 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
9 messages in net.nether.puck.cisco-nsp[c-nsp] MPLS, L2TPv3 Layer 2/3 VPN Ne...| From | Sent On | Attachments |
|---|---|---|
| Eric Kagan | Jan 4, 2005 6:56 am | |
| John Osmon | Jan 4, 2005 11:39 am | |
| Nick Shah | Jan 4, 2005 6:41 pm | |
| choo...@pacific.net.sg | Jan 4, 2005 9:14 pm | |
| Nick Shah | Jan 4, 2005 9:26 pm | |
| choo...@pacific.net.sg | Jan 4, 2005 10:02 pm | |
| Jon Lewis | Jan 4, 2005 10:51 pm | |
| Oliver Boehmer (oboehmer) | Jan 5, 2005 3:15 am | |
| Chris Cappuccio | Jan 5, 2005 10:15 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | [c-nsp] MPLS, L2TPv3 Layer 2/3 VPN Network Options | Actions... |
|---|---|---|
| From: | Nick Shah (Nick...@aapt.com.au) | |
| Date: | Jan 4, 2005 9:26:43 pm | |
| List: | net.nether.puck.cisco-nsp | |
Wei
Various methods have been discussed & deployed for internet access into VPN. Notably among these are :
http://www.cisco.com/en/US/partner/tech/tk436/tk428/technologies_configu ration_example09186a00801445fb.shtml
- Above method deals with pointing a default route to a global IGW (internet gateway router)
Eventhough it works, it needs the security of a fortress. The not so common, yet deployed across service providers are the combination of :
- IGW with a shared/managed firewall like a netscreen. With this method you (as a SP) host a firewall in the data center, which trunks (DOT1Q/ISL trunk) back into the PE. Have 1 x subinterface per customer/vrf that needs internet access. The firewall then provides internet access.
- Managed CE router with a firewall (per customer VPN), possibly from 2 x sites, and then leak weighted defaults into the VRF.
One of the more suicidal attempt :) was to leak the internet table into the customer VRF...
I believe a combination of NAT & the trunk interface between PE & firewall should cure the issue of overlapping address space you mentioned.
rgds
-----Original Message----- From: choo...@pacific.net.sg [mailto:choo...@pacific.net.sg] Sent: Wednesday, 5 January 2005 1:15 PM To: Nick Shah Cc: cisc...@puck.nether.net Subject: RE: [c-nsp] MPLS, L2TPv3 Layer 2/3 VPN Network Options
Hi Nick,
That's a good 5000ft overview on MPLS/VPN :).
I'm looking into providing internet access to MPLS/VPN. Has anyone tried
to enable internet access on a MPLS/VPN? Any experience to share?
I think the challenge would be how to provide internet access and MPLS/VPN over a same physical link, especially when the vpn is running on non-unique private IP address.
Rgds, Wei Keong
------------------------------------------------------------------------------ This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it.
------------------------------------------------------------------------------