Category: VPN

Enterprise campus L3 MPLS VPN in the core.

This is gaining popularity in Arizona as a consulting group is rolling out this NFV architecture to many customers.

There’s been almost no documentation on this since 2012

• What exactly is Carrier Ethernet?
• Why should I use it? What are its limitations?
• How can I build a Carrier Ethernet network?
• What is g.8032 and why would you use it to build Carrier Ethernet transport network?
• Wouldn’t it be better to use EVPN than flood-and-learn technologies?

We currently have a topology in our data center network where each ISP is in a different VRF. We added a P2Pcircuit to another data center and want to route site to site traffic each site’s public IPs via the private link. In order to do this, the routes in the VRF need to be leaked to the private routing routing table, and the IPs announced from the private routing table need to be leaked into the ISP VRFs. We wanted to use BGP and not static routes, in case there was an outage on the private link, then traffic would again route via the Internet

So, from a design clinic perspective, I would like to see when leaking makes sense, why you would or would not use route leaking, and what are the pitfalls.

We are running a multi-tenant DC network, spanning 3 sites. The network has three layers (per site): DC-LAN, DC-EDGE and DC-WAN-CORE. DC-EDGE is used for connecting all incoming circuits (internet, all sorts of wan connections). DC-LAN is used for connecting workloads. DC-WAN-CORE connects 3 sites together.

Right now, we are using MPLS-L3VPNs between DC-LAN, DC-EDGE and DC-WAN-CORE. DC-LAN (L2 part) is a traditional network with VPC and OTV.

We want to move to VXLAN/BGP-EVPN for DC-LAN. But what to do with DC-EDGE and DC-WAN-CORE? Still use MPLS (but with SR instead of LDP) or also use VXLAN/BGP-EVPN? In the last option, we could use (Cisco) N9k only boxes. In the first option, we could also use only N9k boxes, but then using real routers in the DC-EDGE makes more sense to have more routing capabilities and insights at the border of your network.

How do we design IP leaf-and-spine fabric without EVPN/VXLAN where we have lots of VRFs segmented by firewall.

We would like to use several dual-stacked VRFs between adjacent routers in a hub-spoke configuration.

What is the tipping point (primarily in terms of operational complexity) between running multiple instances of VRF-Lite versus something MPLS-ish? Are there other options?