From: Paul Jin (pauljin@yahoo.com)
Date: Wed Dec 05 2007 - 10:49:00 ART
Shameen,
I agree with David, the customer running VRF Lite has absolutely 0 to do with the MPLS VPN provider being compromised. VRF Lite was designed so that it makes customers
using multiple VPN features from a MPLS VPN provider an easier thing to manage, and was generally requested by MPLS VPN service providers as a feature while back.
PE has absolutely no knowledge nor care of VRF Lite CE... in an alternative situation, you could have dropped 35 ethernet connections, with a VRF/VPN on each physical ethernet connection, and run eBGP through it.
And it would still be easier to use VRF Lite to provision and operate these VPNs in the CE.
It is native BGP between PE and CE, as well as native IP.
There is no MPLS nor mp-BGP configured between PE and CE by any MPLS VPN provider.
Who is the ISP that is telling you that VRF Lite will compromise their MPLS network, I worked with AT&T, Vz, Orange and BT, and no one from there would say that.
Again, there is no way to tell by the PE that you are running VRF Lite.. and if you own the CE yourself, it is your business how you want to do this anyway...
What would this ISP suggest
you run to manage multiple VPNs, with possible overlapping IP address from 35 customers besides VRF Lite?
- Paul
------------------------------------------------------
fromShamin <ccie.xpert@gmail.com>
reply-toShamin <ccie.xpert@gmail.com>,
toDavid Prall <dcp@dcptech.com>,
ccCisco certification <ccielab@groupstudy.com>,
dateDec 5, 2007 2:32 AM
subjectRe: MPLS VRF-lite problem
mailing list<ccielab.groupstudy.com> Filter messages from this mailing list
hide details 2:32 AM (6 hours ago) Reply
Hi David,
Thanks for your input.
The ISP in this case is providing a 1GB Ethernet to the data centre CE from
their PE.
They will be providing one Dot1q interface per VPN. CE to PE connection is
running EBGP.
If the ISP who is handling the PE is just announcing the prefixes to the
CE router, the CE router at the DC will be receiving all the routes of the
sites
through dot1q and will be seen in a single routing table.
In this scenario, can the customer who does not manage the PE router,
configure VRF-lite on the CE without the PE router sending the routes
which are VRF aware.
I am new to MPLS. I am still on the learning curve. If you can clarify this
problem
for me. BTW, the ISP is using Alcatel in their MPLS cloud.
Regards
Shameen
On Dec 5, 2007 10:45 AM, David Prall <dcp@dcptech.com> wrote:
> The CE to PE connection will require 35 sub-interfaces. Either
> Frame-Relay,
> ATM PVC's, or dot1q will all work. The MPLS carrier will drop off 35
> distinct VRF's via a single link. Now how the customer handles this, has
> nothing to do with the MPLS Carrier.
>
> David
>
> --
> http://dcp.dcptech.com
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > Behalf Of Shamin
> > Sent: Tuesday, December 04, 2007 10:25 PM
> > To: Cisco certification
> > Subject: MPLS VRF-lite problem
> >
> > Dear All,
> >
> > I have a small situation here. We are providing an MPLS/VPN
> > solution to a
> > customer to connect
> > their 35 sites which are different VPN's to the Data centre site. The
> > connection to the Data centre,
> > from the MPLS cloud will carry 35 VPN's. I understand that, normally
> > VRF-lite is used between the
> > PE and CE in this situation. The problem I face is that the
> > customer is
> > taking the MPLS/VPN
> > service from the ISP and the ISP is not willing to accept the
> > solution with
> > VRF-lite as they say that,
> > it will extend their MPLS cloud to the customer side.
> >
> > Can anyone tell me, if this is actually the case. Running
> > VRF-lite on a
> > customer site, will it
> > compromise the ISP's MPLS network. Is there any problem the
> > ISP will face
> > by running
> > VRF-lite in this senario. If there is any , what are the recommended
> > general practices .
> >
> > Appreciate your valuable inputs.
> >
> > Regards
> > Shameen
> >
> > ______________________________________________________________
> > _________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:29 ARST