Integrating Internet Access with MPLS VPNs Implementing Internet

  • Slides: 13
Download presentation
Integrating Internet Access with MPLS VPNs Implementing Internet Access as a Separate VPN ©

Integrating Internet Access with MPLS VPNs Implementing Internet Access as a Separate VPN © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -1

Outline • Overview • Internet Access as a Separate VPN • Implementing Redundant Internet

Outline • Overview • Internet Access as a Separate VPN • Implementing Redundant Internet Gateway Access • Implementing Classical Internet Access for a VPN Customer • Implementing Internet Access from Every Customer Site • Implementing Wholesale Internet Access • Running an Internet Backbone in a VPN • Summary © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -2

Internet Access as a Separate VPN • A provider Internet gateway is connected as

Internet Access as a Separate VPN • A provider Internet gateway is connected as a CE router to the MPLS VPN backbone. • The Internet gateway does not insert full Internet routing into the Internet VPN. – Only the default route and the local (regional) routes are inserted. • Every customer site that needs Internet access is assigned to the same Internet VPN as the Internet gateway. © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -3

Internet Access as a Separate VPN (Cont. ) • The Internet VPN is isolated

Internet Access as a Separate VPN (Cont. ) • The Internet VPN is isolated from the P routers. © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -4

Example: Configuring the Internet Gateway in a Separate VPN © 2006 Cisco Systems, Inc.

Example: Configuring the Internet Gateway in a Separate VPN © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -5

Redundant Internet Access • The default route should be advertised by all Internet gateways

Redundant Internet Access • The default route should be advertised by all Internet gateways only if they can reach the upstream ISP core. © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -6

Classical Internet Access for a VPN Customer © 2006 Cisco Systems, Inc. All rights

Classical Internet Access for a VPN Customer © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -7

Classical Internet Access for a VPN Customer (Cont. ) © 2006 Cisco Systems, Inc.

Classical Internet Access for a VPN Customer (Cont. ) © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -8

Internet Access from Every Customer Site • Configure Internet VRF for every location. ©

Internet Access from Every Customer Site • Configure Internet VRF for every location. © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -9

Wholesale Internet Access • A separate VPN is created for each upstream ISP. •

Wholesale Internet Access • A separate VPN is created for each upstream ISP. • Each ISP gateway announces the default route to the VPN. • Customers are assigned into the VRF that corresponds to the VPN of the desired upstream ISP. • Changing an ISP is as easy as reassigning an interface into a different VRF (and attending to address allocation issues). © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -10

Limitations of Running an Internet Backbone in a VPN Benefits: • Supports all Internet

Limitations of Running an Internet Backbone in a VPN Benefits: • Supports all Internet access service types • Can support all customer requirements, including a BGP session with the customer, accomplished through advanced BGP setup Drawbacks: • Full Internet routing cannot be carried in the VPN; default routes are needed that can lead to suboptimal routing. • Internet gateway routers act as CE routers on the VPN backbone; implementing overlapping Internet and VPN backbones requires care. © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -11

Summary • MPLS VPN architecture supports defining the Internet as a VPN. – Redundant

Summary • MPLS VPN architecture supports defining the Internet as a VPN. – Redundant Internet access is easy to achieve. – The classical Internet access model can be easily implemented using the Internet VPN. • Internet access from every customer site can be implemented by configuring the Internet VRF on a second interface at every location • Wholesale Internet access can be implemented by creating a separate VPN for every upstream ISP. • Internet VPNs supports all customer requirements, including full Internet routing. © 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -12

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -13

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v 2. 2— 7 -13