MPLS-VPN

[abidg]

Hello,

I am preparing for the MPLS exam and wanted to request some explanation.

MPLS-VPN uses route-distinguishers and route-targets. As I understand it, RT are used to control the import and export of routes. This allows us to manage vpn based topology (intranet-/extranet-vpns). This is carried by MPLS extended community.

I am a bit confused about the usage of RD. So far what I understand is that it is used to make an IPv4 address unique by adding RD to it and making it an VPNv4 address. Such routes are then carried by MP-BGP. I am not sure I fully understand the significance of this explanation.

Also, would this allow us to have two separate customer vpns (A/B) connect to a third customer vpn (C), where the A and B use duplicate addresses? Would the RD be used to separate the addresses from A and B, under C, using separate RDs and listing relevant addresses under each RD?

If the above is the correct usage of RD (to distinguish similar routes from different custoemrs), then when a packetd comes in, how does the router decide which vpn from A or B to send it to? The interface on which the packets is coming would be associated to a vrf, having routes from both A and B in it. I read some where that MPLS-VPN could not connect VPNs using similar addresse. Does this mean that the above scenario is not possible? Then whats the purpose of RD?

I would be more than grateful for your help.

Thanks and regards,

Abid Ghufran.

 

[burtsbees]

As far as I understand, RD makes the two customers having the same subnet possible, since RD distingueshes and is unique for each site. That is the extent of my understanding, HTH

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[unclerico]

Yes, each customer will get a unique RD defined within the SP network. The RD will be added as a prefix to routes to ipv4 routes to make them unique. RT is used to establish VPN membership.

Also, would this allow us to have two separate customer vpns (A/B) connect to a third customer vpn (C), where the A and B use duplicate addresses? Would the RD be used to separate the addresses from A and B, under C, using separate RDs and listing relevant addresses under each RD?

I believe you would need to use vrf-lite and some NAT for this to work correctly (think MPLS Extranet; here's a great example:

http://www.nil.com/ipcorner/FlexExtraImplement/).

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[abidg]

Hello Guys,

First of all thanks for your help.

I totally understand what you two have said:

1) RD makes customer addresses unique by transforming them from IPv4 to VPNv4.
2) RT is used to establish vpn membership (overlap cusomter vpns).

Example-Scenario:

Lets supposed their are 3 customers A (192.168.0.0/16), B (192.168.0.0/16) and C (10.0.0.0/8).

Customers A and B have a site each (say A10 and B10) which uses subnet 192.168.10.0/24.

Customer C has a site (say CX) which needs access to both A10 and B10.

This would imply that we need to use different RD for each of the customers as well as a different RD for sites A10 and B10.

Customer Site RD
-------------------------------------
A All (except A10) 100
B All (except B10) 200
C All 300

A A10 110
B B10 210
-------------------------------------


Only then we can integrate sites A10, B10 and CX, as then with RD the VPNv4 addresses at site CX would be something like:

RD:110:
A10-address-192.168.10.0/24

RD:210:
B10-addresses-192.168.10.0/24

My query is:

1) If above requirement is logical, its config arrangement is correct, then if the site CX wants to send traffic to lets suppose A10, the pkt would have a dst like 192.168.10.x. How would the site CX vrf differentiate between the two dst networks A10 and B10, which have different RDs but same network addresses?

2) Does this mean that we cannot have such an arragement as above, with overlapping network/subnets amongst different customer network, in a common vpn, with another customer vpn/site?

3) Then how can we provide an MPLS-Service_Provider based service (say for example Voice) to two different customers? Their might be other ways of doing this but I was interested in the above arrangement's possibility.

Thanks and regards,

Abid Ghufran.

 

[unclerico]

If above requirement is logical, its config arrangement is correct, then if the site CX wants to send traffic to lets suppose A10, the pkt would have a dst like 192.168.10.x. How would the site CX vrf differentiate between the two dst networks A10 and B10, which have different RDs but same network addresses?

As I said above, NAT would need to be enabled on CX otherwise there would be no way for it to determine which 192.168.10/24 it would need to forward the traffic. If you haven't yet read the article in the link above you should take a second and do so, I think it'll clear it up.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)