On Wed, July 4, 2007 3:29 pm, Reuben Farrelly wrote: > I am in the process of reworking/migrating some of our existing > infrastructure - and working with tagged MPLS and VLAN traffic in this > sort of config is certainly something I expect I will doing real soon. > > In our situation we have 4 7200s/NPE-G1s running MPLS at diverse sites > but also have 3550s and 3750s routing in the core of the network, and > another 4 or 5 7200s about to be merged as part of a network migration > with another ISP quite soon. > > Obviously without core switches which understand and support tagging, it > seems like we are somewhat limited in terms of choices for expanding our > MPLS mesh without creating an even mess of hacks (presently set up with > P-2-P GRE tunnels, an ATM PVC and trunks which can carry tagged VLANS). > We are running OSPF internally throughout the network, and it carries all > our customer routes in it (about 350 summarised prefixes).
Infrastructure routes too? I'll come back to this in a minute... > What does and doesn't work generally speaking? Does it require, as I > suspect, a fairly detailed and careful design to make sure no MPLS tagged > traffic hits the core switches at L3 at all? If you want to be able to do a gradual migration, yes, I believe it does. If the network's sufficiently simple that you can make all the changes on a flag day, you might be able to get away just flattening it all. > How do you do this if like us you're running iBGP for MPLS and need > loopbacks to talk to each other? Instances of isolated VRF-lite config > on the MPLS devices linked at L2 possibly in a ring design, to contain > and control a separate routed redundant backbone that -is- fully MPLS > aware? Or just flatten the 3550/3750s to be only L2 devices? Remember for iBGP that you just need a mesh of peerings, not necessarily a mesh of links. As long as the loopbacks are carried in your IGP, you can build the iBGP mesh on top of whatever topology is appropriate to your geography / connectivity. I think I'd approach this something like: - Set aside a range of VLANs for inter-PE (7200) links, and make sure they are not in use for anything else on the switches - especially that they have no L3 / SVI interfaces existing in the network. - Configure those VLANs to provide the direct L2 connections you want between PEs - Bring up an IGP on those links (either another OSPF instance, or something else of your choosing). The IGP should only have the PE loopbacks in it (maybe the point-to-point links as well, to help with diagnosing connectivity problems). - Bring up an iBGP mesh between loopbacks - Migrate the customers (can be done one at a time) so all L3 termination is on the 7200s, ie if a customer is physically connected to a switch on a L3 port, reconfigure it as a switch port and build a dedicated VLAN to the nearest 7200. - Once the customers are all migrated, you can kill the old OSPF instance and flatten the switches to L2-only devices. (Modulo whatever you need to leave for remote management). Good luck! Regards, Tim. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
