Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
2
Replies

MPLS VPNs IP address management

s.vasudevan
Level 1
Level 1

‎11-10-2002 02:45 PM - edited ‎03-09-2019 01:00 AM

We have some questions regarding VPNs(rfc2547bis), especially in configurations involving Extranets:

1. If two Intranets(each using private IP addresses) want to allow each other's sites to communicate with one another, their IP addresses MUST to be distinct. Correct?

2. If the address spaces of the above two Intranets are NOT distinct(there are IP addresses in common), what options do we have in allowing full interconnectivity between all the sites?

3. If a VRF is established on a PE interface, and it serves multiple distinct VPNs(all of them using private IP address), can there be any overlap in the IP addresses being used in the VPN sites?

Labels:
0 Helpful
2 Replies 2

Not applicable

‎11-15-2002 05:05 PM

I think that the cleanest design would be one where the two connected LANs use distinct subnets. This should not be a problem given the wide range of private addresses available. If however there are overlapping addresses, you could configure NAT on one side. I would go in for static NAT for the entire network on one site. This will allow either site to initiate a connetion to the other.

0 Helpful

jeff_caprock
Level 1
Level 1

‎11-16-2002 07:29 AM

Think of the MPLS VPN as a distinctly logical subnet with access lists that totally restrict its traffic to just its own subnet, and to nowhere else. In that context, you can use whatever IP address range that you desire. The problem crops up when you need this vpn subnet to communicate to the "outside" world, that is outside of its vpn subnet..... its address schema had better be unique!

This communications need is called "MPLS Leaking" in which the vpn is "leaked" into the BGP routing tables to see the outside. The outside world is then, via BGP, made aware of this vpn subnet, hence again the need for distinct IP addressing. Sure you can use NAT/PAT, and you can also use IP schemas that are distinct classes such as a /28 out of the same IP block as the /24.

But, again, the IP block must be unique or MPLS will give you grief via BGP.

-Jeff

0 Helpful
Customers Also Viewed These Support Documents