The MPLS WG Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] BGP/MPLS based VPN
Hello, Thanks for clarification. Another slightly different question. The way I understood based on some vendor's manuals, IBGP peering between PEs are manually provisioned, using bgp neighbor command, for VPN routes distribution among PEs. It may require lot of effort to do it when setting up a pretty big VPN with many sites without route reflector. Are there implementations using automatic discovery of PEs for VPNs? if so, what kinds of method do they use for discovery (not for data transfer), e.g. emulated LAN, IGP extension, etc? Regards, -SF --- Ajay Simha <asimha@cisco.com> wrote: > On Wed, 26 Sep 2001, Sam Ford wrote: > > > Hello, > > > > I have the following questions on MPLS based VPN: > > - One of the advantage over traditional VPN > > is cited as elimination of full mesh overlay > > when connecting multiple sites. > > Then, when does LSP setup in MPLS domain > > supporting a particular VPN? > > If it needs to be set up statically when > configuring > > VPN, it doesn't seem to be different from > > traditional > > mesh overlay. > > Is it set up when traffic is generated? > > You have to remember MPLS is a control driven > mechanism. Nothing gets setup > *when* there is traffic. It is setup ahead of time. > > Does the LSP need to be setup statically when > configuring VPNs? > > Depends on the implementation. I have seen several > implementations where LSPs > are setup automatically for all the IGP derived > routes - this would include > the PEs and thus nothing special has to be done when > you configure a VPN. > > > - > >Does MPLS based > >VPN require the same level > > of encryption as with traditional IP VPN? > > If not, how is it protected from unathorized > > access to data or tapping? > > Now you are asking religious question :-) > Of course the answer is always depends :-) > > When you say IP VPNs do you mean IPSEC based VPNs? > If yes, IPSEC based VPNs > have a different purpose in life. Right now as I > type this email, I'm using > an IPSEC based VPN model and that is because I'm > going over the public > Internet. > > If I got a dedicated ISDN/DSL or any other type of > access into my company's > network without going over the public Internet I may > not need encryption. > > If I still feel I need encryption, just as folks did > in frame relay and atm > networks they can encrypt their data. > > -ajay > > > Thanks in advance, > > -SF __________________________________________________ Do You Yahoo!? Listen to your Yahoo! Mail messages from any phone. http://phone.yahoo.com
|
|