VPN Questions

dppagcdppagc Member Posts: 293
I have a question on how VPN can be configured on OSPF vs BGP.

Are VPN interchangable with routing protocols? I am confused.
Are these combinations possible?

L3VPN + OSPF point-to-point : same AS
L3VPN + OSPF point-to-point : different AS
L2VPN + OSPF point-to-point : same AS
L2VPN + OSPF point-to-point : different AS

Pls help. Thanks.

Comments

  • ImYourOnlyDJImYourOnlyDJ Member Posts: 180
    Can you give us an example or context? Real life scenario or is this in your lab?

    VPN is not interchangeable with routing protocols. I'm assuming you are talking about MPLS? L2/L3VPN is generally offered as a service by the service provider to connect remote locations and then its up to you to implement routing protocols. In a real life scenario you may have to ask the service provider (we were told to use BGP when we migrated from frame relay to MPLS). From a super high level view a L2/L3VPN is just a cloud (like a giant virtual switch or router) that you have your service provider connect your remote sites with.

    I've dealt with these:
    L3VPN + BGP
    L2VPN + EIGRP
    DMVPN running EIGRP for the tunnels over L3VPN + BGP

    So basically if you were a business (not ISP) you would lease a L2/L3VPN to connect all of your locations then it would be up to you to do whatever you wanted after that for routing (BGP, OSPF, EIGRP, or static routes).

    Hope this helps :)

    PS the biggest difference I noticed between using L2VPN and L3VPN is that with L2 you can use show cdp neighbors and see all of your connected sites. On the flip side when you take over a L2VPN network where the junk cheap non Cisco equipment they bought doesn't fully support STP (or was disabled) a layer 2 loop not only takes down that site, but can take down all sites on that L2VPN ;)
  • HondabuffHondabuff Member Posts: 667 ■■■□□□□□□□
    DMVPN using VTI tunnels can run any routing protocol.
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
  • dppagcdppagc Member Posts: 293
    One question though. How does a customer decide whether he wants ebgp (different as)or ibgp neighbors (same AS) between his CE sites?
  • networker050184networker050184 Mod Posts: 11,962 Mod
    If the customer is peering with the ISP it will be eBGP. If the customer is peering with their own equipment on the other side it can be whatever the design dictates.
    An expert is a man who has made all the mistakes which can be made.
  • dppagcdppagc Member Posts: 293
    If the customer is peering with their own equipment on the other side it can be whatever the design dictates.

    Hi I don't understand this statement. Even if it peers with its own CE, it still has to establish connectivity with the ISP isn't it? Is it possible to throw static route at an ISP but have bgp peering between CE sites?
  • daveybdaveyb Member Posts: 28 ■□□□□□□□□□
    For an L3VPN if a site has a single link into it, you could make do with static routes on the CE. You need routing protocols when you move onto resilient links into a site.

    The CE can run BGP with the PE. This is quite typical. I've also seen people running OSPF between the PE and CE. Presumably this OSPF instance isn't VPN wide, with a distinct one residing on each PE.

    For a L2VPN, the choice is that of the customer. Since you are providing them links at L2, they don't need to talk to the ISP, as the PE just acts as a switch. You could run OSPF, BGP, or any other routing protocol.
  • dppagcdppagc Member Posts: 293
    I have 1 question. When the CE throws a static route to the PE, are the CE and PE in different AS. If so, isn't running EBGP more convenient then throwing static routes?

    So can anyone provide me with configuration template for the service provider side, if
    1) it acts as a layer 2 switch
    2) It is running eBGP between PE and CE
    3) the CE throws static routes to it.
  • OfWolfAndManOfWolfAndMan Member Posts: 923 ■■■■□□□□□□
    dppagc wrote: »
    I have 1 question. When the CE throws a static route to the PE, are the CE and PE in different AS. If so, isn't running EBGP more convenient then throwing static routes?

    So can anyone provide me with configuration template for the service provider side, if
    1) it acts as a layer 2 switch
    2) It is running eBGP between PE and CE
    3) the CE throws static routes to it.

    eBGP is the other option, yes. It really depends on if the SP lets you do it or not. You also usually will see the CE and PE being in different ASNs, assuming they're running eBGP (Hence why they're using eBGP :)).

    1) What is "it"?
    2) Between the CE and PE, there is no special configuration on the CE's part (Aside from routing). From the PE's perspective, there are two primary things to take into account:
    -The VRF assigned to an interface egressing to the CE (The CE needs no VRF configuration on its part)
    -The tag that is used to differentiate different customers if there are multiple CEs attached to the PE (Bottom tag on the label stack).
    Reference this doc for config. Really easy to find: Configuring a Basic MPLS VPN - Cisco
    3) It's a static route. You point the IP space you want to reach to the next hop router. Pretty straightforward.
    :study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
  • dppagcdppagc Member Posts: 293
    My first question is that when the CE throws a static route to the ISP, does the CE and the PE have bgp peering between them?

    My second question is that when the 2 CEs are connected point to point via the ISP (L2VPN), what is the configuration on the PE and P router?

    My third question is what is the typical PE and E configuration when PE-CE are running ebgp.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    1. It could or it couldn't. Just depends on the setup. Usually you would go either static or dynamic.

    2. Depends. Could be VPLS or just a straight pesudowire.

    3. Typically its your standard BGP config except it's in a VRF on the PE side.... Standards vary depending on the provider.
    An expert is a man who has made all the mistakes which can be made.
  • dppagcdppagc Member Posts: 293
    For Q1 and 2, can you refer me to a template configuration?
Sign In or Register to comment.