I have a cisco mpls networks and I'm expanding this to include a 30+ site man network. I'm looking at using metro's in the MAN, but they do not have the label/routing capacity to match the core. Is there a way to use 'aggregation layer' P/PE's that only advertive a default only to the man with itself as next hop while passing any routes from the MAN into the core. This would effectively reduce the label/routing table size to useable levels for metro's.
I'm pretty sure you can't do any summarization when running VPNs.
You can't summarize BGP routes since BGP is what is used to carry the VPN labels between the PEs. So summarizing these routes would make it so the PEs in the MAN wouldn't have any visibility into the VPN labels.
You can't summarize the IGP (at least the PE loopbacks) since the summarization router advertises a single aggregate tag. Basically the LSP ends at the summarization point and the summary router will strip off the aggregate tag (actually it's usually PHPed at the previous LSR) and look at either the next tag for a VPN or the bare IP packet for non-VPN to figure out where to send it next.
The issue is that the summarization router will be left with just the VPN tag, which it has no idea about.
So, from my understanding, summarization will break your VPNs, not good.
Hope that helps,
I'm hoping cisco have some functionality similar to H3C's HoPE:
But so far it doesn't look good.
A PE router will only store the vpnv4 routes and labels for which it has attached CE routers.
So, if VPN A and VPN B are known in the network, but a PE router has only VPN A connected,
then only VPN A routes and labels will be kept on that PE router. The PE router
will drop the BGP updates for VPN B routes.
It is only the route reflectors (and inter-autonomous border routers possibly also) that should
store all VPN routes.
If you want to further reduce the overhead, one can have the route reflector avoid sending the BGP
updates for non-existing VPNs towards a PE router by running software that has
"RT Constrained Route Distribution".
This is a new feature.
if I correctly got your question, the MAN routers will act as PE as well, so you're worried about the amount of VPN labels (one for each network inside each VRF) they'll need to handle.
One way to achieve what you want is perhaps to configure the per-vrf label allocation on the PEs, having only one label per each vrf instead of one per network.
Here you'll find more info on this feature:
Hope it helps,