switches).

MPLS-VPN will isolate my central region (SEC-CRB) from the core of the network, and the routes used in the ATM WAN will not be visible to the SEC-CRN network, but this will not be done until after head office migration.

Well in that case, either kind of VPN will do you just fine. Which one you choose will have to be determined by the specifics of your network. It's a design choice. I still think L2 is probably better, but since I don't the details of your network, I can't say for sure.

What I can tell you is this. If you insist on running L3, make absolutely sure that no CE accidentally introduces the whole BGP routing table into a VRF. That would blow up your network in a Sunday minute.

All CE's will be running OSPF , PE - PE will be running BGP comm. , P-P will be running IS-IS , Another intersting ?'s

1. Is it advisable to have only one VPN for all the 16 major sites or each location as indiduval VPN

2. What type of RR (route reflectors) can I use - single tier, multi-tier, confederation with RR in PE's

3. Further more If you have any more suggestions , try to summary it for all the components involved.

If you explain me it will good enough for me to decide and complete the design

Hi.

If you want any-to-any connectivity there's no need to run 16 individual VPNs for each site. This would be useful if you wanted to run some "not so any-to-any" VPN. You would have separate VRFs for each site, and you would "link" them by route-target manipulation.

Regarding RR, it depends on the dimension and topology of you network.

Hope this helps.

NM

Thanks for your info. I think what I guessed from your words is

1. any-to-any means I will be having all the PE's will replicate the same VRF tables

2. no so any-to-any means each PE's will hold it's own VRF table

The ? now is .

3. Where does the VPN plays a role if I use any-to-any option and in what scenerio this option will plays a role

4. What is advantage if i use no so any-to-any option.

You should have looked at my post later in this thread.

But basically, if you use the any-to-any topology that you have described, then you are correct to say that the VPN plays no role. Everything would be in 1 VPN. 1 VPN is basically the same thing as zero VPN's. If this is what you want, then I would question why you want to run VPN's at all.

The advantage of not "any-to-any", the way you have described it, is to actually get some VPN connectivity. Certain sites would be segregated from other sites. Surely you would agree that's the whole point of a VPN.

Then acc. why "any-to-any" option is used under the subject of VPN , so it means "any-to-any" beign an single domain and vpn dosen't plays any advantages role in vpn.

The main objective is I want all my 16 sites should have their seperate VRF tables and mean time they want to talk to each other and all the sites must eat the resources from the Head office.

Which is advisable 1. To have seperate VPNS for each sites or all sites will be having the same VPN Identifications.