04-14-2005 07:57 PM
I'm looking into extending the mpls network by NNI with other SPs. For scalability reason, most dosc recommended to use Option B (MP-eBGP for VPNv4) for the Inter-AS connectivity.
However, it seems that most SPs that i talked to prefer Option A (back-to-back vrf). Reasons being:
- setup is easier, does not require standardization of RT
- provisioning & fault isolation is easier, as each customer is under a separate vrf at the ASBR. Also, when there is configuration mistake, it will be less likely to affect other customers that is on the same NNI.
- traffic control (eg. shaping) per customer is possible across the NNI
Not sure if Option A is the norm in the industry. Hope to hear some input from your guys. Thanks :)
04-14-2005 10:18 PM
Hi there,
Yes. Mostly in my case usually I use Option A, back to back vrf which is easier to manage, setup, troubleshooting.
But I'm thiking also to do MP-eBGP (Option B) in the future since, got lot of features in terms of controlling the vpnv4 prefix.
regards,
maher
04-15-2005 06:57 PM
Bear in mind that the back to back approach (2547bis 10a) might be ok for a one off but is not very scalable.
I would personally prefer to use option 10c, which is way more scalable.
Hope this helps,
04-16-2005 04:38 AM
Hritter,
Just to confirm, is it Multihop MP-eBGP or Multihop MP-eBGP between RRs ? Tried to proposed the MP-eBGP with RR but mostly all SP would not recommend since "sharing" of RR :)
regards,
maher
04-16-2005 05:58 AM
I was indeed referring to the a multihop eBGP VPNv4 session between RRs in each SPs network. Again if it is for a one off, a multihop eBGP VPNv4 session from one PE in one AS directly to anoher in the other AS might be find but if the 2 SPs have entered in a bilateral agreement to be an extension of each others network or better an SP with two AS, you certainly want to consider the RR solution, which will make it much easier to provision new customers.
Hope this helps,
07-12-2005 01:32 AM
i want to know if we use multihop ebgp between rr in each network, we should advertise all pe lo0 and ralated label to peering partner by bgp session on asbr, do you think it is security for us?
07-12-2005 02:19 AM
thats the one thing that stops me from advising implementing option C. The security headache + politics of two different companies security teams actually agreeing just doesnt make it worth the extra hassle. I agree with Harry that option C is by far the best scalable solution but because of the issues I have already said I ONLY use option B. The thing that I also do differently is I do not turn off route-target filtering and instead create a vrf with only having a RT import on it. This way the PE-ASBR only has to hold the vpnv4 routing tables that it is really interested in. The other neat "in the middle" solution is to connect between ASBRs with two gig connections and peer between loopbacks. This way you can load balance the traffic over the two gig links. The command to do this is mpls bgp forwarding on the actual interfaces and you also need to create a static route pointing the other providers loopback address. You then redistribute this static into your IGP. Yes, I hear Harry shouting whats the difference from doing that to option C. For some really odd reason the security chappies are happier with this single IP address and find it easier on their brains to secure. Dont ask me why - I just go for the solution of simple life.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide