RE: Internet access for MPLS VPN customers

From: Scott Morris (smorris@ipexpert.com)
Date: Sat Jun 16 2007 - 08:28:29 ART

• Next message: Dave Schulz: "RE: PPPoFR"
• Previous message: spduo: "OT: Reliable Rack Rentals"
• Maybe in reply to: Ramya S: "Internet access for MPLS VPN customers"
• Next in thread: Douglas M Todd, Jr: "Re: Internet access for MPLS VPN customers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Large ISPs are rarely going to provide NAT for their customers (too much
work, not enough money). Smaller ISPs may provide this as a value add, or
part of the managed security service provider concept, but the smaller you
go, the less likely you are to run MPLS internally, so it's kinda a catch
there!

The whole idea of MPLS is that the SP cloud should be relatively invisible
to your own internal network, so configure just as if you were dealing with
leased lines or frame-relay...

If you are doing NAT service for your customers, I would do it at someplace
that makes your own design simple. It would seem to me that your internet
pe router is a single point where you could aggregate all your NAT work.
But it depends on how your internal organization is setup and where you want
to actually do the work at! If you do it at local PE's, you'll be doing
more route-map based NAT IMHO.

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
VP - Technical Training - IPexpert, Inc.
IPexpert Sr. Technical Instructor
 
A Cisco Learning Partner - We Accept Learning Credits!
 
smorris@ipexpert.com
 
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
http://www.ipexpert.com
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ramya S
Sent: Saturday, June 16, 2007 3:18 AM
To: pahujat@gmail.com; ccielab@groupstudy.com
Subject: RE: Internet access for MPLS VPN customers

Hello Tarun,

Thank you for the reply.
The method you suggested seems to be the best way. I think many big sp's use
what you suggested . If the vpn customers are using private addresses then
we can use vrf aware nat. Should we use nat at the local pe router or at the
remote internet pe router? Which would be a better way to accomplish?

Thanks,
Ramya Sen

> Date: Sat, 16 Jun 2007 04:19:27 +0530> From: pahujat@gmail.com> To:
ramya_1975@hotmail.com> Subject: Re: Internet access for MPLS VPN customers>
CC: ccielab@groupstudy.com> > Ramya,> The most common way to provide
Internet access to VPN> customers that I have seen is by providing them with
a default route. The> VPN provider implements an Internet Vrf where it
receives all the
routes> from the Internet. This vrf also contains a default route
routes> generated by
the> internet gateway. Customer Vrfs import this default default and
the> export
their> network routes to the Internet vrf for network reachability.> >
their> CCO
mentions about some other ways of providing Internet connectivity to>
customers, the following examples talks about using global routing table to>
provide Internet connectivity.> >
http://www.cisco.com/warp/public/105/internet_access_mpls_vpn.html> > HTH,>
Tarun Pahuja> CCIE#7707(R&S,Security,SP,Voice,Storage),CCSI> >

• Next message: Dave Schulz: "RE: PPPoFR"
• Previous message: spduo: "OT: Reliable Rack Rentals"
• Maybe in reply to: Ramya S: "Internet access for MPLS VPN customers"
• Next in thread: Douglas M Todd, Jr: "Re: Internet access for MPLS VPN customers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:49 ART