1 / 11

Integrating Internet Access with MPLS VPNs

Learn how to implement separate Internet access and VPN services, exploring classical Internet access for VPN customers, utilizing separate subinterfaces, and understanding the benefits and limitations of this setup.

jlindstrom
Download Presentation

Integrating Internet Access with MPLS VPNs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integrating Internet Access with MPLS VPNs Implementing Separate Internet Access and VPN Services

  2. Outline • Overview • Classical Internet Access for a VPN Customer • UsingSeparate Subinterfaces • Accessing the Internet from Every Customer Site • Separate Internet Access Benefits and • Limitations Summary

  3. Classical Internet Access for a VPN Customer

  4. Using Separate Subinterfaces • Separate physical links for VPN and Internet traffic are sometimes not acceptable because ofhigh cost. • Subinterfaces could be used. • Over WAN links using Frame Relay or ATM encapsulation (including xDSL) • Over LAN links • A tunnel interface could be used. • Over a VRF-aware tunnel, so that VPN traffic does not run over a global tunnel

  5. Example Configuration: Static Routes

  6. Example Configuration: Dynamic Routes

  7. Internet Access Through a Dedicated Subinterface—Traffic Flow

  8. Internet Access at Every Customer Site • Every CE router needs two links (or subinterfaces) to its PE router. • Using a separate link or links for Internet access will lead to a complex setup for this customer type.

  9. Benefits and Limitations of Separate Internet Access for the Service Provider • Benefits: • Well-known model • Supports all customer requirements • Allows all Internet services implementations, including a BGP session with the customer • Drawbacks: • This design model requires separate physical link or specific WAN encapsulation. • PE routers must be able to perform Internet routing (and potentially carry full Internet routing). • Wholesale Internet access or central firewall service cannot be implemented with this model.

  10. Summary • Classical Internet access for a VPN customer is based on a separated Internet access design model • Separate subinterfaces can be used for implementing Internet access through global routing • Internet access from every customer site can be supported but is often too complex or too expensive with classic Internet access. • The main drawback of separate Internet access is that PE routers potentially carry full Internet routing table

More Related