The MPLS-OPS Archive

[Mathew Lodge <mathew@cplane.com>]

At 07:28 PM 12/10/2001 +0530, Vinod Anthony Joseph Cherunni wrote:
> If i am going to offer
> MPLS based VPN's (Intranet & Internet access) on Ethernet catering to
> say a huge complex shared by multiple customers, which eventually will
> terminate on my ethernet aggregation switch (part of the same
> multi-access LAN). Which of the below given methods would be the 
> best way of provisioning the same. 
>
> 1. Dedicate a physical ethernet port on my PE router for
> each customer connection, & use GRE tunnels (1 for Intranet, & 1
> for Internet access), wherein the CE GRE connection would use the IP
> allocated on the dedicated ethernet port on the PE as the GRE tunnel
> destination. So each CE gets a physcial port dedicated on the PE
> router. 
>
> 2. Use a single physical Ethernet port on the PE, &
> build GRE tunnels from all the CPE into the same physcial port. My
> experience in such a scenario has been that each GRE tunnel built from a
> single physical ethernet port, on both the PE & CE routers, needs an
> independent physical IP address bound to it. This makes one allocate 1 IP
> address on the physical ethernet port per GRE tunnel, using secondary
> addresses. 

I am assuming you're doing RFC2547 VPNs? Another alternative to GRE would
be to use Ethernet VLANs to segment the customer traffic. You can either
use one physical port per Ethernet customer in the building and map each
into a VLAN, and then map each VLAN into a given IP VPN.

Alternatively, if you have some choice and control over the CPE, you
could have the CPE do the mapping into the VLAN itself. That way you
don't need one physical Ethernet port per customer, but the wiring of the
building itself may make this harder than simply using one Ethernet port
per customer.

Regards,

Mathew

| Mathew Lodge                | mathew@cplane.com     |
| Director, Product Marketing | Ph: +1 408 789 4068   |
| CPLANE, Inc.                | http://www.cplane.com |