© 2006 cisco systems, inc. all rights reserved. mpls v2.2—7-1 integrating internet access with...
TRANSCRIPT
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-1
Integrating Internet Access with MPLS VPNs
Implementing Internet Access as a Separate VPN
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-2
Outline
• Overview
• Internet Access as a Separate VPN
• Implementing Redundant Internet Gateway Access
• Implementing Classical Internet Access for a VPN Customer
• Implementing Internet Access from Every Customer Site
• Implementing Wholesale Internet Access
• Running an Internet Backbone in a VPN
• Summary
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-3
• A provider Internet gateway is connected as a CE router to the MPLS VPN backbone.
• The Internet gateway does not insert full Internet routing into the Internet VPN.
–Only the default route and the local (regional) routes are inserted.
• Every customer site that needs Internet access is assigned to the same Internet VPN as the Internet gateway.
Internet Access as a Separate VPN
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-4
Internet Access as a Separate VPN (Cont.)
• The Internet VPN is isolated from the P routers.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-5
Example: Configuring the Internet Gateway in a Separate VPN
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-6
• The default route should be advertised by all Internet gateways only if they can reach the upstream ISP core.
Redundant Internet Access
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-7
Classical Internet Access for a VPN Customer
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-8
Classical Internet Access for a VPN Customer (Cont.)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-9
• Configure Internet VRF for every location.
Internet Access from Every Customer Site
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-10
• A separate VPN is created for each upstream ISP.
• Each ISP gateway announces the default route to the VPN.
• Customers are assigned into the VRF that corresponds to the VPN of the desired upstream ISP.
• Changing an ISP is as easy as reassigning an interface into a different VRF (and attending to address allocation issues).
Wholesale Internet Access
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-11
Benefits:• Supports all Internet access service types
• Can support all customer requirements, including a BGP session with the customer, accomplished through advanced BGP setup
Drawbacks:• Full Internet routing cannot be carried in the VPN; default
routes are needed that can lead to suboptimal routing.
• Internet gateway routers act as CE routers on the VPN backbone; implementing overlapping Internet and VPN backbones requires care.
Limitations of Running an Internet Backbone in a VPN
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-12
Summary
• MPLS VPN architecture supports defining the Internet as a VPN.
– Redundant Internet access is easy to achieve.
– The classical Internet access model can be easily implemented using the Internet VPN.
• Internet access from every customer site can be implemented by configuring the Internet VRF on a second interface at every location
• Wholesale Internet access can be implemented by creating a separate VPN for every upstream ISP.
• Internet VPNs supports all customer requirements, including full Internet routing.