Cisco Systems OL-4344-01 manual Hub and Spoke Considerations

Page 20

Chapter 1 About Cisco IP Solution Center

About MPLS VPNs

ISC supports multiple CEs per site and multiple sites connected to the same PE. Each CERC has unique route targets (RT), route distinguisher (RD) and VRF naming. After provisioning a CERC, it is a good idea to run the audit reports to verify the CERC deployment and view the topologies created by the service requests. The product supports linking two or more CE routing communities in the same VPN.

Figure 1-10shows several examples of the topologies that IP Solution Center CERCs can employ.

Figure 1-10 Examples of CERC Topologies

Full mesh; CERC 1

 

Hub and spoke; CERC 1

CE 1

CE

3

CE 4

CE 2

Complex CERCs 3 and 4

CE 1

CE 3

CE 4

CE 2

CE 5

CERC 3

 

CERC 4

CE 5

CE 6

 

 

 

 

 

 

Multi VPN CERCs

 

 

 

 

 

CE 3 (spoke)

 

 

 

 

 

 

CERC 5

 

 

 

 

 

CERC 6

28902

 

 

 

 

CE 1 (hub)

CE 2 (hub)

 

Hub and Spoke Considerations

In hub-and-spoke MPLS VPN environments, the spoke routers have to have unique Route Distinguishers (RDs). In order to use the hub site as a transit point for connectivity in such an environment, the spoke sites export their routes to the hub. Spokes can talk to hubs, but spokes never have routes to other spokes.

Due to the current MPLS VPN implementation, you must apply a different RD for each spoke VRF. The MP-BGP selection process applies to all the routes that have to be imported into the same VRF plus all routes that have the same RD of such a VRF. Once the selection process is done, only the best routes are imported. In this case this can result in a best route which is not imported. Thus, customers must have different RDs per spoke-VRF.

Full Mesh Considerations

Each CE Routing Community (CERC) has two distinct RTs: a hub RT and a spoke RT. When building a full mesh topology, always use the hub RT. Thus, when a need arises to add a spoke site for the current full mesh topology, you can easily add the spoke site without reconfiguring any of the hub sites. The existing spoke RT can be used for this purpose. This is a strategy to prevent having to do significant reprovisioning of a full mesh topology to a hub-and-spoke topology.

Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0

1-20

OL-4344-01

 

 

Image 20
Contents About Cisco IP Solution Center Overview of ISC ISC Network Management SubnetISC Features Service Provider Network for Vlan ID Management Access Domain Assigned Resource PoolsFeatures and Functions Provided in Provisioning with ISC VPN Service Profile-Based ProvisioningRole-Based Access Control Rbac CPE Customer’s and Provider’s View of the Network Customer’s View of the NetworkAbout Provider Edge Routers PEs About Multi-VRF CEsA Multi-VRF CE Providing Layer 3 Aggregation Using Templates to Customize Configuration Files Mapping IPsec Tunnels to Mpls VPNsAuditing Service Requests Uses for the Template FunctionAbout Mpls VPNs VPNs Sharing SitesCharacteristics of Mpls VPNs Intranets and ExtranetsVPN Routing and Forwarding Tables VRFs VRF Implementation Considerations Ip vrf site2 rdCreating a VRF Instance Route Distinguishers and Route TargetsRoute Target Communities CE Routing CommunitiesHub and Spoke Considerations Security Requirements for Mpls VPNs Address Space and Routing SeparationAddress Space Separation Routing SeparationHiding the Mpls Core Structure Resistance to Attacks Securing the Routing ProtocolLabel Spoofing Routing Authentication Securing the Mpls CoreTrusted Devices PE-CE InterfaceConnectivity Between VPNs LDP AuthenticationSeparation of CE-PE Links MP-BGP Security Features Security Through IP Address ResolutionAPI Functionality Supported North Bound Interface NBIEnsuring VPN Isolation API Approach Distributed Load BalancingNBI Benefits 11 Simple Flat-Based Server Load Balancing Configuration Four-Tier System Architecture Client tierControl tier