From: Shamin (ccie.xpert@gmail.com)
Date: Wed Dec 05 2007 - 23:12:12 ART
Thanks Max,Dara,Tarun, Paul,David.
You guys helped me assess the situation better and understand the concepts.
Regards
Shameen
On Dec 5, 2007 11:36 PM, Tarun Pahuja <pahujat@gmail.com> wrote:
> Shamin,
> Vrf-lite has been around for a while. Customers can get more
> for their buck if they can run multiple virtual instances or VRF's on the
> same router. Vrf-lite enables customers to extend there vrfs over Layer2
> domains.
>
> Cisco is pushing very hard on Network virtualization. I have seen a lot of
> network designs where customers have used vrf-lite extensively to scale
> their network. Vrf's have an advantage over Vlans, they can scale better and
> by default do not route amongst each other.
>
> Vrf-lite is a lightweight version of MPLS, It does not used MP-BGP. It was
> initial designed
> to support multiple customers on one CE, so that only one physical
> link is used between the CE and the PE. The shared CE maintains separate VRF
> tables for each customer and switches or routes packets for each customer
> based on its own routing table. VRF-lite extends limited PE functionality to
> a CE device, giving it the ability to maintain separate VRF tables to extend
> the privacy and security of a VPN to the branch office.
>
> In your case, you would have to create a trunk between you router and the
> Provider router. The provider would have sub interfaces with appropriate
> dot1q tags and vrf forwarding statements , this way each of your vrfs would
> get extended to the provider where they would fall under separate vrf
> tables. There should not be any need for your ISP to worry about this as
> your vrf would be completely isolated from other customers and the ISP
> network.
>
>
> http://www.sentientsupport.com/univercd/cc/td/doc/product/ong/15400/r80docs/d80ether/r8vrf.htm
>
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/20ew/configuration/guide/vrf.html
>
> HTH,
> Tarun
>
>
> On 12/6/07, dara tomar <wish2ie@gmail.com> wrote:
> >
> > *Furthermore in order to tunnel the data traffic within the customer
> > network
> >
> > GRE as a tunneling tech can be of great help.
> >
> >
> >
> > Regards,
> > Dara
> > *
> >
> >
> > On Dec 5, 2007 11:59 PM, dara tomar < wish2ie@gmail.com> wrote:
> >
> > > * Hi Shameen,
> > >
> > > As per my knowledge the VRF process support is independent of the MPLS
> >
> > > tech.
> > >
> > > And the routing protocols of
> > > RIPV2
> > > EIGRP
> > > OSPF
> > > BGP
> > > IS-IS
> > >
> > > are made VRF-aware and hence can support it within your network.
> > >
> > > The ISP is having no concerns and is unaware if you have unmanaged CE
> > of
> > > the presence of VRF-lite within the customer networks.
> > >
> > > This feature specifically intended for route separation @ Layer 3, is
> > for
> > > CE i.e customers only, since customer mostly aren't running the LSP's
> > > internally.
> > >
> > > In this case for it to work, there is only the caveat that each hop
> > router
> > > would be would be having the entire routing table for all the 35 VRF's
> > &
> > > interface for it, you would be requiring the RD to keep the IPV4
> > prefixes
> > > separately within the VPNV4 table.
> > >
> > >
> > > HTH,
> > > Regards,
> > > Dara*
> > >
> > >
> > >
> > >
> > > On Dec 5, 2007 10:30 PM, Shamin < ccie.xpert@gmail.com > wrote:
> > >
> > > > Hi David,
> > > >
> > > > Thanks for you input.
> > > >
> > > > The ISP, will have one dot1q interface for each customer VPN that is
> > > > connecting the DC.That is , as there 35 VPN's, the PE connecting to
> > the
> > > > DC
> > > > CE will have 35 dot1q interfaces and they charge the customer based
> > on
> > > > these
> > > > sub interfaces( they call it VPN ports). So I think the ISP will
> > have a
> > > > VRF
> > > > for each sub interface representing each of the customer VPNs going
> > to
> > > > the
> > > > DC.
> > > >
> > > > I am trying to understand exactly how VRF-lite works . If anyone can
> >
> > > > send me
> > > > link to
> > > > a configuration guide line, will be grateful.
> > > >
> > > > Thanks
> > > > Shameen
> > > >
> > > > On Dec 5, 2007 6:44 PM, David Prall < dcp@dcptech.com> wrote:
> > > >
> > > > > Shamin,
> > > > > The PE would need to send each VRF seperately over a distinct
> > dot1q
> > > > tagged
> > > > > vlan interface. You would need 35 seperate BGP neighbor
> > relationships.
> > > > I
> > > > > would suspect that the Carrier would rather not do this because of
> > > > scaling
> > > > > issues. They are doing an import of 35 VRF's into a single Data
> > Center
> > > >
> > > > > VRF,
> > > > > then importing the Data Center into the 35 VRF's. While the VRF's
> > > > can't
> > > > > see
> > > > > routes from each other, they all can see the Data Center and the
> > Data
> > > > > Center
> > > > > can see all 35 VRF routes. This doesn't allow for duplicate
> > > > addressing.
> > > > >
> > > > > --
> > > > > http://dcp.dcptech.com
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: nobody@groupstudy.com [mailto: nobody@groupstudy.com] On
> > > > > > Behalf Of Shamin
> > > > > > Sent: Wednesday, December 05, 2007 2:32 AM
> > > > > > To: David Prall
> > > > > > Cc: Cisco certification
> > > > > > Subject: Re: MPLS VRF-lite problem
> > > > > >
> > > > > > Hi David,
> > > > > >
> > > > > > Thanks for your input.
> > > > > >
> > > > > > The ISP in this case is providing a 1GB Ethernet to the data
> > > > > > centre CE from
> > > > > > their PE.
> > > > > > They will be providing one Dot1q interface per VPN. CE to PE
> > > > > > connection is
> > > > > > running EBGP.
> > > > > >
> > > > > > If the ISP who is handling the PE is just announcing the
> > > > > > prefixes to the
> > > > > > CE router, the CE router at the DC will be receiving all the
> > > > > > routes of the
> > > > > > sites
> > > > > > through dot1q and will be seen in a single routing table.
> > > > > >
> > > > > > In this scenario, can the customer who does not manage the PE
> > > > router,
> > > > > > configure VRF-lite on the CE without the PE router sending the
> > > > routes
> > > > > > which are VRF aware.
> > > > > >
> > > > > > I am new to MPLS. I am still on the learning curve. If you
> > > > > > can clarify this
> > > > > > problem
> > > > > > for me. BTW, the ISP is using Alcatel in their MPLS cloud.
> > > > > >
> > > > > > Regards
> > > > > > Shameen
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Dec 5, 2007 10:45 AM, David Prall <dcp@dcptech.com> wrote:
> > > > > >
> > > > > > > The CE to PE connection will require 35 sub-interfaces. Either
> > > > > > > Frame-Relay,
> > > > > > > ATM PVC's, or dot1q will all work. The MPLS carrier will drop
> > off
> > > > 35
> > > > > > > distinct VRF's via a single link. Now how the customer
> > > > > > handles this, has
> > > > > > > nothing to do with the MPLS Carrier.
> > > > > > >
> > > > > > > David
> > > > > > >
> > > > > > > --
> > > > > > > http://dcp.dcptech.com
> > > > > > >
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: nobody@groupstudy.com [mailto: nobody@groupstudy.com ]
> > On
> > > > > > > > Behalf Of Shamin
> > > > > > > > Sent: Tuesday, December 04, 2007 10:25 PM
> > > > > > > > To: Cisco certification
> > > > > > > > Subject: MPLS VRF-lite problem
> > > > > > > >
> > > > > > > > Dear All,
> > > > > > > >
> > > > > > > > I have a small situation here. We are providing an MPLS/VPN
> > > > > > > > solution to a
> > > > > > > > customer to connect
> > > > > > > > their 35 sites which are different VPN's to the Data
> > > > > > centre site. The
> > > > > > > > connection to the Data centre,
> > > > > > > > from the MPLS cloud will carry 35 VPN's. I understand
> > > > > > that, normally
> > > > > > > > VRF-lite is used between the
> > > > > > > > PE and CE in this situation. The problem I face is that the
> > > > > > > > customer is
> > > > > > > > taking the MPLS/VPN
> > > > > > > > service from the ISP and the ISP is not willing to accept
> > the
> > > > > > > > solution with
> > > > > > > > VRF-lite as they say that,
> > > > > > > > it will extend their MPLS cloud to the customer side.
> > > > > > > >
> > > > > > > > Can anyone tell me, if this is actually the case. Running
> > > > > > > > VRF-lite on a
> > > > > > > > customer site, will it
> > > > > > > > compromise the ISP's MPLS network. Is there any problem the
> > > > > > > > ISP will face
> > > > > > > > by running
> > > > > > > > VRF-lite in this senario. If there is any , what are the
> > > > > > recommended
> > > > > > > > general practices .
> > > > > > > >
> > > > > > > > Appreciate your valuable inputs.
> > > > > > > >
> > > > > > > > Regards
> > > > > > > > Shameen
> > > > > > > >
> > > > > > > >
> > ______________________________________________________________
> > > > > > > > _________
> > > > > > > > Subscription information may be found at:
> > > > > > > > http://www.groupstudy.com/list/CCIELab.html
> > > > > >
> > > > > > ______________________________________________________________
> > > > > > _________
> > > > > > Subscription information may be found at:
> > > > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:29 ARST