p***a
发帖数: 28 | 1 目前国外各大运营商主要用哪个option来做为互连方式? 以前可能A用的比较多,现在
是不是已经在考虑转到C了? | s*****g
发帖数: 1055 | 2 The most popular option is option C, the problem with option A is
scalability and managment overhead. However, implementing option B and option C is not trivial, while option A does not need any special handling besides basic MPLS-VPN implementation, so option A is kind of poor man's Inter-AS solution, any vendor that supports basic MPLS-VPN will be able to implement inter-AS by using option A. Of cause, vendor has to support "sub-interface" on ASBR link (vlan on Ethernet, sub-interface on ATM B
【在 p***a 的大作中提到】
: 目前国外各大运营商主要用哪个option来做为互连方式? 以前可能A用的比较多,现在
: 是不是已经在考虑转到C了?
| z**r
发帖数: 17771 | 3 nod, and I don't think option A has ever been popular. All 3 options are
defined in the same RFC (2547bis then 4364), that means when ppl think of
inter-as MPLS VPN, they've known all 3 options. The drawback of option A is
very obviously, tho it looks very simple. However, when 2 SP's talking about
inter-as vpn connectivity, they normally want some strategy inter-
connectivity, not just case by case, which is as you said, not scale, high
maintain cost.
the problem of option C is it requires 2 SP
【在 s*****g 的大作中提到】
: The most popular option is option C, the problem with option A is
: scalability and managment overhead. However, implementing option B and option C is not trivial, while option A does not need any special handling besides basic MPLS-VPN implementation, so option A is kind of poor man's Inter-AS solution, any vendor that supports basic MPLS-VPN will be able to implement inter-AS by using option A. Of cause, vendor has to support "sub-interface" on ASBR link (vlan on Ethernet, sub-interface on ATM B
| d****i
发帖数: 1038 | 4 //hand. I think option B is also easier to implement compared to option C. for example, our
testcenter can test this using option b only because we almost don't need to
do anything additional to implement this test.
is
about
route
【在 z**r 的大作中提到】
: nod, and I don't think option A has ever been popular. All 3 options are
: defined in the same RFC (2547bis then 4364), that means when ppl think of
: inter-as MPLS VPN, they've known all 3 options. The drawback of option A is
: very obviously, tho it looks very simple. However, when 2 SP's talking about
: inter-as vpn connectivity, they normally want some strategy inter-
: connectivity, not just case by case, which is as you said, not scale, high
: maintain cost.
: the problem of option C is it requires 2 SP
| z**r
发帖数: 17771 | 5 right, option C increases the complexity because of the route reflectors
btw, are you still busy everyday? and how was your interview?
for example, our
to
【在 d****i 的大作中提到】
: //hand. I think option B is also easier to implement compared to option C. for example, our
: testcenter can test this using option b only because we almost don't need to
: do anything additional to implement this test.
:
: is
: about
: route
| p***a
发帖数: 28 | 6 option b is not very scalable and has some security concerns.
is
about
route
【在 z**r 的大作中提到】
: nod, and I don't think option A has ever been popular. All 3 options are
: defined in the same RFC (2547bis then 4364), that means when ppl think of
: inter-as MPLS VPN, they've known all 3 options. The drawback of option A is
: very obviously, tho it looks very simple. However, when 2 SP's talking about
: inter-as vpn connectivity, they normally want some strategy inter-
: connectivity, not just case by case, which is as you said, not scale, high
: maintain cost.
: the problem of option C is it requires 2 SP
| p***a
发帖数: 28 | 7 actually some vendors still don't support option c yet. option c also has
some security concerns.
option C is not trivial, while option A does not need any special handling
besides basic MPLS-VPN implementation, so option A is kind of poor man's
Inter-AS solution, any vendor t
【在 s*****g 的大作中提到】
: The most popular option is option C, the problem with option A is
: scalability and managment overhead. However, implementing option B and option C is not trivial, while option A does not need any special handling besides basic MPLS-VPN implementation, so option A is kind of poor man's Inter-AS solution, any vendor that supports basic MPLS-VPN will be able to implement inter-AS by using option A. Of cause, vendor has to support "sub-interface" on ASBR link (vlan on Ethernet, sub-interface on ATM B
| s*****g
发帖数: 1055 | 8 Could you please elaborate what are the security concerns of option B and
option C?
And how are those security concerns are addressed by option A?
IPsec over MPLS is always an option if customers are paranoid.
【在 p***a 的大作中提到】
: actually some vendors still don't support option c yet. option c also has
: some security concerns.
:
: option C is not trivial, while option A does not need any special handling
: besides basic MPLS-VPN implementation, so option A is kind of poor man's
: Inter-AS solution, any vendor t
| s*****g
发帖数: 1055 | 9 Of course you don't run IGP between to SPs for option C, this is a basic
requriement of any inter-AS, no IGP between ASBRs.
Problem with option B is also obvious, ASBRs have to be VPN aware (you need
to configure vrf/vpn address family under ASBR's bgp in order to exchange
VPN labels with neighbors) and ASBRs have to hold all VPN routes (just
imagine if you have a dozen customers and each customer wants to have whole
Internet routes ..., not many vendors on the market can do over 1M routes
hardw
【在 z**r 的大作中提到】
: nod, and I don't think option A has ever been popular. All 3 options are
: defined in the same RFC (2547bis then 4364), that means when ppl think of
: inter-as MPLS VPN, they've known all 3 options. The drawback of option A is
: very obviously, tho it looks very simple. However, when 2 SP's talking about
: inter-as vpn connectivity, they normally want some strategy inter-
: connectivity, not just case by case, which is as you said, not scale, high
: maintain cost.
: the problem of option C is it requires 2 SP
| z**r
发帖数: 17771 | 10 I actually wanted to mean the IGP routes are exchanged between AS's in
option C, because an ASBR must have the knowledge of all loopbacks of the PE
routers within the AS, then uses eBGP to advertise them to other AS's. This
requires greater trust between 2 SP's.
Also a lot of situations that ppl use RR to improve the scalability, thus
the eBGP connections exist only between the blue RR in the blue AS and the
green RR in the green AS.
In option B, ASBR VPN awareness shouldn't be a problem at all,
【在 s*****g 的大作中提到】
: Of course you don't run IGP between to SPs for option C, this is a basic
: requriement of any inter-AS, no IGP between ASBRs.
: Problem with option B is also obvious, ASBRs have to be VPN aware (you need
: to configure vrf/vpn address family under ASBR's bgp in order to exchange
: VPN labels with neighbors) and ASBRs have to hold all VPN routes (just
: imagine if you have a dozen customers and each customer wants to have whole
: Internet routes ..., not many vendors on the market can do over 1M routes
: hardw
| p***a
发帖数: 28 | 11 i agree with you more on this.
but actually different ASes can be in a singile IGP domain, of course, in
this case the ASes should belong to a same provider.
need
whole
PEs
【在 s*****g 的大作中提到】
: Of course you don't run IGP between to SPs for option C, this is a basic
: requriement of any inter-AS, no IGP between ASBRs.
: Problem with option B is also obvious, ASBRs have to be VPN aware (you need
: to configure vrf/vpn address family under ASBR's bgp in order to exchange
: VPN labels with neighbors) and ASBRs have to hold all VPN routes (just
: imagine if you have a dozen customers and each customer wants to have whole
: Internet routes ..., not many vendors on the market can do over 1M routes
: hardw
| p***a
发帖数: 28 | 12 for option b, the security concern is label spoofing at the asbr
for option c, the security concern is access to all PEs from the remote AS
yes you can use some tools such as filter to reduce the risk but SPs still
should worry about it.
【在 s*****g 的大作中提到】
: Could you please elaborate what are the security concerns of option B and
: option C?
: And how are those security concerns are addressed by option A?
: IPsec over MPLS is always an option if customers are paranoid.
|
|
