05-10-2007 12:40 AM
Hello,
I have a question to management in an MPLS/VPN network. Up to now I always
used the "grey" VPN: Created a management VPN, exported the IPs I want to
manage from my VPNs into the grey VPN and information from the grey VPN
back into the VPNs. So far, so good.
But now someone told me that this is not the right way to do it, because
you cannot import routes from a vrf on the same device. So as long as you
have two, you are fine. If one fails, you loose access to/from your management
network.
I tried to find something about this problem, but unfortunately I was not
able to find some documentation on this. The guy telling me about it could
not explain it any further than this.
Does anyone have an explanation or a link to a document to this? Does that mean
that grey VPNs are not working?
So what is the way to do management vpns?
TIA
nana
05-10-2007 01:04 AM
Hi,
As far as i know there are 2 VPN CE management techniques: Grey and Rainbow:
Grey - were all the CE routers are managed through a single link of the NMS VPN to the network core.
Rainbow - were each CE will have its own dedicated link to the NMS VPN --> Used for Overlay VPNs (ex: Frame-Relay).
We are using Grey VPN management, and we are not facing any kind of problems.
HTH, please do rate all helpful replies,
Mohammed Mahmoud.
05-11-2007 09:55 AM
Hi Mohammed:
Would you mind elaborating on Grey and Rainbow?
Have not heard these terms before :-(
Thank you.
Sincerely.
05-10-2007 03:49 AM
Hi,
You need to ask the guy what he means by:
you cannot import routes from a vrf on the same device.
Yor import both mgmt and customer routes one the PE router. Best practice is to import the /30 link-nett into mgmt vrf. However if routing for mgmt addresses is gone you can telnet from the PE router.
Regards,
Bjornarsb
05-10-2007 04:58 AM
Thanks for getting back to me on this.
What he was referring was the fact, that on the management PE you import routes from every customer VPN. And this is supposedly not working on the same device.
I labbed it up and it seems to be working alright. He said as long as you have two mPEs, it workes, but when one dies, the other stops working as well.
He could not elaborate any further, that's why I ask here.
TIA
nana
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide