cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5228
Views
16
Helpful
7
Replies

ISP / MPLS Network (POP) - Best practice advice

johnelliot6
Level 2
Level 2

Hi,

Hoping someone can provide some best practice advice on an ISP / MPLS network setup (For one POP)

Hardware I was considering:

2 x 7200's w/G1 or G2  (PE's)

2 x 6500's  (P's)

7200's + 6500's would be connected (physically) in a full mesh

Both 7200's would have a single IPTransit (eBGP) to upstreams (full bgp table)

IGP(OSPF) on all p-t-p links, and only carry loopback IP's and p-t-p link IP's

iBGP "mesh" under VPNv4 for MP-BGP with the 2 6500's as route reflectors

iBGP "mesh" for customer IP's and also the full table with the 2 6500's as route reflectors.

Any suggestions/comments are greatly appreciated.

Thanks.

7 Replies 7

JohnTylerPearce
Level 7
Level 7

So are you going to have an iBGP mesh between your PE routers? If this is the case, you don't need a route reflector.

Thanks for the response.

So, if I dont have an iBGP mesh, I can just have the 2 6500's as route reflectors (For both iBGP "vpnv4" and also "global"), and then the 2 7200's are route reflector clients?

Then if I add POP B and POP C (With same hardware at each, but only having the IPTransit feeds at POP A), all P's + PE's are then route refector clients of the 2 6500's at POPA?

If the above is correct - Is it advisable to have the full (global) bgp tables on all P's and Pe's, or should the 6500 route reflectors "global", only have customer routes/IP's and default route to the 7200's with the IPTransit?

The global table is the part Im usure of.

Cheers.

Well normally in an MPLS ISP network, you would have your core routers, which normally all run OSPF, most likely all in Area 0 (Depending on how large the ISP), and also running MPLS on top. MPLS will make labels out of the IGP prefixes. The sole purpose of the prefixes in the core, should be to use for next hops for iBGP. Obviously, at some point you will need a default route to go to your upstream ISP(s).

So I"m assuming when you say POPB and POPC, you are talking about multiple sites?

If that is the case, then at each site A,B, and C you could have the 6500s as your core, and the 7200s as your PE routers, which is where your customers will eBGP peer with, or iBGP depending on how your doing things.

You can have multiple route reflectors, just remember that, route reflectors only reflrect the bst BGP path, do not modify any BGP attributes, and you will also need to configure a cluster-id for each route reflector.

So, if you have CustomerA, which has a AS 65512, and it peers with your AS700(Just made that up), then when CustomerA sends routes to your PE(7200), it will go into it's own VRF, and it's next hop will be from one of the IGP prefixes to another PE router, and the mpls label will reflect the IGP label.

Please let me know if you have any more question, and I'll be more than happy to help.

Hi - Thanks for the reply.

Sorry I was not clear

Customer's would have a mix of vrf and Internet tails (And each p-t-p between the P's + PE's link would be mpls enabled)

Yes, POP B + POP C would be seperate locations (Only the 7200's at POP A will have IPTransit connectivity)

The part Im unsure of is the "global" iBGP (For customer "Internet" IP's) - Would the 6500's also be route reflectors here? And with regards to the full BGP tables on the 7200's, would the 7200's only send default route to the 6500's?

As a customer connecting to us via one of the 7200's could be an "Internet" tail or VRF tail, the 7200's will need to advertise this address....VRF addresses are fine (Advertised via IBGP under VPNv4), but the "Internet" addresses is the part Im unsure of - As I assume I wouldnt be advertising the full BGP table to the 6500's(RR's)....I would only need to send default + customer Internet addresses?

So from my understanding, at POPA, only the 7200s will have an eBGP connection to your upstream ISP(s).

As long as the core is running OSPF, and you have MPLS configured on the inside intefaces (which you obviously would), you could could have an Internet(Public) VRF, which you could call INETPUBLIC for instance. You could have the full internet routing table, and if a customer wants the  full table, just push the full table to them, if they want a default route, just push a default route to them 0.0.0.0/0, and if they want a partial table, push a partial table to them.

If it's an Internet global VRF, then everyone will be able to get to everyone anyway.

If you give a customer, let's say 1.1.1.0/26, I would configure eBGP as the routing protocol between CE and PE. Under the 'router bgp 64512'

'redistribute connected'

This will redistribute the route into bgp, when the customer has 1.1.1.0/26 assigned to one of there LAN interfaces on the CE router.

Once this route gets to the interface on the PE, it will have a VRF configured for it, such as 'ip vrf forwarding INETPUBLIC', and within this you could include a static default route to your upstream ISP(s) provider.

With iBGP, you will need a full mesh between all your iBGP peers within the same AS. If you don't want this you can configure a confederation or a route reflector. The route reflector will ONLY reflect the best route, not all other valid routes as well.

Thanks for the reply - So am I better to not run BGP on the P's (Only run OSPF + MPLS), and then have both the 7200's with IPTransit running as the RR's (With all other PE's(7200's) as RR's(To avoid creating a full mesh)?

If I create an Internet VRF, would I need to filter what routes are advertised to the other 7200's (As the RR's would both have full tables?)

1. On you P routers, you should only run an IGP such as OSPF, and MPLS.

2. The PE routers will only be running BGP. (VPNv4 Address Family that is)

3. Obviously at some point, in POPA you will have the uplink to your ISP(s).

I'm going to include a link to a document, with Cisco documents.

https://supportforums.cisco.com/docs/DOC-32629

This is a good example of MPLS VPNs without RR and with RRs. I don't want to keep confusing each other, so that might be better

Review Cisco Networking for a $25 gift card