×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

MPLS-VPN

MPLS-VPN

(OP)
Hello,

I am preparing for the MPLS exam and wanted to request some explanation.

MPLS-VPN uses route-distinguishers and route-targets. As I understand it, RT are used to control the import and export of routes. This allows us to manage vpn based topology (intranet-/extranet-vpns). This is carried by MPLS extended community.

I am a bit confused about the usage of RD. So far what I understand is that it is used to make an IPv4 address unique by adding RD to it and making it an VPNv4 address. Such routes are then carried by MP-BGP. I am not sure I fully understand the significance of this explanation.

Also, would this allow us to have two separate customer vpns (A/B) connect to a third customer vpn (C), where the A and B use duplicate addresses? Would the RD be used to separate the addresses from A and B, under C, using separate RDs and listing relevant addresses under each RD?

If the above is the correct usage of RD (to distinguish similar routes from different custoemrs), then when a packetd comes in, how does the router decide which vpn from A or B to send it to? The interface on which the packets is coming would be associated to a vrf, having routes from both A and B in it. I read some where that MPLS-VPN could not connect VPNs using similar addresse. Does this mean that the above scenario is not possible? Then whats the purpose of RD?

I would be more than grateful for your help.

Thanks and regards,

Abid Ghufran.

RE: MPLS-VPN

As far as I understand, RD makes the two customers having the same subnet possible, since RD distingueshes and is unique for each site. That is the extent of my understanding, HTH

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

RE: MPLS-VPN

Yes, each customer will get a unique RD defined within the SP network. The RD will be added as a prefix to routes to ipv4 routes to make them unique. RT is used to establish VPN membership.

Quote:


Also, would this allow us to have two separate customer vpns (A/B) connect to a third customer vpn (C), where the A and B use duplicate addresses? Would the RD be used to separate the addresses from A and B, under C, using separate RDs and listing relevant addresses under each RD?
I believe you would need to use vrf-lite and some NAT for this to work correctly (think MPLS Extranet; here's a great example: http://www.nil.com/ipcorner/FlexExtraImplement/).

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

RE: MPLS-VPN

(OP)
Hello Guys,

First of all thanks for your help.

I totally understand what you two have said:

1) RD makes customer addresses unique by transforming them from IPv4 to VPNv4.
2) RT is used to establish vpn membership (overlap cusomter vpns).

Example-Scenario:

Lets supposed their are 3 customers A (192.168.0.0/16), B (192.168.0.0/16) and C (10.0.0.0/8).  

Customers A and B have a site each (say A10 and B10) which uses subnet 192.168.10.0/24.

Customer C has a site (say CX) which needs access to both A10 and B10.

This would imply that we need to use different RD for each of the customers as well as a different RD for sites A10 and B10.

Customer    Site                RD
-------------------------------------
A           All (except A10)    100
B           All (except B10)    200
C           All                 300

A           A10                 110
B           B10                 210
-------------------------------------

 
Only then we can integrate sites A10, B10 and CX, as then with RD the VPNv4 addresses at site CX would be something like:

RD:110:
A10-address-192.168.10.0/24

RD:210:
B10-addresses-192.168.10.0/24

My query is:

1) If above requirement is logical, its config arrangement is correct, then if the site CX wants to send traffic to lets suppose A10, the pkt would have a dst like 192.168.10.x. How would the site CX vrf differentiate between the two dst networks A10 and B10, which have different RDs but same network addresses?

2) Does this mean that we cannot have such an arragement as above, with overlapping network/subnets amongst different customer network, in a common vpn, with another customer vpn/site?

3) Then how can we provide an MPLS-Service_Provider based service (say for example Voice) to two different customers? Their might be other ways of doing this but I was interested in the above arrangement's possibility.

Thanks and regards,
 
Abid Ghufran.

RE: MPLS-VPN

Quote:


If above requirement is logical, its config arrangement is correct, then if the site CX wants to send traffic to lets suppose A10, the pkt would have a dst like 192.168.10.x. How would the site CX vrf differentiate between the two dst networks A10 and B10, which have different RDs but same network addresses?
As I said above, NAT would need to be enabled on CX otherwise there would be no way for it to determine which 192.168.10/24 it would need to forward the traffic. If you haven't yet read the article in the link above you should take a second and do so, I think it'll clear it up.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close