MPLS Services

Ivan Pepelnjak ip at
Fri Aug 28 13:52:21 CDT 2009

This might give you some ideas (also solves the overlapping customer address


> -----Original Message-----
> From: Kenny Sallee [mailto:kenny.sallee at] 
> Sent: Friday, August 28, 2009 6:28 PM
> To: nanog at
> Subject: MPLS Services
> Questions for the community:  from a Application Service 
> Provider perspective - how / can one provide application 
> access to a group of Enterprises where the ASP provider 
> provides ASP like applications to all Enterprise customers 
> who have multiple locations and who may or may not have 
> overlapping addresses?  Each Enterprise is it's own business 
> and we cannot allow connectivity between each other We've 
> struggled internally with this.  MPLS and using BGP 
> communities seems to be the solution.  But I am trying to 
> understand / think through the configuration of it from a CE 
> and PE side perspective.  Lab configs to follow but here's 
> what I'm thinking:
> - From the CE side we could ask for 2 frame PVC's - each in 
> it's own VRF on the PE side.  Call 1 VRF private and 2nd VRF 
> public.  In the Private VRF advertise all CE routes between 
> customer A for example.  Each CE customer would have their 
> own VRF on the MPLS providers network.
> -  From the CE, In Public VRF advertise a network range we 
> provide the clients and NAT traffic destined for the shared 
> environment to the public range
> -  On each CE router only permit route updates on the Public 
> VRF for BGP communities that belong to that customer and our 
> shared segments.  Could also do this with just route 
> filtering by ACL/prefix lists.  On the Private VRF no need to 
> filter incoming but filter outgoing to contain routing domain 
> consistency (only send updates for CE networks)
> - In the Public VRF from ASP side  - advertise all shared 
> services routes.
>  Accept all updates on Public VRF.  No access to Private VRF's here.
> Thoughts?
> Thanks,
> Kenny

More information about the NANOG mailing list