The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] Re: Internet access
> this is what cisco g o i n g to do (not yet; it is announced but not > implemented yet). Well it is implemented .... :) Anyway for ISP selection you may also want to check out the vrf selection feature, platforms it is supported on etc ... R. > Yuly Milner wrote: > > I have been researching this issue for quite a bit. If you are OK with > providing real IP addresses to every location of VPN customer (which is not > the case with Tomasz), then the cheapest workable solution would be to make > an Internet VPN and to play with bgp extended communities (rd export and > import), to inject VPN route into Internet VPN and legal customers route > into internet VPN > I have done exactly that in the beginning. Than I figured, that I want to > provide choice of several ISPs for my VPN customers, and possibly security > also. This brought me to the NAT gateway solution. > The ideal thing in this case is to have your internet gateway integrated > into your MPLS cloud - this is what Cosine does (but for lots of $$), and > this is what cisco g o i n g to do (not yet; it is announced but not > implemented yet). Maybe several other vendors also. > In cisco case, it is going to be a PE router, with multiple VRFs and NAT > running for each of them. > > If you also want to provide security service to your VPN customers, than > (besides Cosine) Checkpoint VSX might be a good option. It runs virtual > firewalls per customer VLAN. So you terminate your VRFs into vlans, and run > them into your VSX. Costs about 1.5K per vlan (options for 10, 25, 50 ...) > > Cheers, > > Yuly > > -----Original Message----- > From: NOC Ops [mailto:theguber@hotmail.com] > Sent: Thursday, September 19, 2002 19:04 > To: alok.dube@apara.com; ostaszewskit@wp.pl > Cc: Yuly Milner > Subject: Re: Re: [MPLS-OPS]: Internet access > > I laugh when I see this since traditional routgers always have an ikssue > with it. > > Cosine does it very nicely.. > > Look at the attached. Not overtky marketing Cosine here but with Virtual > Routers it makes a nice clean solution of it and can be done network wide > distributed. > > >From: "alok" <alok.dube@apara.com> > >To: "Tomasz Ostaszewski" <ostaszewskit@wp.pl> > >CC: "Yuly Milner" <ymilner@unistars.lv>, < > > >Subject: Re: Re: [MPLS-OPS]: Internet access > >Date: Thu, 19 Sep 2002 17:25:36 +0530 > > > >yes the same is possible > > > >look for a box which gives u this functionality : > > > >a huge NAT box.... interface to MPLS network..... > > > >the box support MPLS based VRFs or u can give the functionality of multiple > >GRE/VLAN tunnels on the MPLS side... > > > >the remote side to the internet needs to have an association > > > >VLAN-1/VPN-1(if ur box supports MPLS ecnap)/GRE-tunnel-1 which is coming > >from vrf -1 of customer -1 has NATed public ip -1 > > > >vlan-2/VPN-2 (if ur box supports MPLS encap)/GRE-tunnel-2 which is coming > >from vrf-2 of customer-2 has NATed public ip -2 > > > >and so on... > > > >the BOX is what connects to the internet and NAT's/PAT's each customer > >VRF... it can be done at a central site..no problems... > > > >-rgds > >Alok > >----- Original Message ----- > >From: Tomasz Ostaszewski <ostaszewskit@wp.pl> > >To: alok <alok.dube@apara.com> > >Cc: Yuly Milner <ymilner@unistars.lv>; <mpls-ops@mplsrc.com> > >Sent: Thursday, September 19, 2002 3:07 PM > >Subject: Odp: Re: [MPLS-OPS]: Internet access > > > > > >Alok, > > > >I wonder about design of internet access from MPLS VPN. I want > >that only central site (hub) has registered IP address and I > >wonder if it possible not to give registered segment between > >others PE-CE pairs (spokes). > > > >Tomasz > > > >Dnia 19-09-2002 o godz. 10:38 alok napisa3(a): > > > does your this "one site already have a public ip? > > > > > > and you want to connect it out to public and figure out how to > >do it? or do > > > u want to know how give it a public ip? > > > -rgds > > > Alok > > > ----- Original Message ----- > > > Wrom: SKVFVWRKJVZCMHVIBGDADRZFSQHYUCDDJ > > > To: 'Tomasz Ostaszewski' <ostaszewskit@wp.pl>; <mpls- > >ops@mplsrc.com> > > > Sent: Thursday, September 19, 2002 12:36 PM > > > Subject: RE: [MPLS-OPS]: Internet access > > > > > > > > > Only by using NAT gateway within this VPN > > > > > > -----Original Message----- > > > Wrom: BLVLMHAALPTCXLYRWTQTIPWIGYOKSTTZRCLBDXRQBGJSNB > > > Sent: Thursday, September 19, 2002 00:59 > > > To: mpls-ops@mplsrc.com > > > Subject: [MPLS-OPS]: Internet access > > > > > > > > > Hi > > > Is it possible to create internet access within MPLS VPN > >through > > > one central site without giving registered (internet) IP > >address > > > to all other sites within this VPN but only to central one? > > > > > > Tomasz > > > > > > > > > > > > --------------------------------------------------------------- > >------------- > > > Austin Powers i Z3oty Cz3onek. W kinach od 13 września! > > > Zobacz! < http://film.wp.pl/p/film.html?id=1872 > > > > > > > ------- > > > The MPLS-OPS Mailing List > > > Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > > > Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > > > > > > ------- > > > The MPLS-OPS Mailing List > > > Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > > > Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > > > > > > > > > > > > > > > >--------------------------------------------------------------------------- > - > >Austin Powers i Z3oty Cz3onek. W kinach od 13 września! > >Zobacz! < http://film.wp.pl/p/film.html?id=1872 > > > > >------- > >The MPLS-OPS Mailing List > >Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > >Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > > > > > > > >------- > >The MPLS-OPS Mailing List > >Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > >Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > > _________________________________________________________________ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx > > ------- > The MPLS-OPS Mailing List > Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > Archive: http://www.mplsrc.com/mpls-ops_archive.shtml ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
|
|