© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-1

Integrating Internet Access with MPLS VPNs

Implementing Internet Access as a Separate VPN

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-2

Outline

• Overview

• Internet Access as a Separate VPN

• Implementing Redundant Internet Gateway Access

• Implementing Classical Internet Access for a VPN Customer

• Implementing Internet Access from Every Customer Site

• Implementing Wholesale Internet Access

• Running an Internet Backbone in a VPN

• Summary

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-3

• A provider Internet gateway is connected as a CE router to the MPLS VPN backbone.

• The Internet gateway does not insert full Internet routing into the Internet VPN.

–Only the default route and the local (regional) routes are inserted.

• Every customer site that needs Internet access is assigned to the same Internet VPN as the Internet gateway.

Internet Access as a Separate VPN

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-4

Internet Access as a Separate VPN (Cont.)

• The Internet VPN is isolated from the P routers.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-5

Example: Configuring the Internet Gateway in a Separate VPN

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-6

• The default route should be advertised by all Internet gateways only if they can reach the upstream ISP core.

Redundant Internet Access

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-7

Classical Internet Access for a VPN Customer

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-8

Classical Internet Access for a VPN Customer (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-9

• Configure Internet VRF for every location.

Internet Access from Every Customer Site

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-10

• A separate VPN is created for each upstream ISP.

• Each ISP gateway announces the default route to the VPN.

• Customers are assigned into the VRF that corresponds to the VPN of the desired upstream ISP.

• Changing an ISP is as easy as reassigning an interface into a different VRF (and attending to address allocation issues).

Wholesale Internet Access

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-11

Benefits:• Supports all Internet access service types

• Can support all customer requirements, including a BGP session with the customer, accomplished through advanced BGP setup

Drawbacks:• Full Internet routing cannot be carried in the VPN; default

routes are needed that can lead to suboptimal routing.

• Internet gateway routers act as CE routers on the VPN backbone; implementing overlapping Internet and VPN backbones requires care.

Limitations of Running an Internet Backbone in a VPN

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-12

Summary

• MPLS VPN architecture supports defining the Internet as a VPN.

– Redundant Internet access is easy to achieve.

– The classical Internet access model can be easily implemented using the Internet VPN.

• Internet access from every customer site can be implemented by configuring the Internet VRF on a second interface at every location

• Wholesale Internet access can be implemented by creating a separate VPN for every upstream ISP.

• Internet VPNs supports all customer requirements, including full Internet routing.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-13