1
MPLS VPN Topologies
1-2 MPLS VPN Topologies Copyright 2000, Cisco Systems, Inc.
Simple VPN with Optimal Intra-VPN Routing
Review Questions
Answer the following questions
n What are the basic requirements for simple VPN service?
Any site can talk to any other site and optimal routing is provided across
the backbone.
n What are the routing requirements for simple VPN service?
The usage of traditional routing protocols such as: static routing, RIPv2,
OSPF or BGP to advertise customer networks between the PE-routers
and the CE-routers.
n Which PE-CE routing protocol would you use for simple VPN service?
RIP version 2.
n How many VRFs per PE-router do you need to implement simple VPN
service?
One for all sites in the simple VPN.
n How do you integrate RIP running between PE and CE with MP-BGP running
in the MPLS VPN backbone?
RIPv2 routes from CE site are redistributed into MP-BGP, transported
across backbone and redistributed back into PE-CE routing protocol
(RIPv2).
n When would you use static routing between PE and CE routers?
For single-connection sites with one IP prefix.
n When would you be able to use default routing from PE toward CE?
Usually, when the CE routers has one single connection to the MPLS
VPN backbone (stub sites).
n When would you use OSPF between PE and CE routers?
For large VPN customers where the customer insists on using OSPF for
migration or intra-site routing purposes.
n What are the drawbacks of offering OSPF as the PE-CE routing protocol to
your customers?
The number of VRFs that can support OSPF on a single PE-router is
limited by the overall process number (32).
Copyright 2000, Cisco Systems, Inc. Release Date: August 2000 1-3
Using BGP as the PE-CE Routing Protocol
Review Questions
Answer the following questions
n When would you use BGP as the PE-CE routing protocol?
When a site has more than one connection into the MPLS backbone.
When a customer has a large number of sites (appx. more than 100).
If the customer is also an ISP with its own AS number.
n When would you use the same AS number for several sites?
If there is a large number of sites and there are not enough private AS
numbers available.
If the customer is an ISP with its own AS number.
n When would you use a different AS number for every site?
If VPNs do not overlap and do not have more than 1024 sites.
n Which BGP features would you use to support the customers that use the
same AS number at multiple sites?
"AllowAS-in" for multihomed sites using a hub-and-spoke topology.
"AS-override" to be able to propagate routes from one site to another
site.
1-4 MPLS VPN Topologies Copyright 2000, Cisco Systems, Inc.
Overlapping Virtual Private Networks
Review Questions
Answer the following questions
n What are the typical usages for overlapping Virtual Private Networks?
Separating an enterprise network into VPNs, which have access only to
the central VPN.
Interconnecting two or more enterprise networks by using an extranet
VPN.
n What are the connectivity requirements for overlapping VPNs?
An additional VPN for overlapping sites.
n What is the expected data flow within overlapping VPNs?
Routing for data flow between any pair of sites (if permitted) is still
optimal.
Data flow between two sites is permitted if they are part of the same
VPN.
n How many VRFs do you need to implement three partially overlapping VPNs?
How many route distinguishers? How many route targets?
One VRF per set of sites with the same VPN membership per PE
router; one RD per VRF (three); at least two route targets.
n How would you select a routing protocol to use in an overlapping VPN
solution?
Overlapping VPN topology does not influence the design criteria for
selecting the IGP.
Copyright 2000, Cisco Systems, Inc. Release Date: August 2000 1-5
Central Services VPN Solutions
Review Questions
Answer the following questions
n What are the typical usages for central services VPN topology?
Extranets interconnecting enterprise networks by using central (proxy)
servers
Intranet with separated departments having access to the central servers
n What is the connectivity model for central services VPN topology?
All clients have access to the central VPN but not to each other
n How do you implement central services VPN topology?
A separate VRF for each client (ClientVPN) and one VRF per PE
router connecting a server site (CentralVPN).
One RT for CentralVPN->ClientVPN route propagation and another RT
for all ClientVPN->CentralVPN.
n How many route targets do you need for a central services VPN solution with
two server sites and 50 client sites? How many route distinguishers?
52 route targets and 51 route distinguishers
n How do you combine central services VPN topology with simple VPN
topology?
We need one VRF per VPN for sites that have access to other sites in
the customer VPN, but no access to the Central Services VPN, one
VRF per VPN for sites that have access to Central Services VPN, and
one VRF for the Central Services VPN .