+ Reply to Thread
Results 1 to 12 of 12

Thread: VPN Questions

  1. Senior Member
    Join Date
    Dec 2014
    Posts
    266
    #1

    Default VPN Questions

    I have a question on how VPN can be configured on OSPF vs BGP.

    Are VPN interchangable with routing protocols? I am confused.
    Are these combinations possible?

    L3VPN + OSPF point-to-point : same AS
    L3VPN + OSPF point-to-point : different AS
    L2VPN + OSPF point-to-point : same AS
    L2VPN + OSPF point-to-point : different AS

    Pls help. Thanks.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Apr 2014
    Posts
    173

    Certifications
    A+, N+, CCENT, CCNA
    #2
    Can you give us an example or context? Real life scenario or is this in your lab?

    VPN is not interchangeable with routing protocols. I'm assuming you are talking about MPLS? L2/L3VPN is generally offered as a service by the service provider to connect remote locations and then its up to you to implement routing protocols. In a real life scenario you may have to ask the service provider (we were told to use BGP when we migrated from frame relay to MPLS). From a super high level view a L2/L3VPN is just a cloud (like a giant virtual switch or router) that you have your service provider connect your remote sites with.

    I've dealt with these:
    L3VPN + BGP
    L2VPN + EIGRP
    DMVPN running EIGRP for the tunnels over L3VPN + BGP

    So basically if you were a business (not ISP) you would lease a L2/L3VPN to connect all of your locations then it would be up to you to do whatever you wanted after that for routing (BGP, OSPF, EIGRP, or static routes).

    Hope this helps

    PS the biggest difference I noticed between using L2VPN and L3VPN is that with L2 you can use show cdp neighbors and see all of your connected sites. On the flip side when you take over a L2VPN network where the junk cheap non Cisco equipment they bought doesn't fully support STP (or was disabled) a layer 2 loop not only takes down that site, but can take down all sites on that L2VPN
    Reply With Quote Quote  

  4. Network Engineer Hondabuff's Avatar
    Join Date
    Aug 2012
    Location
    USA
    Posts
    652

    Certifications
    CCNA:S, CCNA, CCENT, 2x CCNP:R&S,MECP, A+, Network+, Security+, Network Security Diploma
    #3
    DMVPN using VTI tunnels can run any routing protocol.
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Dec 2014
    Posts
    266
    #4
    One question though. How does a customer decide whether he wants ebgp (different as)or ibgp neighbors (same AS) between his CE sites?
    Reply With Quote Quote  

  6. Went to the dark side.... Moderator networker050184's Avatar
    Join Date
    Jul 2007
    Posts
    11,680

    Certifications
    CCNA, CCNP, CCIP, JNCIA-JUNOS, JNCIS-SP, JNCIP-SP, MCA200
    #5
    If the customer is peering with the ISP it will be eBGP. If the customer is peering with their own equipment on the other side it can be whatever the design dictates.
    An expert is a man who has made all the mistakes which can be made.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Dec 2014
    Posts
    266
    #6
    Quote Originally Posted by networker050184 View Post
    If the customer is peering with their own equipment on the other side it can be whatever the design dictates.
    Hi I don't understand this statement. Even if it peers with its own CE, it still has to establish connectivity with the ISP isn't it? Is it possible to throw static route at an ISP but have bgp peering between CE sites?
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    May 2016
    Posts
    28
    #7
    For an L3VPN if a site has a single link into it, you could make do with static routes on the CE. You need routing protocols when you move onto resilient links into a site.

    The CE can run BGP with the PE. This is quite typical. I've also seen people running OSPF between the PE and CE. Presumably this OSPF instance isn't VPN wide, with a distinct one residing on each PE.

    For a L2VPN, the choice is that of the customer. Since you are providing them links at L2, they don't need to talk to the ISP, as the PE just acts as a switch. You could run OSPF, BGP, or any other routing protocol.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Dec 2014
    Posts
    266
    #8
    I have 1 question. When the CE throws a static route to the PE, are the CE and PE in different AS. If so, isn't running EBGP more convenient then throwing static routes?

    So can anyone provide me with configuration template for the service provider side, if
    1) it acts as a layer 2 switch
    2) It is running eBGP between PE and CE
    3) the CE throws static routes to it.
    Reply With Quote Quote  

  10. Roaming teh Bytes OfWolfAndMan's Avatar
    Join Date
    Oct 2013
    Location
    Grandma's basement
    Posts
    894

    Certifications
    A/L/P/S+, CCNP R&S, CCDA, CCDP, CCNA R&S/Sec, ACIS ERS 8K & VSP 9K, BS: IT Security
    #9
    Quote Originally Posted by dppagc View Post
    I have 1 question. When the CE throws a static route to the PE, are the CE and PE in different AS. If so, isn't running EBGP more convenient then throwing static routes?

    So can anyone provide me with configuration template for the service provider side, if
    1) it acts as a layer 2 switch
    2) It is running eBGP between PE and CE
    3) the CE throws static routes to it.
    eBGP is the other option, yes. It really depends on if the SP lets you do it or not. You also usually will see the CE and PE being in different ASNs, assuming they're running eBGP (Hence why they're using eBGP ).

    1) What is "it"?
    2) Between the CE and PE, there is no special configuration on the CE's part (Aside from routing). From the PE's perspective, there are two primary things to take into account:
    -The VRF assigned to an interface egressing to the CE (The CE needs no VRF configuration on its part)
    -The tag that is used to differentiate different customers if there are multiple CEs attached to the PE (Bottom tag on the label stack).
    Reference this doc for config. Really easy to find: Configuring a Basic MPLS VPN - Cisco
    3) It's a static route. You point the IP space you want to reach to the next hop router. Pretty straightforward.
    Reading: Lab Books, Ansible Documentation Goals: Bash Shell/Python Automation Refinement [], CCIE R&S Written [X], AWS Certified Solutions Architect Associate (Maybe) [] CCIE R&S Counter: Somewhere between zero and infinity
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Dec 2014
    Posts
    266
    #10
    My first question is that when the CE throws a static route to the ISP, does the CE and the PE have bgp peering between them?

    My second question is that when the 2 CEs are connected point to point via the ISP (L2VPN), what is the configuration on the PE and P router?

    My third question is what is the typical PE and E configuration when PE-CE are running ebgp.
    Reply With Quote Quote  

  12. Went to the dark side.... Moderator networker050184's Avatar
    Join Date
    Jul 2007
    Posts
    11,680

    Certifications
    CCNA, CCNP, CCIP, JNCIA-JUNOS, JNCIS-SP, JNCIP-SP, MCA200
    #11
    1. It could or it couldn't. Just depends on the setup. Usually you would go either static or dynamic.

    2. Depends. Could be VPLS or just a straight pesudowire.

    3. Typically its your standard BGP config except it's in a VRF on the PE side.... Standards vary depending on the provider.
    An expert is a man who has made all the mistakes which can be made.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Dec 2014
    Posts
    266
    #12
    For Q1 and 2, can you refer me to a template configuration?
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks