The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] RE: MPLS Closed User Groups
Comments below with '***' in front... Richard -- rdonkin@orchestream.com http://www.orchestream.com Tel: +44 (0)20 7348 1507 (direct) Orchestream Ltd. +44 (0)20 7348 1500 (switchboard) Avon House, Kensington Village, Fax: +44 (0)20 7348 1501 Avonmore Road >>>> IP Service Activation >>>> London W14 8TS, UK -----Original Message----- From: Irwin Lazar [mailto:ILazar@tbg.com] Sent: Thu 28 September 2000 21:40 To: mpls-ops@mplsrc.com Subject: MPLS Closed User Groups Hi All, I am currently working with a large enterprise that runs an IP backbone network to connect sites around the world. The backbone consists of approximately 8 locations. The locations are connected via ATM OC-3, which is leased from a service provider. They do not own the ATM switches or the fiber, but they do own and manage the backbone routers at each location. Connectivity between sites is provided via OSPF. They are looking at the possibility of using MPLS to create closed user groups to allow them to tunnel traffic across their backbone for specific locations that connect to various backbone nodes. The goal is that traffic for these sites would be isolated from the rest of the of their network. They would also like to prioritize these MPLS tunnels, and they also want to prioritize certain types of IP traffic that run over the same links, but isn't part of the MPLS cloud. Questions: - is it possible to have MPLS closed user groups for specific sites, while the LSR's also operate as traditional routers to carry non-MPLS traffic? *** Yes, this is what is termed MPLS VPNs - see RFC 2547 for an in depth explanation, or http://www.orchestream.com/products/collateral/data_sheets.html - the last link here is to a 2 page datasheet explaining MPLS VPNs in a fairly product-independent manner. - is it possible to implement prioritization as described above? *** Yes, typically the edge LSRs copy the IP Precedence values into the MPLS label's EXT field, which can then be treated as the MPLS CoS level. However you'd need to check with the specific LSR vendor. More complex schemes are possible using more than one LSP for each source-destination pair, for CoS purposes. - would it make sense for them to go to an all MPLS network, with MPLS LSP's being used for all backbone connectivity (I'm assuming that they would need to provision LSP's on top of the ATM PVC's between each backbone node, which I'm not sure makes a lot of sense) *** This may well make sense, with the caveat that significant testing of the MPLS LSRs will be necessary - MPLS is not yet as mature as ATM, and is not an IETF standard at this point. - would an IP-VPN using a hardware or software be a better solution? *** I suppose you mean IPSec or GRE based VPNs, since MPLS VPNs are a sort of IP-VPN technology. There are various pros and cons to MPLS vs. IPSec VPNs, but MPLS wins on scalability, resilience, high throughput, etc, whereas IPSec wins if you need end to end encryption and authentication. It depends on the requirements of your VPN, but MPLS VPNs are as secure as using ATM/FR PVCs between sites, and they have the big advantage of not requiring management of IPSec hardware and keys at the customer sites. - are there other options out there (such as virtual routers) that might make more sense? *** Some vendors are using virtual routers as another way of doing MPLS VPNs (not following RFC 2547, which is informational anyway). However, I think IPSec and MPLS VPNs a la 2547 are currently the main approaches. Hope this helps, Richard ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml |
|