The MPLS WG Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]

VPN solution - White flag ?

From: Eric Rosen <erosen@cisco.com>
Date: Thu, 26 Oct 2000 11:43:08 -0400
cc: Paul Doolan <pdoolan@ennovatenetworks.com>, yakov@cisco.com, rnewcomb@ennovatenetowrks.com, mpls@UU.NET, diego@estos.upc.es
User-Agent: EMH/1.10.0 WEMI/1.13.2 (Mochimune) FLIM/1.12.1(Nishinokyō) Emacs/20.6 (sparc-sun-solaris2.5.1)MULE/4.0 (HANANOEN)


Barry> Doesn't a PE  router have to handle the  full Internet routing table,
Barry> plus VRFs for whatever VPNs it is supporting?  

No.   A PE  router doesn't  necessarily  have to  have any  of the  Internet
routing table at all, because Internet  access doesn't have to be offered as
part of the  VPN service, and even if  it is, it doesn't have  to be offered
via an  interface to the  same PE.  Many  providers and their  customers are
actually more  comfortable with a  clean separation of Internet  access from
VPN service.

For the  case in which Internet access  and VPN service are  offered via the
same  PE, it  still is  generally not  necessary to  bring the  full  set of
Internet routes to the edge, as Jim as indicated.

I can certainly see that this is a mismatch with the default-free Tier 1 ISP
that hopes to offer "VPN service" as a sideline in order to sell some of its
excess bandwidth.  That just isn't the  target market for the scheme.  If an
ISP wants  a sideline in order to  sell excess bandwidth, selling  a layer 2
service might well  be the best way  to go.  One size doesn't  fit all.  You
will notice that our documents tend to speak of "SPs" rather than "ISPs".

Barry> I think  that what some  folks are suggesting  is that BGP  (not "the
Barry> box",  but BGP specifically)  is already  bumping up  against scaling
Barry> limits  at 100,000  or  so routes,  and  that burdening  it with  the
Barry> additional responsibility of managing VPNs is not such a great idea

BGP runs in a  box.  The amount of state it needs  to manipulate, the amount
of messaging it  needs to do, the  amount of computation it needs  to do, is
largely a function of the number of routes which the box needs to maintain.  

I  am always at  pains to  emphasize that  the Internet  routes and  the VPN
routes are not just  thrown together in a big mishmash, but  I don't seem to
have succeeded in making this clear.

Paul> When you say  'VPN site' here are you suggesting  that the CE router
Paul> is running eBGP with/to the 'Internet exit point' ? 

The point is  that in those cases where  the CE router wants to  run EBGP to
import Internet routes  into the enterprise network, the  EBGP peer does not
have to be  the PE router.  But there  is no requirement on the  part of the
VPN scheme that the CE router import the Internet routes.

References:
- VPN solution - White flag ?
  - From: Barry Hass <BHass@nexabit.com>