Type of IP addresses in the IP VPN

thammad · ‎08-10-2004

We are providing IP-VPN service to customers over MPLS. We are using global IP addresses for CEs' interfaces which intefarce with PE.

So, nowadyas, any customer's site will have an global IP address regardless of his business or number of sites. I'm thinking about using private IP addresses. Do any body do this? Or have solution can conserve the global IP addresses?

spremkumar · ‎08-11-2004

Hi

Since you have mentioned VPN Service you can very well use private ip address blocks becoz MPLS based ip vpns depends on VRFs only.

Before start doing this find out if any of your exisiting customers are using any private lan ip blocks in their lan which inturn has been routed in ur PE routers.

Do remember to setup ur NMS accordingly to poll the sites in private blocks once after you sets them up in private..

regds

prem

romccallum · ‎08-23-2004

You can use any addresses you like. Its a vpn service so IP doesnt matter.

thammad · ‎08-23-2004

Thank you very much. But is thier a problem if the same the PE/CE interfaces use the same IP address used in backbone?

romccallum · ‎08-24-2004

In normal practice no their is no issue with doing this. The only thing you need to watch out for is duplicate router-id's i.e. If you run BGP between your PE and the Customer CE and they have the same BGP router-id you will never get a bgp connection. We ran global addresses for the router-ids so that if we ever conflict with a customer we can force the customer to change their address (as it is owned by us).

You could have X different VPNS terminating on the same PE who all use the same IP addresses. This is where the RD value comes into play.

Harold Ritter · ‎08-24-2004

As Robert stated, there is no issue with that per se but this is no common practice. This might be an issue if you consider offering managed CE services, in which case it would be required to have global addressing on the PE-CE link.

Hope this helps,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

romccallum · ‎08-24-2004

Harry, We let customers decide what the PE-CE Ip address is and we also run MCPE. I have never had a problem with that as all we do is stick a global loopback address on the MCPE and leak that address into the Management VPN

Harold Ritter · ‎08-25-2004

Forcing the customer to use the global ip address on the PE-CE link or on the loopback address, you still have to force a global IP address somewhere ;o)

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

romccallum · ‎08-26-2004

Fair point Harry

jrstuart · ‎08-25-2004

We are providing MPLS VPN services and we manage the CEs (CPEs). We define the Interface address in PRIVATE range, also Loopbacks. It must be different for each VPN and try to get summarize blocks per PE and per VPN.

We do that for 2 reasons:

(1) Management Address (Interfases and/or Loopbacks)must be imported to VPN Management, so, all of them must be different

(2) Extranet Services (Inter-VPNs) must be free of IP interfaces or IP loopbacks overlappings. LAN IP overlappings could be an issue, it depends of the service.

JRSTUART

olorunloba · ‎09-06-2004

Are there any policies or issues (RIPE, APNIC, IETF etc) as regards using private ip addresses for customers wan interfaces when as a service provider you are just provisioning MPLS VPN service?.