MPLS Services

Ivan Pepelnjak ip at ioshints.info
Fri Aug 28 13:52:21 CDT 2009


This might give you some ideas (also solves the overlapping customer address
problem):

http://www.nil.com/ipcorner/FlexExtraImplement/

Ivan
 
http://www.ioshints.info/about
http://blog.ioshints.info/ 

> -----Original Message-----
> From: Kenny Sallee [mailto:kenny.sallee at gmail.com] 
> Sent: Friday, August 28, 2009 6:28 PM
> To: nanog at nanog.org
> Subject: MPLS Services
> 
> Questions for the community:  from a Application Service 
> Provider perspective - how / can one provide application 
> access to a group of Enterprises where the ASP provider 
> provides ASP like applications to all Enterprise customers 
> who have multiple locations and who may or may not have 
> overlapping addresses?  Each Enterprise is it's own business 
> and we cannot allow connectivity between each other We've 
> struggled internally with this.  MPLS and using BGP 
> communities seems to be the solution.  But I am trying to 
> understand / think through the configuration of it from a CE 
> and PE side perspective.  Lab configs to follow but here's 
> what I'm thinking:
> 
> - From the CE side we could ask for 2 frame PVC's - each in 
> it's own VRF on the PE side.  Call 1 VRF private and 2nd VRF 
> public.  In the Private VRF advertise all CE routes between 
> customer A for example.  Each CE customer would have their 
> own VRF on the MPLS providers network.
> 
> -  From the CE, In Public VRF advertise a network range we 
> provide the clients and NAT traffic destined for the shared 
> environment to the public range
> 
> -  On each CE router only permit route updates on the Public 
> VRF for BGP communities that belong to that customer and our 
> shared segments.  Could also do this with just route 
> filtering by ACL/prefix lists.  On the Private VRF no need to 
> filter incoming but filter outgoing to contain routing domain 
> consistency (only send updates for CE networks)
> 
> - In the Public VRF from ASP side  - advertise all shared 
> services routes.
>  Accept all updates on Public VRF.  No access to Private VRF's here.
> 
> Thoughts?
> Thanks,
> Kenny
> 
> 





More information about the NANOG mailing list