After reading draft-ouldbrahim-vpn-vr-03.txt
and other materials on VR based NBVPN i get the following
doubts:
1. Is it right to say that if we want to use
piggy-backing for VPN information discovery, the backbone VR configuration
is a must (because PEs have to be contacted by Public address which
need not be visible to the VRs).
Not necessarily, if the PE is playing the role of
the backbone VR that
should be enough. The idea is the tunnel
information has to be build
using addresses within the service provider
addressing space.
2. Is it right to say that tunnels (MPLS,
IPSEC,etc) could be used only in the backbone VR based configuration because
otherwise the VRs have to be aware of the addresses and routes for
the PEs (public)?
Same thing here. VR
can know (if needed) the addresses outside the VPN
space
(because they are after all routers). With respect to
MPLS,
MPLS can be used as a tunneling within the backbone
or even
at the VR level. Assuming some form of label
distribution occurs
per VPN basis (per VR).
3. Will the VRs send labelled packets to
the backbone VR? If so will there be any signaling (may be some
registration) between the VRs and backbone VR?
Yes. They can as I
said. On the registration aspects,
you can
always make the VR and backbone VR known to each
other. These
are actually implementation
choices.
4. Is
it right to say that one VR can participate in only one VPN? (i did not
find details on multiple VPN support per VR)
We assumed in the draft that only one VR per VPN is
needed. Multiple
VPN support per VR can be achieved in the case of
extranets. No need
for a third VR which contains both routes of the
other two VRs.
Remember VR is per VPN basis (not per
site). Two VRs on different
VPNs can inject themselves routes to each
other and use normal firewalling
mechanisms.
Can somebody clear my doubts?
Please pardon me if these questions have
already been discussed.
Thanks in advance
Malick
Hope this
help.
Hamid