Inter-AS Options

kmpoon · ‎04-14-2005

I'm looking into extending the mpls network by NNI with other SPs. For scalability reason, most dosc recommended to use Option B (MP-eBGP for VPNv4) for the Inter-AS connectivity.

However, it seems that most SPs that i talked to prefer Option A (back-to-back vrf). Reasons being:

- setup is easier, does not require standardization of RT

- provisioning & fault isolation is easier, as each customer is under a separate vrf at the ASBR. Also, when there is configuration mistake, it will be less likely to affect other customers that is on the same NNI.

- traffic control (eg. shaping) per customer is possible across the NNI

Not sure if Option A is the norm in the industry. Hope to hear some input from your guys. Thanks :)

maher · ‎04-14-2005

Hi there,

Yes. Mostly in my case usually I use Option A, back to back vrf which is easier to manage, setup, troubleshooting.

But I'm thiking also to do MP-eBGP (Option B) in the future since, got lot of features in terms of controlling the vpnv4 prefix.

regards,

maher

Harold Ritter · ‎04-15-2005

Bear in mind that the back to back approach (2547bis 10a) might be ok for a one off but is not very scalable.

I would personally prefer to use option 10c, which is way more scalable.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

maher · ‎04-16-2005

Hritter,

Just to confirm, is it Multihop MP-eBGP or Multihop MP-eBGP between RRs ? Tried to proposed the MP-eBGP with RR but mostly all SP would not recommend since "sharing" of RR :)

regards,

maher

Harold Ritter · ‎04-16-2005

I was indeed referring to the a multihop eBGP VPNv4 session between RRs in each SPs network. Again if it is for a one off, a multihop eBGP VPNv4 session from one PE in one AS directly to anoher in the other AS might be find but if the 2 SPs have entered in a bilateral agreement to be an extension of each others network or better an SP with two AS, you certainly want to consider the RR solution, which will make it much easier to provision new customers.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

yuqun1103 · ‎07-12-2005

i want to know if we use multihop ebgp between rr in each network, we should advertise all pe lo0 and ralated label to peering partner by bgp session on asbr, do you think it is security for us?

romccallum · ‎07-12-2005

thats the one thing that stops me from advising implementing option C. The security headache + politics of two different companies security teams actually agreeing just doesnt make it worth the extra hassle. I agree with Harry that option C is by far the best scalable solution but because of the issues I have already said I ONLY use option B. The thing that I also do differently is I do not turn off route-target filtering and instead create a vrf with only having a RT import on it. This way the PE-ASBR only has to hold the vpnv4 routing tables that it is really interested in. The other neat "in the middle" solution is to connect between ASBRs with two gig connections and peer between loopbacks. This way you can load balance the traffic over the two gig links. The command to do this is mpls bgp forwarding on the actual interfaces and you also need to create a static route pointing the other providers loopback address. You then redistribute this static into your IGP. Yes, I hear Harry shouting whats the difference from doing that to option C. For some really odd reason the security chappies are happier with this single IP address and find it easier on their brains to secure. Dont ask me why - I just go for the solution of simple life.