The MPLS-OPS Archive

Cell Relay Retreat>MPLS-OPS Archive>month:2003-Aug> msg00000



[Date Prev][Date Next][Thread Prev][Thread Next]  
  [Date Index][Thread Index][Author Index][Subject Index]

Clarify Management VPN?

  • From: "Frederik H. Andersen" <Frederik.H.Andersen@netman.dk>(by way of Frederik H. Andersen <fhu@get2net.dk>)
  • Date: Fri, 1 Aug 2003 13:36:14 +0200
  • Resent-Date: Fri, 1 Aug 2003 08:12:02 -0400
  • To: <mpls-ops@mplsrc.com>
  • User-Agent: KMail/1.4.3
  • X-MIME-Autoconverted: from quoted-printable to 8bit by host.secure4-hosting.net id h71BaIvr001135

Hi,

I'm planning a Cisco hub&spoke type ISP Management VPN and have some doubts
 which I hope some with insight is willing spend the time to resolve:

Assume the following (generic) VRFs:
Any VPN Site:				The Management Hub site:
   VRF Site1                        VRF Hub
      RD S1                            RD HH
      RT import Spoke                  RT export Spoke
      RT export Hub                    RT import Hub
      RT ...

1) Is it correct, that the routes exported by the sites and imported by the
 Hub (having RT Hub) are NOT redistributed by the Hub (iBGP) to the spoke
 sites with a RT of Spoke ?

2) Are they redistributed at all, with e.g. an RT of Hub?

3) If they are not redistributed, what if a customer VPN had a similar
 hub&spoke configuration. How would this VPN learn the routes, e.g. how would
 a Site1 know the route to e.g. a Site2

To limit the number of routes to be stored by the management Hub site PE, I
understand that e.g. an import route map could be deployed by the Hub site to
filter unwanted routes. E.g. something like:
   VRF Hub
      RD HH
      RT export Spoke
      RT import Hub
      import map mgmt_map

4) Will the 'RT import Hub' and an 'import map' work as an OR or as an AND?
 I.e. will only routes with RT Hub AND satisfying the map match criteria be
 imported?

5) Is it possible/better to limit the distribution of management routes at
 the sites, by use of an export map configuration?

6) If a map uses a 'match ip address' construct, what address is actually
 matched? a) Is it the src or dst IP address in the route update protocol
 (BGP peer)? b) Is it the route prefix in the routes?
   c) Is it the next hop address in the routes?

7) It looks to me, that a VPN topology refers to the control plane and not
 the data plane, because when a site route is learnt on PE1 from some other
 iBGP peer (e.g. a PE-hub), it refers to the PE2 connecting to that prefix,
 and then the IGP will point PE1 to the next hop router towards PE2 and this
 will typically not be the hub?! Is this correct?

I hope some may clarify these issues or point me to some information that
 might.

- Fred


-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml