The MPLS WG Archive

[Jim Guichard <jguichar@cisco.com>]

depends. If I separate VPN and Internet access then I can propogate my
global Internet routing information between all Internet routers but VPN
information only between PE routers that need it. I could also direct my
traffic to an Internet router that has selected the best path based on all
peering points. Maybe I have customers that actually want access via a
specific ISP ? I can do this also by directed BGP session from the VPN site
to the exit point. I also may have requirements for NAT and Firewall
services where I need to direct my VPN customers to central services that
provide this functionality and also provide optimal BGP exit point routing
based on the best path selection. Maybe I don't want to exchange Internet
routes at all with the VPN provider in which case I will run iBGP sessions
directly between my sites and just exchange next-hops with the provider .. Jim

At 09:12 26/10/2000 -0700, Randy Bush wrote:
>and which one will work for a large isp with lots of vpn customers and lots
>of connections to other peer isps?
>
>> the answer is no. There are various ways to design Internet connectivity
>> within this environment, one of which is to carry full Internet routes on
>> the PE router. Other options include default routing from VPN sites to a
>> central site that has Internet connectivity, another is to offload the
>> Internet routes from the PE and run direct eBGP sessions from the VPN site
>> to the Internet exit point. Which option is actually taken will depend on
>> the specific design requirements. Jim
>> 
>> At 08:37 26/10/2000 -0400, Barry Hass wrote:
>> >Eric,
>> >
>> >Doesn't a PE router have to handle the full Internet routing
>> >table, plus VRFs for whatever VPNs it is supporting? I think
>> >that what some folks are suggesting is that BGP (not "the box",
>> >but BGP specifically) is already bumping up against scaling
>> >limits at 100,000 or so routes, and that burdening it with the
>> >additional responsibility of managing VPNs is not such a great
>> >idea. ("Some folks" please correct me if I'm wrong). Can you
>> >comment on that?
>> >
>> >By the way, I don't have enough information to have an opinion
>> >on this. I'm just trying to steer the discussion back to what
>> >I thought was an interesting technical question before the
>> >insults started to fly.
>> >
>> >> In the  NBVPN routing environment, it is  not true that 
>> >> anyone  in the world
>> >> needs to be  able to reach anyone else  in the world.  Each 
>> >> VPN  has its own
>> >> inter-connectivity  matrix,  much  smaller  than the  
>> >> Internet  connectivity
>> >> matrix.  Now if you add up all the VPN routes, summed over 
>> >> all VPNs, you may
>> >> indeed get  a much larger  number than the  number of 
>> >> Internet  routes.  But
>> >> there is no one box which needs  to hold them all.  Since an 
>> >> instance of BGP
>> >> runs in a particular box, and only  has to deal with the 
>> >> routes that need to
>> >> be in that box,  you don't run up against the same  box 
>> >> scaling problems you
>> >> run up  against in  the Internet routing  environment.  You 
>> >> can  design your
>> >> system to  have a given box  handle as many routes  or as few 
>> >>  routes as you
>> >> want.  
>> > 
>> 
>> 
>> Jim Guichard CCIE #2069
>> Network Design Consultant EMEA
>> Global Solutions Engineering 
>> 
>> +44 208 756 8806
>> Mobile: +44 7802 809763
>> 
> 


Jim Guichard CCIE #2069
Network Design Consultant EMEA
Global Solutions Engineering 

+44 208 756 8806
Mobile: +44 7802 809763