The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] unsubscribe me from the list
V.Padmanabha Rao Infosys Technologies Ltd. Bangalore -india. Ph 91-80-8520261 Ext:6310 ----- Original Message ----- From: "Robert Raszuk" <raszuk@cisco.com> To: <ccasey@bigfoot.com> Cc: <mpls-ops@mplsrc.com> Sent: Wednesday, November 28, 2001 4:27 PM Subject: Re: Fwd: FW: How to Differentiate Traffic ? > Chris, > > Let's come back to my original reply: > > > > In this situation, customer is using MPLS VPN for his VPN requirements. > >But some of his > > > traffic has to come out onto the Provider network, say for accessing > >server located on > > > Service provider's backbone. > > > >The simplest way to separate the traffic which destination is provider's > >global table at least from the forwarding perspective is to build a GRE > >tunnel on the PE-CE int and therefor have additional logical > >subinterface into your PE. > > > Fundamentally allowing VPN users access any service on your global net > kill's one big advantage of VPNs which is ability to use private address > space by their sites. Also you realize that it opens up thier sites to > all possible attacks when you are also providing an Internet access in > the global space. > > Usually this is not a problem for any VPN customer as they can get to > your global services via their Internet access connection. Now the > bottom line is how to provide secure internet access for VPN customers > pls see my reply above + also take a look at other ways of providing > internet access for VPN customers. > > R. > > > > "Chris C.," wrote: > > > > Robert, > > > > Let me clarify a little. This is for a service Providers network. Let me > > make some comments below: > > > > > > > > > > 1. You have a CPE that does not support this? Like a DSL Bridge as an > > > > example. > > > > > >I am surprise that you would connect DSL bridge directly into the PE. > > >Usually it goes to NAS then via some L2 encapsulation (for example l2tp) > > >to PEs. > > > > > > > Chris>> Need cheap CPE devices. The above was just one example. DSL bridge > > through a DSLAM using a Bridge Group at the PE with DHCP for IP Addressing > > so that telecommuters for an enterprise can get the same IP address wherther > > they are at work or at home or a SOHO office. IE: The DHCP server for that > > particular user is the actual enterprises Server > > > > > > 2. You do not have a CPE. EG: Ethernet port off a L2 LAN Switch in a MTU > > > > model. > > > > > >Well most ethernet switches support VLANs. That's all what you need. > > >Also linux supports both GRE and vlans so you can easily use this as > > >solution as well. > > > > Chris>> Does not seem practical. Are you saying put a LINUX WS at each site? > > That eliminates the cost advantage of using Ethernet then doesn't it?? Also > > in the VLAN scenario would that not mean the clients Internet traffic could > > route back to the VPN path? (Note: If the client did nothing about it and > > was outsourcing the service to us the SP) > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > ------- > The MPLS-OPS Mailing List > Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
|
|