The MPLS WG Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]

VPN solution - White flag ?

From: Eric Rosen <erosen@cisco.com>
Date: Thu, 26 Oct 2000 12:48:01 -0400
cc: Jim Guichard <jguichar@cisco.com>, Barry Hass <BHass@nexabit.com>, Paul Doolan <pdoolan@ennovatenetworks.com>, yakov@cisco.com, rnewcomb@ennovatenetowrks.com, mpls@UU.NET, diego@estos.upc.es
User-Agent: EMH/1.10.0 WEMI/1.13.2 (Mochimune) FLIM/1.12.1(Nishinokyō) Emacs/20.6 (sparc-sun-solaris2.5.1)MULE/4.0 (HANANOEN)

Randy> which one  will work for a large  isp with lots of  vpn customers and
Randy> lots of connections to other peer isps? 

This particular  scenario is  not the only  scenario in existence.   But for
this scenario, it  is probably best to keep the VPN  routes and the Internet
routes strictly separated, so that no  one edge router has them both.  There
are two obvious ways to do this:

- If  VPN  access and  Internet  access  are to  be  offered  over the  same
  interface, then  keep only the VPN routes  in the PE router  to which that
  interface  leads.  Packets  which  need to  go  to the  Internet then  get
  default-routed to an adjacent router which has the Internet routes.

- Use different interfaces for VPN access and Internet access, and have them
  lead to different edge routers. 

Of course, if one makes it a  requirement that the adoption of a VPN service
have no  impact on  the network  design, then the  RFC2547 solution  will be
ruled out in this scenario.

References:
- VPN solution - White flag ?
  - From: Randy Bush <randy@psg.com>