VPN Questions
I have a question on how VPN can be configured on OSPF vs BGP.
Are VPN interchangable with routing protocols? I am confused.
Are these combinations possible?
L3VPN + OSPF point-to-point : same AS
L3VPN + OSPF point-to-point : different AS
L2VPN + OSPF point-to-point : same AS
L2VPN + OSPF point-to-point : different AS
Pls help. Thanks.
Are VPN interchangable with routing protocols? I am confused.
Are these combinations possible?
L3VPN + OSPF point-to-point : same AS
L3VPN + OSPF point-to-point : different AS
L2VPN + OSPF point-to-point : same AS
L2VPN + OSPF point-to-point : different AS
Pls help. Thanks.
Comments
-
ImYourOnlyDJ Member Posts: 180Can you give us an example or context? Real life scenario or is this in your lab?
VPN is not interchangeable with routing protocols. I'm assuming you are talking about MPLS? L2/L3VPN is generally offered as a service by the service provider to connect remote locations and then its up to you to implement routing protocols. In a real life scenario you may have to ask the service provider (we were told to use BGP when we migrated from frame relay to MPLS). From a super high level view a L2/L3VPN is just a cloud (like a giant virtual switch or router) that you have your service provider connect your remote sites with.
I've dealt with these:
L3VPN + BGP
L2VPN + EIGRP
DMVPN running EIGRP for the tunnels over L3VPN + BGP
So basically if you were a business (not ISP) you would lease a L2/L3VPN to connect all of your locations then it would be up to you to do whatever you wanted after that for routing (BGP, OSPF, EIGRP, or static routes).
Hope this helps
PS the biggest difference I noticed between using L2VPN and L3VPN is that with L2 you can use show cdp neighbors and see all of your connected sites. On the flip side when you take over a L2VPN network where the junk cheap non Cisco equipment they bought doesn't fully support STP (or was disabled) a layer 2 loop not only takes down that site, but can take down all sites on that L2VPN -
Hondabuff Member Posts: 667 ■■■□□□□□□□DMVPN using VTI tunnels can run any routing protocol.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
-
dppagc Member Posts: 293One question though. How does a customer decide whether he wants ebgp (different as)or ibgp neighbors (same AS) between his CE sites?
-
networker050184 Mod Posts: 11,962 ModIf the customer is peering with the ISP it will be eBGP. If the customer is peering with their own equipment on the other side it can be whatever the design dictates.An expert is a man who has made all the mistakes which can be made.
-
dppagc Member Posts: 293networker050184 wrote: »If the customer is peering with their own equipment on the other side it can be whatever the design dictates.
Hi I don't understand this statement. Even if it peers with its own CE, it still has to establish connectivity with the ISP isn't it? Is it possible to throw static route at an ISP but have bgp peering between CE sites? -
daveyb Member Posts: 28 ■□□□□□□□□□For an L3VPN if a site has a single link into it, you could make do with static routes on the CE. You need routing protocols when you move onto resilient links into a site.
The CE can run BGP with the PE. This is quite typical. I've also seen people running OSPF between the PE and CE. Presumably this OSPF instance isn't VPN wide, with a distinct one residing on each PE.
For a L2VPN, the choice is that of the customer. Since you are providing them links at L2, they don't need to talk to the ISP, as the PE just acts as a switch. You could run OSPF, BGP, or any other routing protocol. -
dppagc Member Posts: 293I have 1 question. When the CE throws a static route to the PE, are the CE and PE in different AS. If so, isn't running EBGP more convenient then throwing static routes?
So can anyone provide me with configuration template for the service provider side, if
1) it acts as a layer 2 switch
2) It is running eBGP between PE and CE
3) the CE throws static routes to it. -
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□I have 1 question. When the CE throws a static route to the PE, are the CE and PE in different AS. If so, isn't running EBGP more convenient then throwing static routes?
So can anyone provide me with configuration template for the service provider side, if
1) it acts as a layer 2 switch
2) It is running eBGP between PE and CE
3) the CE throws static routes to it.
eBGP is the other option, yes. It really depends on if the SP lets you do it or not. You also usually will see the CE and PE being in different ASNs, assuming they're running eBGP (Hence why they're using eBGP ).
1) What is "it"?
2) Between the CE and PE, there is no special configuration on the CE's part (Aside from routing). From the PE's perspective, there are two primary things to take into account:
-The VRF assigned to an interface egressing to the CE (The CE needs no VRF configuration on its part)
-The tag that is used to differentiate different customers if there are multiple CEs attached to the PE (Bottom tag on the label stack).
Reference this doc for config. Really easy to find: Configuring a Basic MPLS VPN - Cisco
3) It's a static route. You point the IP space you want to reach to the next hop router. Pretty straightforward.:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
dppagc Member Posts: 293My first question is that when the CE throws a static route to the ISP, does the CE and the PE have bgp peering between them?
My second question is that when the 2 CEs are connected point to point via the ISP (L2VPN), what is the configuration on the PE and P router?
My third question is what is the typical PE and E configuration when PE-CE are running ebgp. -
networker050184 Mod Posts: 11,962 Mod1. It could or it couldn't. Just depends on the setup. Usually you would go either static or dynamic.
2. Depends. Could be VPLS or just a straight pesudowire.
3. Typically its your standard BGP config except it's in a VRF on the PE side.... Standards vary depending on the provider.An expert is a man who has made all the mistakes which can be made.