The MPLS WG Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] BGP/MPLS based VPN
Sam, Manual ibgp peering is fine when you have no more then 5 PEs. For more then that just use bgp route reflectors and the problem is solved. One session per PE (maybe two for redundancy). Rgs, R. > Sam Ford wrote: > > Hello, > > Thanks for clarification. > > Another slightly different question. The way I > understood based on some vendor's > manuals, IBGP peering between PEs are manually > provisioned, using bgp neighbor command, for VPN > routes > distribution among PEs. It may require lot of > effort to do it when setting up a pretty big VPN > with many sites without route reflector. > > Are there implementations using automatic discovery > of PEs for VPNs? if so, what kinds of method do > they use for discovery (not for data transfer), > e.g. emulated LAN, IGP extension, etc? > > Regards, > -SF > > --- Ajay Simha <asimha@cisco.com> wrote: > > On Wed, 26 Sep 2001, Sam Ford wrote: > > > > > Hello, > > > > > > I have the following questions on MPLS based VPN: > > > - One of the advantage over traditional VPN > > > is cited as elimination of full mesh overlay > > > when connecting multiple sites. > > > Then, when does LSP setup in MPLS domain > > > supporting a particular VPN? > > > If it needs to be set up statically when > > configuring > > > VPN, it doesn't seem to be different from > > > traditional > > > mesh overlay. > > > Is it set up when traffic is generated? > > > > You have to remember MPLS is a control driven > > mechanism. Nothing gets setup > > *when* there is traffic. It is setup ahead of time. > > > > Does the LSP need to be setup statically when > > configuring VPNs? > > > > Depends on the implementation. I have seen several > > implementations where LSPs > > are setup automatically for all the IGP derived > > routes - this would include > > the PEs and thus nothing special has to be done when > > you configure a VPN. > > > > > - > > >Does MPLS based > > >VPN require the same level > > > of encryption as with traditional IP VPN? > > > If not, how is it protected from unathorized > > > access to data or tapping? > > > > Now you are asking religious question :-) > > Of course the answer is always depends :-) > > > > When you say IP VPNs do you mean IPSEC based VPNs? > > If yes, IPSEC based VPNs > > have a different purpose in life. Right now as I > > type this email, I'm using > > an IPSEC based VPN model and that is because I'm > > going over the public > > Internet. > > > > If I got a dedicated ISDN/DSL or any other type of > > access into my company's > > network without going over the public Internet I may > > not need encryption. > > > > If I still feel I need encryption, just as folks did > > in frame relay and atm > > networks they can encrypt their data. > > > > -ajay > > > > Thanks in advance, > > > -SF > > __________________________________________________ > Do You Yahoo!? > Listen to your Yahoo! Mail messages from any phone. > http://phone.yahoo.com
|
|