Re: MPLS VRF-lite problem

From: Tarun Pahuja (pahujat@gmail.com)
Date: Wed Dec 05 2007 - 16:36:45 ART

• Next message: Tarun Pahuja: "Re: RSPAN VLAN and VTP Setup"
• Previous message: Felix Nkansah: "RSPAN VLAN and VTP Setup"
• Maybe in reply to: Shamin: "MPLS VRF-lite problem"
• Next in thread: Max Bozeman: "Re: MPLS VRF-lite problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Shamin,
              Vrf-lite has been around for a while. Customers can get more
for their buck if they can run multiple virtual instances or VRF's on the
same router. Vrf-lite enables customers to extend there vrfs over Layer2
domains.

Cisco is pushing very hard on Network virtualization. I have seen a lot of
network designs where customers have used vrf-lite extensively to scale
their network. Vrf's have an advantage over Vlans, they can scale better and
by default do not route amongst each other.

Vrf-lite is a lightweight version of MPLS, It does not used MP-BGP. It was
initial designed
to support multiple customers on one CE, so that only one physical
link is used between the CE and the PE. The shared CE maintains separate VRF
tables for each customer and switches or routes packets for each customer
based on its own routing table. VRF-lite extends limited PE functionality to
a CE device, giving it the ability to maintain separate VRF tables to extend
the privacy and security of a VPN to the branch office.

In your case, you would have to create a trunk between you router and the
Provider router. The provider would have sub interfaces with appropriate
dot1q tags and vrf forwarding statements , this way each of your vrfs would
get extended to the provider where they would fall under separate vrf
tables. There should not be any need for your ISP to worry about this as
your vrf would be completely isolated from other customers and the ISP
network.

http://www.sentientsupport.com/univercd/cc/td/doc/product/ong/15400/r80docs/d80ether/r8vrf.htm

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/20ew/configuration/guide/vrf.html

HTH,
Tarun

On 12/6/07, dara tomar <wish2ie@gmail.com> wrote:
>
> *Furthermore in order to tunnel the data traffic within the customer
> network
> GRE as a tunneling tech can be of great help.
>
>
>
> Regards,
> Dara
> *
>
>
> On Dec 5, 2007 11:59 PM, dara tomar < wish2ie@gmail.com> wrote:
>
> > * Hi Shameen,
> >
> > As per my knowledge the VRF process support is independent of the MPLS
> > tech.
> >
> > And the routing protocols of
> > RIPV2
> > EIGRP
> > OSPF
> > BGP
> > IS-IS
> >
> > are made VRF-aware and hence can support it within your network.
> >
> > The ISP is having no concerns and is unaware if you have unmanaged CE of
> > the presence of VRF-lite within the customer networks.
> >
> > This feature specifically intended for route separation @ Layer 3, is
> for
> > CE i.e customers only, since customer mostly aren't running the LSP's
> > internally.
> >
> > In this case for it to work, there is only the caveat that each hop
> router
> > would be would be having the entire routing table for all the 35 VRF's &
> > interface for it, you would be requiring the RD to keep the IPV4
> prefixes
> > separately within the VPNV4 table.
> >
> >
> > HTH,
> > Regards,
> > Dara*
> >
> >
> >
> >
> > On Dec 5, 2007 10:30 PM, Shamin < ccie.xpert@gmail.com > wrote:
> >
> > > Hi David,
> > >
> > > Thanks for you input.
> > >
> > > The ISP, will have one dot1q interface for each customer VPN that is
> > > connecting the DC.That is , as there 35 VPN's, the PE connecting to
> the
> > > DC
> > > CE will have 35 dot1q interfaces and they charge the customer based on
> > > these
> > > sub interfaces( they call it VPN ports). So I think the ISP will have
> a
> > > VRF
> > > for each sub interface representing each of the customer VPNs going to
> > > the
> > > DC.
> > >
> > > I am trying to understand exactly how VRF-lite works . If anyone can
> > > send me
> > > link to
> > > a configuration guide line, will be grateful.
> > >
> > > Thanks
> > > Shameen
> > >
> > > On Dec 5, 2007 6:44 PM, David Prall <dcp@dcptech.com> wrote:
> > >
> > > > Shamin,
> > > > The PE would need to send each VRF seperately over a distinct dot1q
> > > tagged
> > > > vlan interface. You would need 35 seperate BGP neighbor
> relationships.
> > > I
> > > > would suspect that the Carrier would rather not do this because of
> > > scaling
> > > > issues. They are doing an import of 35 VRF's into a single Data
> Center
> > >
> > > > VRF,
> > > > then importing the Data Center into the 35 VRF's. While the VRF's
> > > can't
> > > > see
> > > > routes from each other, they all can see the Data Center and the
> Data
> > > > Center
> > > > can see all 35 VRF routes. This doesn't allow for duplicate
> > > addressing.
> > > >
> > > > --
> > > > http://dcp.dcptech.com
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > > > > Behalf Of Shamin
> > > > > Sent: Wednesday, December 05, 2007 2:32 AM
> > > > > To: David Prall
> > > > > Cc: Cisco certification
> > > > > Subject: Re: MPLS VRF-lite problem
> > > > >
> > > > > Hi David,
> > > > >
> > > > > Thanks for your input.
> > > > >
> > > > > The ISP in this case is providing a 1GB Ethernet to the data
> > > > > centre CE from
> > > > > their PE.
> > > > > They will be providing one Dot1q interface per VPN. CE to PE
> > > > > connection is
> > > > > running EBGP.
> > > > >
> > > > > If the ISP who is handling the PE is just announcing the
> > > > > prefixes to the
> > > > > CE router, the CE router at the DC will be receiving all the
> > > > > routes of the
> > > > > sites
> > > > > through dot1q and will be seen in a single routing table.
> > > > >
> > > > > In this scenario, can the customer who does not manage the PE
> > > router,
> > > > > configure VRF-lite on the CE without the PE router sending the
> > > routes
> > > > > which are VRF aware.
> > > > >
> > > > > I am new to MPLS. I am still on the learning curve. If you
> > > > > can clarify this
> > > > > problem
> > > > > for me. BTW, the ISP is using Alcatel in their MPLS cloud.
> > > > >
> > > > > Regards
> > > > > Shameen
> > > > >
> > > > >
> > > > >
> > > > > On Dec 5, 2007 10:45 AM, David Prall <dcp@dcptech.com> wrote:
> > > > >
> > > > > > The CE to PE connection will require 35 sub-interfaces. Either
> > > > > > Frame-Relay,
> > > > > > ATM PVC's, or dot1q will all work. The MPLS carrier will drop
> off
> > > 35
> > > > > > distinct VRF's via a single link. Now how the customer
> > > > > handles this, has
> > > > > > nothing to do with the MPLS Carrier.
> > > > > >
> > > > > > David
> > > > > >
> > > > > > --
> > > > > > http://dcp.dcptech.com
> > > > > >
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: nobody@groupstudy.com [mailto: nobody@groupstudy.com] On
> > > > > > > Behalf Of Shamin
> > > > > > > Sent: Tuesday, December 04, 2007 10:25 PM
> > > > > > > To: Cisco certification
> > > > > > > Subject: MPLS VRF-lite problem
> > > > > > >
> > > > > > > Dear All,
> > > > > > >
> > > > > > > I have a small situation here. We are providing an MPLS/VPN
> > > > > > > solution to a
> > > > > > > customer to connect
> > > > > > > their 35 sites which are different VPN's to the Data
> > > > > centre site. The
> > > > > > > connection to the Data centre,
> > > > > > > from the MPLS cloud will carry 35 VPN's. I understand
> > > > > that, normally
> > > > > > > VRF-lite is used between the
> > > > > > > PE and CE in this situation. The problem I face is that the
> > > > > > > customer is
> > > > > > > taking the MPLS/VPN
> > > > > > > service from the ISP and the ISP is not willing to accept the
> > > > > > > solution with
> > > > > > > VRF-lite as they say that,
> > > > > > > it will extend their MPLS cloud to the customer side.
> > > > > > >
> > > > > > > Can anyone tell me, if this is actually the case. Running
> > > > > > > VRF-lite on a
> > > > > > > customer site, will it
> > > > > > > compromise the ISP's MPLS network. Is there any problem the
> > > > > > > ISP will face
> > > > > > > by running
> > > > > > > VRF-lite in this senario. If there is any , what are the
> > > > > recommended
> > > > > > > general practices .
> > > > > > >
> > > > > > > Appreciate your valuable inputs.
> > > > > > >
> > > > > > > Regards
> > > > > > > Shameen
> > > > > > >
> > > > > > > ______________________________________________________________
> > > > > > > _________
> > > > > > > Subscription information may be found at:
> > > > > > > http://www.groupstudy.com/list/CCIELab.html
> > > > >
> > > > > ______________________________________________________________
> > > > > _________
> > > > > Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Tarun Pahuja: "Re: RSPAN VLAN and VTP Setup"
• Previous message: Felix Nkansah: "RSPAN VLAN and VTP Setup"
• Maybe in reply to: Shamin: "MPLS VRF-lite problem"
• Next in thread: Max Bozeman: "Re: MPLS VRF-lite problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:29 ARST