The MPLS WG Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] BGP/MPLS based VPN
On Fri, 28 Sep 2001, Sam Ford wrote: SF:Hello, SF: SF:Thanks for clarification. SF: SF:Another slightly different question. The way I SF:understood based on some vendor's SF:manuals, IBGP peering between PEs are manually SF:provisioned, using bgp neighbor command, for VPN SF:routes SF:distribution among PEs. It may require lot of SF:effort to do it when setting up a pretty big VPN SF:with many sites without route reflector. SF: SF:Are there implementations using automatic discovery SF:of PEs for VPNs? if so, what kinds of method do SF:they use for discovery (not for data transfer), SF:e.g. emulated LAN, IGP extension, etc? Sam, I don't know of the top of my head if any such implementations exist. I'm researching this and if I come up with something I'll be glad to share it. -ajay SF: SF:Regards, SF:-SF SF: SF:--- Ajay Simha <asimha@cisco.com> wrote: SF:> On Wed, 26 Sep 2001, Sam Ford wrote: SF:> SF:> > Hello, SF:> > SF:> > I have the following questions on MPLS based VPN: SF:> > - One of the advantage over traditional VPN SF:> > is cited as elimination of full mesh overlay SF:> > when connecting multiple sites. SF:> > Then, when does LSP setup in MPLS domain SF:> > supporting a particular VPN? SF:> > If it needs to be set up statically when SF:> configuring SF:> > VPN, it doesn't seem to be different from SF:> > traditional SF:> > mesh overlay. SF:> > Is it set up when traffic is generated? SF:> SF:> You have to remember MPLS is a control driven SF:> mechanism. Nothing gets setup SF:> *when* there is traffic. It is setup ahead of time. SF:> SF:> Does the LSP need to be setup statically when SF:> configuring VPNs? SF:> SF:> Depends on the implementation. I have seen several SF:> implementations where LSPs SF:> are setup automatically for all the IGP derived SF:> routes - this would include SF:> the PEs and thus nothing special has to be done when SF:> you configure a VPN. SF:> SF:> > - SF:> >Does MPLS based SF:> >VPN require the same level SF:> > of encryption as with traditional IP VPN? SF:> > If not, how is it protected from unathorized SF:> > access to data or tapping? SF:> SF:> Now you are asking religious question :-) SF:> Of course the answer is always depends :-) SF:> SF:> When you say IP VPNs do you mean IPSEC based VPNs? SF:> If yes, IPSEC based VPNs SF:> have a different purpose in life. Right now as I SF:> type this email, I'm using SF:> an IPSEC based VPN model and that is because I'm SF:> going over the public SF:> Internet. SF:> SF:> If I got a dedicated ISDN/DSL or any other type of SF:> access into my company's SF:> network without going over the public Internet I may SF:> not need encryption. SF:> SF:> If I still feel I need encryption, just as folks did SF:> in frame relay and atm SF:> networks they can encrypt their data. SF:> SF:> -ajay SF:> > > Thanks in advance, SF:> > -SF SF: SF: SF:__________________________________________________ SF:Do You Yahoo!? SF:Listen to your Yahoo! Mail messages from any phone. SF:http://phone.yahoo.com SF: -- Ajay Simha MPLS Deployment Engineer IOS Technology Division (919) 392-3141 "Study as if you were to live forever Live as if you were to die tomorrow" - Mahatma Gandhi |
|