Cisco Systems OL-4344-01 manual Features and Functions Provided in Provisioning with ISC

Page 6

Chapter 1 About Cisco IP Solution Center

Overview of ISC

Route Distinguisher (RD) pool: The IP subnets advertised by the CE routers to the PE routers are augmented with a 64-bit prefix called a route distinguisher (RD) to make them unique. The resulting 96-bit addresses are then exchanged between the PEs, using a special address family of Multiprotocol BGP (referred to as MP-BGP). The RD pool is a pool of 64-bit RD values that ISC uses to make sure the IP addresses in the network are unique.

Site of origin pool: The pool of values for the site-of-origin attribute. The site-of-origin attribute prevents routing loops when a site is multihomed to the MPLS VPN backbone. This is achieved by identifying the site from which the route was learned, based on its SOO value, so that it is not readvertised back to that site from a PE in the MPLS VPN network.

All these resources, that are made available to the service provider, enable the automation of service deployment.

Features and Functions Provided in Provisioning with ISC

ISC assumes that the iBGPv4 core over MPLS, IGP, and VPNv4 neighbors are preprovisioned.

The features and functions provided in provisioning MPLS VPNs are as follows:

ISC configures the IP addresses on the CE and PE interfaces.

IP addresses are assumed to be specified by the service provider and unique in the network.

Configures CE and PE routing.

This allocates the PE VRF, route target, and route distinguisher values

Advertises CE site routes to other sites in the same VPN.

Supports unmanaged CEs

Allows service request removal and modification

Support for MP-BGPv4 commands

BGP transparent: PE to CE routing protocol metric preserved between VPN sites.

Neighbor AS override: You can reuse the same autonomous system number between VPN sites.

AS-allow: Allows an autonomous system number multiple times in the AS path.

Supports VRF commands:

import map

export map

maximum routes in a VRF

Management VPN support

Provisioning of CE Loopback interfaces

VPN Service Profile-Based Provisioning

For all MPLS VPN provisioning, several network elements that participate in the VPN must be defined. These parameters are:

Choice of protocols between PE-CE and their intrinsic characteristics.

IP addressing for each site joining the IP VPN

Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0

1-6

OL-4344-01

 

 

Image 6
Contents About Cisco IP Solution Center Overview of ISC ISC Network Management SubnetISC Features Service Provider Network for Vlan ID Management Access Domain Assigned Resource PoolsFeatures and Functions Provided in Provisioning with ISC VPN Service Profile-Based ProvisioningRole-Based Access Control Rbac CPE Customer’s and Provider’s View of the Network Customer’s View of the NetworkAbout Provider Edge Routers PEs About Multi-VRF CEsA Multi-VRF CE Providing Layer 3 Aggregation Using Templates to Customize Configuration Files Mapping IPsec Tunnels to Mpls VPNsAuditing Service Requests Uses for the Template FunctionAbout Mpls VPNs VPNs Sharing SitesCharacteristics of Mpls VPNs Intranets and ExtranetsVPN Routing and Forwarding Tables VRFs VRF Implementation Considerations Ip vrf site2 rdCreating a VRF Instance Route Distinguishers and Route TargetsRoute Target Communities CE Routing CommunitiesHub and Spoke Considerations Address Space Separation Security Requirements for Mpls VPNsAddress Space and Routing Separation Routing SeparationHiding the Mpls Core Structure Resistance to Attacks Securing the Routing ProtocolLabel Spoofing Trusted Devices Routing AuthenticationSecuring the Mpls Core PE-CE InterfaceLDP Authentication Separation of CE-PE LinksConnectivity Between VPNs MP-BGP Security Features Security Through IP Address ResolutionNorth Bound Interface NBI Ensuring VPN IsolationAPI Functionality Supported Distributed Load Balancing NBI BenefitsAPI Approach 11 Simple Flat-Based Server Load Balancing Configuration Four-Tier System Architecture Client tierControl tier