•
Table of Contents
•
Index
MPLS and VPN Architectures, Volume II
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press
Pub Date: June 06, 2003
ISBN: 1-58705-112-5
Pages: 504
WithMPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
services based on MPLS VPN technology in a secure and scalable way.
This book is part of the Networking Technology Series from Cisco Press, which offers
networking professionals valuable information for constructing efficient networks,
understanding new technologies, and building successful careers.
•
Table of Contents
•
Index
MPLS and VPN Architectures, Volume II
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press
Pub Date: June 06, 2003
ISBN: 1-58705-112-5
Pages: 504
WithMPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
•
Table of Contents
•
Index
MPLS and VPN Architectures, Volume II
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press
Pub Date: June 06, 2003
ISBN: 1-58705-112-5
Pages: 504
Copyright
WithMPLS
andAuthors
VPN Architectures, Volume II , you'll learn:
About the
About the Technical Reviewers
About
Content Reviewer
How the
to integrate
various
Acknowledgments
service to many
remote access technologies into the backbone providing VPN
different types of customers
Introduction
The
new
PE-CE
Who
Should
Read routing
This Book?options as well as other advanced features, including per-VPN
Network
Address
Translation (PE-NAT)
How This Book Is Organized
Icons Used in This Book
How VRFs can be extended into a customer site to provide separation inside the
Command
Conventions
customerSyntax
network
Part I. Introduction
TheChapter
latest1.MPLS
VPNArchitecture
security Overview
features and designs aimed at protecting the MPLS VPN
MPLS VPN
backbone
MPLS VPN Terminology
Connection-Oriented VPNs
How to carry customer multicast traffic inside a VPN
Connectionless VPNs
MPLS-Based
VPNs
The latest
inter-carrier
enhancements to allow for easier and more scalable deployment
New MPLS VPN
Developments
of inter-carrier
MPLS
VPN services
Summary
Advanced
troubleshooting
techniques including router outputs to ensure high availability
Part II. Advanced
PE-CE Connectivity
Chapter 2. Remote Access to an MPLS VPN
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Feature
Enhancements
for MPLS VPN Remote
Access
Architectures,
Volume
I (1-58705-002-1),
from
Cisco Press. Extending into more advanced
of Access
Protocols and Procedures
topics andOverview
deployment
architectures,
Volume II provides readers with the necessary tools
Dial-In
to an MPLS
VPN
they need Providing
to deploy
andAccess
maintain
a secure,
highly available VPN.
Providing Dial-Out Access via LSDO
MPLS and Providing
VPN Architectures,
II , begins
with a brief refresher of the MPLS VPN
Dial-Out AccessVolume
Without LSDO
(Direct ISDN)
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
Providing Dial Backup for MPLS VPN Access
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
Providing DSL Access to an MPLS VPN
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
Providing
Cable Access
an MPLS
integrate these
features
intotothe
VPNVPN
backbone. Part III details advanced deployment issues
Advanced Features
for MPLS
Remote Access
including security,
outlining
the VPN
necessary
steps the service provider must take to protect the
backbone Summary
and any attached VPN sites, and also detailing the latest security features to allow
more advanced
and
filtering.
This part
covers
multi-carrier MPLS VPN
Chapter 3.topologies
PE-CE Routing
Protocol
Enhancements
and also
Advanced
Features
deployments.
PartOSPF
IV provides a methodology for advanced MPLS VPN
PE-CEFinally,
Connectivity:
troubleshooting.
PE-CE Connectivity: Integrated IS-IS
PE-CE Connectivity: EIGRP
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
Summary
integration,
security, and troubleshooting features essential to providing the advanced
Chapter 4. Virtual Router Connectivity
Configuring Virtual Routers on CE Routers
Linking the Virtual Router with the MPLS VPN Backbone
VRF Selection Based on Source IP Address
Performing NAT in a Virtual Router Environment
Summary
Part III. Advanced Deployment Scenarios
•
•
Table of Contents
Chapter 5. Protecting the MPLS-VPN Backbone
Index
Inherent Security Capabilities
MPLS and VPN Architectures, Volume II
Neighbor Authentication
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
CE-to-CE Authentication
Control of Routes That Are Injected into a VRF
Publisher: Cisco Press
PE to CE Circuits
Pub Date: June 06, 2003
Extranet Access
ISBN: 1-58705-112-5
Internet Access
Pages: 504
IPSec over MPLS
Summary
Chapter 6. Large-Scale Routing and Multiple Service Provider Connectivity
Large Scale Routing: Carrier's Carrier Solution Overview
Carrier Backbone Connectivity
WithMPLS and VPN Architectures, Volume II , you'll learn:
Label Distribution Protocols on PE-CE Links
BGP-4 Between PE/CE Routers
How Hierarchical
to integrate
various
access
VPNs:
Carrier'sremote
Carrier MPLS
VPNs technologies into the backbone providing VPN
service
to
many
different
types
of
customers
VPN Connectivity Between Different Service Providers
Summary
The new PE-CE routing options as well as other advanced features, including per-VPN
Chapter Address
7. Multicast
VPN
Network
Translation
(PE-NAT)
Introduction to IP Multicast
How Enterprise
VRFs can
be extended
into
a customer
site to provide separation inside the
Multicast
in a Service
Provider
Environment
customer
network
mVPN Architecture
MDTs
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
Case Study of mVPN Operation in SuperCom
backbone
Summary
Chapter
8. IP customer
Version 6 Transport
Across
an MPLS
Backbone
How
to carry
multicast
traffic
inside
a VPN
IPv6 Business Drivers
The latest
inter-carrier
enhancements
to allow for easier and more scalable deployment
Deployment
of IPv6 in Existing
Networks
of inter-carrier MPLS VPN services
Quick Introduction to IPv6
In-Depth
6PE Operation and techniques
Configuration including router outputs to ensure high availability
Advanced
troubleshooting
Complex 6PE Deployment Scenarios
MPLS and Summary
VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures,
Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
Part IV. Troubleshooting
topics and
deployment
architectures,
Volume
II provides readers with the necessary tools
Chapter
9. Troubleshooting
of MPLS-Based
Solutions
they need to deploy and maintain a secure, highly available VPN.
Introduction to Troubleshooting of MPLS-Based Solutions
the MPLSVolume
BackboneII , begins with a brief refresher of the MPLS VPN
MPLS and Troubleshooting
VPN Architectures,
Other
Quick
Architecture.
Part
IIChecks
describes advanced MPLS VPN connectivity including the integration of
MPLS Control
Plane
Troubleshooting(dial, DSL, cable, Ethernet) and a variety of routing
service provider
access
technologies
protocols (IS-IS,
EIGRP,
and OSPF), arming the reader with the knowledge of how to
MPLS Data
Plane Troubleshooting
integrate these
features
into the VPN backbone. Part III details advanced deployment issues
MPLS VPN
Troubleshooting
including security,
outlining
the necessary steps the service provider must take to protect the
In-Depth MPLS
VPN Troubleshooting
backbone and any attached VPN sites, and also detailing the latest security features to allow
Summary
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
Index
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
Copyright
Copyright© 2003 Cisco Systems, Inc.
Cisco
Press logo
is a trademark of Cisco Systems, Inc.
•
Table of Contents
•
Index
Published by:
MPLS and VPN Architectures, Volume II
Cisco Press
By
JimWest
Guichard
, IvanStreet
Pepelnjak, Jeff Apcar
201
103rd
Indianapolis, IN 46290 USA
Publisher: Cisco Press
All rights
reserved. No part of this book may be reproduced or transmitted in any form or by
Pub Date: June 06, 2003
any means, electronic or mechanical, including photocopying, recording, or by any
ISBN: 1-58705-112-5
information storage and retrieval system, without written permission from the publisher,
Pages: 504
except for the inclusion of brief quotations in a review.
Printed in the United States of America 1 2 3 4 5 6 7 8 9 0
Library of Congress Cataloging-in-Publication Number: 619472051122
WithMPLS and VPN Architectures, Volume II , you'll learn:
Warning and Disclaimer
How to integrate various remote access technologies into the backbone providing VPN
service
to many different
types
of customers
This book
is designed
to provide
information
about MPLS and VPN architectures. Every effort
has been made to make this book as complete and as accurate as possible, but no warranty
The new
PE-CE routing options as well as other advanced features, including per-VPN
or fitness
is implied.
Network Address Translation (PE-NAT)
The information is provided on an "as is" basis. The authors, Cisco Press, and Cisco Systems,
How have
VRFsneither
can be liability
extended
into
a customer to
site
to person
provideor
separation
inside
theto any
Inc. shall
nor
responsibility
any
entity with
respect
customer
network
loss or damages arising from the information contained in this book or from the use of the
discs or programs that may accompany it.
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
The opinions
expressed in this book belong to the authors and are not necessarily those of
Cisco Systems, Inc.
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
Trademark
Acknowledgments
of inter-carrier MPLS VPN services
All terms
Advanced
mentioned
troubleshooting
in this booktechniques
that are known
including
to be
router
trademarks
outputsortoservice
ensuremarks
high availability
have
been appropriately capitalized. Cisco Press or Cisco Systems, Inc. cannot attest to the
MPLS andofVPN
Volume
, builds
on book
the best-selling
and VPN
accuracy
thisArchitectures,
information. Use
of a II
term
in this
should not MPLS
be regarded
as affecting
Architectures,
Volume
I (1-58705-002-1),
from Cisco Press. Extending into more advanced
the
validity of any
trademark
or service mark.
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
Feedback Information
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value.
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
Each book is crafted with care and precision, undergoing rigorous development that involves
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
the unique expertise of members from the professional technical community.
integrate these features into the VPN backbone. Part III details advanced deployment issues
including
security, outlining
thecontinuation
necessary steps
the
service If
provider
must
to protect the
Readers' feedback
is a natural
of this
process.
you have
anytake
comments
backbone
and
any
attached
VPN
sites,
and
also
detailing
the
latest
security
features
to allow
regarding how we could improve the quality of this book, or otherwise alter it to better
suit
more
advanced
topologies
and
filtering.
This
part
also
covers
multi-carrier
MPLS
VPN
your needs, you can contact us through e-mail at
[email protected]. Please make
deployments.
Part
IV and
provides
for advanced MPLS VPN
sure to includeFinally,
the book
title
ISBN ainmethodology
your message.
troubleshooting.
Credits
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
We greatly appreciate your assistance.
Publisher
John Wait
Editor-In-Chief
John Kane
Cisco Representative
Anthony Wolfenden
•
Table of Contents
Program Manager
•Cisco Press Index
MPLS and VPN Architectures, Volume II
Manager, Marketing Communications, Cisco Systems
Sonia Torres Chavez
Scott Miller
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
Cisco Marketing Program Manager
Edie Quiroz
Publisher: Cisco
Press
Acquisitions
Editor
Amy Moss
Pub Date: June 06, 2003
Production Manager
Patrick Kanouse
Pages: 504 Editor
Development
Grant Munroe
Project Editor
Lori Lyons
Copy Editor
Karen A. Gill
ISBN: 1-58705-112-5
Technical Editors
WithMPLS and VPN Architectures, Volume II , you'll learn:
Content Editor
Matt Birkner, Dan Tappan
Monique Morrow
How
to integrate various remote access technologies into the
backbone
Team
Coordinator
Tammi
Ross providing VPN
service to many different types of customers
Book Designer
Gina Rexrode
The new PE-CE routing options as well as other advanced features, including per-VPN
Cover Designer
Louisa Adair
Network Address Translation (PE-NAT)
Production Team
Mark Shirar
How VRFs can be extended into a customer site to provide separation inside the
Indexer
Tim Wright
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
Corporate
Headquarters
of inter-carrier
MPLS VPN services
Cisco Systems, Inc.
170 West
Tasman
Drive
Advanced
troubleshooting
techniques including router outputs to ensure high availability
San Jose, CA 95134-1706
USA
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
www.cisco.com
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
Tel:
408
526-4000
topics
and
deployment architectures, Volume II provides readers with the necessary tools
800
553-NETS
(6387)
they
need
to deploy
and maintain a secure, highly available VPN.
Fax: 408 526-4100
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
European
Headquarters
Architecture.
Part II describes advanced MPLS VPN connectivity including the integration of
Cisco
Systems
BV
service
providerInternational
access technologies
(dial, DSL, cable, Ethernet) and a variety of routing
Haarlerbergpark
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
Haarlerbergweg
13-19 into the VPN backbone. Part III details advanced deployment issues
integrate these features
1101
CH Amsterdam
including
security, outlining the necessary steps the service provider must take to protect the
The
Netherlands
backbone
and any attached VPN sites, and also detailing the latest security features to allow
www-europe.cisco.com
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
Tel:
31 0 20 357
1000Part IV provides a methodology for advanced MPLS VPN
deployments.
Finally,
Fax:
31
0
20
357
troubleshooting. 1100
Americas
Headquarters
MPLS and VPN
Architectures, Volume II , also introduces the latest advances in customer
Cisco
Systems,
Inc. and troubleshooting features essential to providing the advanced
integration,
security,
170 West Tasman Drive
San Jose, CA 95134-1706
USA
www.cisco.com
Tel: 408 526-7660
Fax: 408 527-0883
Asia Pacific Headquarters
•
Table of Contents
Cisco Systems, Inc.
•
Index
Capital Tower
MPLS and VPN Architectures, Volume II
168 Robinson Road
By
Jim Guichard
, Ivan Pepelnjak, Jeff Apcar
#22-01
to #29-01
Singapore 068912
www.cisco.com
Publisher: Cisco Press
Tel:Pub
+65
6317
Date:
June 7777
06, 2003
Fax: +65
6317
7799
ISBN: 1-58705-112-5
Pages: 504
Cisco Systems
has more than 200 offices in the following countries and regions. Addresses,
phone numbers, and fax numbers are listed on the Cisco.comWeb site at
www.cisco.com/go/offices.
Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC •
Colombia
Costa
• Croatia • Volume
Czech Republic
WithMPLS •and
VPNRica
Architectures,
II , you'llDenmark
learn: • Dubai, UAE • Finland • France •
Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland • Israel • Italy
Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway
to integrate
various• remote
into the
backbone
providing
VPN
• PeruHow
• Philippines
• Poland
Portugalaccess
Puertotechnologies
Rico • Romania
• Russia
• Saudi
Arabia •
service
to many different
types
of customers
Scotland
• Singapore
• Slovakia
• Slovenia
• South Africa • Spain • Sweden Switzerland •
Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela •
The•new
PE-CE routing options as well as other advanced features, including per-VPN
Vietnam
Zimbabwe
Network Address Translation (PE-NAT)
Copyright © 2003 Cisco Systems, Inc. All rights reserved. CCIP, CCSP, the Cisco Arrow logo,
How Powered
VRFs canNetwork
be extended
customer
site Verified
to provide
separation
inside
the Me
the Cisco
mark,into
theaCisco
Systems
logo,
Cisco Unity,
Follow
customer
networkiQ Net Readiness Scorecard, Networking Academy, and ScriptShare
Browsing,
FormShare,
are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn,
The latest
VPN security
featuresQuotient,
and designs
protecting
the MPLS
VPN
The Fastest
WayMPLS
to Increase
Your Internet
andaimed
iQuickat
Study
are service
marks
of
backbone
Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP,
Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco
How to carry customer multicast traffic inside a VPN
Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the
Internet
Enterprise/Solver,
EtherChannel,
Fast scalable
Step, GigaStack,
TheGeneration,
latest inter-carrier
enhancements
to allow forEtherSwitch,
easier and more
deployment
Internet
Quotient,
IOS,
IP/TV,
iQ
Expertise,
the
iQ
logo,
LightStream,
MGX,
MICA, the
of inter-carrier MPLS VPN services
Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX,
Registrar,
SlideCast,
SMARTnet,techniques
StrataViewincluding
Plus, Stratm,
TeleRouter,
Advanced
troubleshooting
routerSwitchProbe,
outputs to ensure
high availability
TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in
the
U.S.
certain
other countries.
MPLS
andand
VPN
Architectures,
Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
All
other
trademarks
mentioned
in thisVolume
document
or Web readers
site are with
the property
of their
topics
and
deployment
architectures,
II provides
the necessary
tools
respective
owners.
of the word
partner
does
not imply
a partnership relationship
they need to
deployThe
anduse
maintain
a secure,
highly
available
VPN.
between Cisco and any other company. (0303R)
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Printed
in thePart
USAII describes advanced MPLS VPN connectivity including the integration of
Architecture.
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
To
myadvanced
wife Sadie,
for putting
with meThis
writing
bookmulti-carrier
and the longMPLS
lonely
nights
more
topologies
andupfiltering.
partanother
also covers
VPN
associated
with
such an
undertaking.
my children Aimee
and Thomas,
deployments.
Finally,
Part
IV providesTo
a methodology
for advanced
MPLS who
VPN always help to
keep
me smiling.—Jim
troubleshooting.
Dedications
To
myand
wifeVPN
Karmen,
who wasVolume
always II
there
when
I needed
To my
MPLS
Architectures,
, also
introduces
theencouragement
latest advancesorinsupport.
customer
children
Maja
and Monika,
who waited patiently
foressential
my attention
on too many
integration,
security,
and troubleshooting
features
to providing
the advanced
occasions.—Ivan
To my wife Anne, who is an exceptional person in every way. To my children Caitlin, Conor,
and especially Ronan: Despite his constant efforts to reboot my PC, I managed to lose a draft
only once.—Jeff
•
Table of Contents
•
Index
MPLS and VPN Architectures, Volume II
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press
Pub Date: June 06, 2003
ISBN: 1-58705-112-5
Pages: 504
WithMPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
About the Authors
Jim Guichard, CCIE No. 2069, is a Technical Leader II within the Internet Technologies
Division (ITD) at Cisco Systems. During the past six years at Cisco and previously at IBM, Jim
has
been involved
the design, implementation, and planning of many large-scale WAN and
•
Table ofin
Contents
LAN
networks.
His
breadth
of industry knowledge, hands-on experience, and understanding
•
Index
of
complex
internetworking
architectures have enabled him to provide valued assistance to
MPLS and VPN Architectures, Volume II
many of Cisco's larger service provider customers. His previous publications include MPLS
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
and VPN Architectures, by Cisco Press.
Ivan
Publisher:
Pepelnjak,
Cisco Press
CCIE No. 1354, is the Chief Technology Advisor and member of the board
withPub
NIL
Data
(www.NIL.si), a high-tech data communications company
Date:
JuneCommunications
06, 2003
that focuses
on
providing
high-value
services in new-world service provider technologies.
ISBN: 1-58705-112-5
Pages: 504
Ivan has more than 10 years of experience in designing, installing, troubleshooting, and
operating large corporate and service provider WAN and LAN networks, several of them
already deploying MPLS-based virtual private networks (VPNs). He is the author or lead
developer of a number of highly successful advanced IP courses covering MPLS/VPN, BGP,
OSPF, and IP QoS, and he is the architect of NIL's remote lab solution. Ivan's previous
WithMPLS and
VPN Architectures,
II , you'll
learn:
publications
include
MPLS and VPNVolume
Architectures
and
EIGRP Network Design Solutions, by
Cisco Press.
How toisintegrate
access
technologies
intoPacific
the backbone
providing
Jeff Apcar
a Senior various
Design remote
Consulting
Engineer
in the Asia
Advanced
ServicesVPN
to Systems.
many different
types
customers
groupservice
at Cisco
He is one
of of
the
Cisco lead consultants on MPLS in the region and
has designed MPLS networks for many service providers in AsiaPac using packet-based and
The new
PE-CE
options
as well
other advanced
including(500+
per-VPN
cell-based
MPLS.
Jeffrouting
has also
designed
and as
maintained
large IPfeatures,
router networks
Network
Address
Translation
(PE-NAT)
nodes) and has a broad and deep range of skills covering many facets of networking
communications.
How VRFs can be extended into a customer site to provide separation inside the
customer
network
Jeff has
more than
24 years of experience in data communications and holds Dip. Tech
(Information Processing) and B.App.Sc (Computing Science) (Hons) from the University of
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
Technology, Sydney, Australia.
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
About the Technical Reviewers
Matthew H. Birkner, CCIE No. 3719, is a Technical Leader at Cisco Systems, specializing in
IP and MPLS network design. He has influenced multiple large carrier and enterprise designs
worldwide.
Matt
spoken at Cisco Networkers on MPLS VPN technologies in both the U.S.
•
Tablehas
of Contents
and
EMEA
over
the
past
few years. A "double CCIE", he has published the Cisco Press book,
•
Index
Cisco
Internetwork
Design.
Matt holds a BSEE from Tufts University, where he majored in
MPLS and VPN Architectures, Volume II
electrical engineering.
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
Dan Tappan is a distinguished engineer at Cisco Systems. He has 20 years of experience
withPublisher:
internetworking,
Cisco Press having worked on the ARPANET transition from NCP to TCP at Bolt,
Beranek,
and
Newman.
Pub Date:
June
06, 2003 For the past several years, Dan has been the technical lead for
Cisco'sISBN:
implementation
1-58705-112-5 of MPLS (tag switching) and MPLS/VPNs.
Pages: 504
WithMPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
About the Content Reviewer
Monique Morrow is currently CTO Consulting Engineer at Cisco Systems, Inc. She has 20
years of experience in IP internetworking that includes design, implementation of complex
customer
projects,
service development for service providers. Monique has been involved
•
Table of and
Contents
in
developing
managed
network services such as remote access and LAN switching in a
•
Index
service
provider
environment.
She has worked for both enterprise and service provider
MPLS and VPN Architectures, Volume II
companies in the United States and in Europe. She led the Engineering Project team for one
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
of the first European MPLS-VPN deployments in 1999 for a European service provider.
Publisher: Cisco Press
Pub Date: June 06, 2003
ISBN: 1-58705-112-5
Pages: 504
WithMPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
Acknowledgments
Every major project is a result of teamwork, and this book is no exception. We'd like to thank
everyone who helped us in the long writing process: our development editor, Grant Munroe,
who
helped us
with
the intricacies of writing a book; the rest of the editorial team from Cisco
•
Table
of Contents
Press;
and
especially
our reviewers, Dan Tappan, Matt Birkner, and Monique Morrow. They
•
Index
not
only
corrected
our
errors and omissions, but they also included several useful suggestions
MPLS and VPN Architectures, Volume II
to improve the quality of this publication.
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
Jeff would like to thank his management team Tony Simonsen, Michael Lim, and Steve Smith,
for Publisher:
providing
Cisco
thePress
time and encouragement to do the book. Also special thanks to the guys in
the Pub
AsiaPac
Lab06,
Group,
Date: June
2003 Nick Stathakis, Ron Masson, and George Lerantges, who let him hog
lots of ISBN:
gear.1-58705-112-5
Last, Jeff would like to thank Jim and Ivan for inviting him to collaborate with
them.Pages: 504
Finally, this book would never have been written without the continuous support and patience
of our families, especially our wives, Sadie, Karmen, and Anne.
WithMPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
Introduction
Since our first MPLS book (MPLS and VPN Architectures ) was published by Cisco Press a few
years ago, MPLS has matured from a hot leading-edge technology—supporting Internet
services
andTable
leased-line–based
VPN solution—to a set of solutions that are successfully
•
of Contents
deployed
in
large-scale
service
provider
networks worldwide. A number of additional
•
Index
solutions
had
to
be
developed
to
support
the needs of these networks, and many additional
MPLS and VPN Architectures, Volume II
IOS services were made VPN-aware to enable the service providers to deploy the services
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
they were already offering within the new architectural framework. Therefore, it was a
natural step to continue on the path we charted with the first book and describe the
Publisher: Ciscomade
Press to MPLS architecture or its implementation in Cisco IOS in MPLS and
enhancements
VPNPub
Architectures:
Date: June 06, 2003
Volume II.
ISBN: 1-58705-112-5
Pages: 504
WithMPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
Who Should Read This Book?
This book is not designed to be an introduction to Multiprotocol Label Switching (MPLS) or
virtual private networks (VPNs); Volume I (MPLS and VPN Architectures ) provides you with
that knowledge. This book is intended to tremendously increase your knowledge of advanced
•
Table of Contents
MPLS VPN deployment
scenarios and enable you to deploy MPLS and MPLS VPN solutions in a
•
Index designs. Anyone who is involved in design, deployment, or
variety of complex
MPLS
and VPN Architectures,
Volume
II
troubleshooting
of advanced
or large-scale
MPLS or MPLS VPN networks should read it.
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press
Pub Date: June 06, 2003
ISBN: 1-58705-112-5
Pages: 504
WithMPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
How This Book Is Organized
Although this book could be read cover-to-cover, it is designed to be flexible and allow you to
easily move between chapters and sections of chapters to cover just the material that you
need more information on. If you do intend to read them all, the order in the book is an
•
Table of Contents
excellent sequence
to use.
•
Index
MPLS and
VPN Architectures, Volume II
Part
I: Introduction
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
Chapter 1, "MPLS VPN Architecture Overview," serves as a refresher to the information
contained within MPLS and VPN Architectures. It does not describe the MPLS or MPLS VPN
Publisher: Cisco Press
technology
in detail; if you need baseline MPLS or MPLS VPN knowledge, read MPLS and VPN
Pub Date: JuneVolume
06, 2003 I first.
Architectures:
ISBN: 1-58705-112-5
Part II:
Advanced
PE-CEConnectivity
Pages:
504
Chapter 2, "Remote Access to an MPLS VPN," discusses integration of access technologies
such as dial, DSL, and cable into an MPLS VPN backbone. This chapter shows how you can
integrate various access technologies into the backbone, thereby providing VPN service to
many types of customers.
WithMPLS and VPN Architectures, Volume II , you'll learn:
Chapter 3, "PE-CE Routing Protocol Enhancements and Advanced Features," builds on Volume
1 of the MPLS and VPN Architectures book and introduces more advanced options/features for
How to integrate various remote access technologies into the backbone providing VPN
OSPF connectivity as well as support for IS-IS and EIGRP routing protocols.
service to many different types of customers
Chapter 4, "Virtual Router Connectivity," discusses the use of the VRF constructs to build
The new PE-CE routing options as well as other advanced features, including per-VPN
virtual router type connectivity, extending the VRF concept to the CE router. This chapter also
Network Address Translation (PE-NAT)
discusses new VRF-related features, including VRF-lite and PE-based network address
translation
(PE-NAT).
How VRFs
can be extended into a customer site to provide separation inside the
customer network
Part III: Advanced Deployment Scenarios
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
Chapter 5, "Protecting the MPLS-VPN Backbone," looks at various security issues within the
backbone
backbone and describes the necessary steps that a service provider must take to protect the
backbone
any customer
attached VPN
sites. traffic inside a VPN
How and
to carry
multicast
Chapter
"Large-Scale
Routing
and Multiple
Provider
Connectivity,"
describes
the
The6,
latest
inter-carrier
enhancements
to Service
allow for
easier and
more scalable
deployment
advanced
features,
designs,
and
topologies
that
were
made
possible
with
the
enhancements
of inter-carrier MPLS VPN services
to Cisco IOS since the first MPLS and VPN Architectures book was written.
Advanced troubleshooting techniques including router outputs to ensure high availability
Chapter 7, "Multicast VPN," discusses the deployment of IP multicast between VPN client
sites.
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
Chapter
8, deployment
"IP Version 6architectures,
Across an MPLS
Backbone,"
discusses
a model
(6PE)
that gives
the
topics and
Volume
II provides
readers
with the
necessary
tools
service
providers
an
option
to
provide
IPv6
connectivity
across
an
MPLS-enabled
IPv4
they need to deploy and maintain a secure, highly available VPN.
backbone.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Part
IV: Troubleshooting
Architecture.
Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
Chapter 9, "Troubleshooting of MPLS-Based Solutions," provides a streamlined methodology
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
for identifying faults in MPLS solutions and troubleshooting an MPLS VPN backbone.
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
Icons Used in This Book
Throughout this book, you will see the following icons used for networking devices:
•
Table of Contents
•
Index
MPLS and VPN Architectures, Volume II
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press
Pub Date: June 06, 2003
ISBN: 1-58705-112-5
Pages: 504
WithMPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
The following icons are used for peripherals and other devices:
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
The
following
icons
are used
and network
integrate
these
features
into for
the networks
VPN backbone.
Part IIIconnections:
details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
•
Table of Contents
•
Index
MPLS and VPN Architectures, Volume II
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press
Pub Date: June 06, 2003
ISBN: 1-58705-112-5
Pages: 504
WithMPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
Command Syntax Conventions
The conventions used to present command syntax in this book are the same conventions used
in the IOS Command Reference. The Command Reference describes these conventions as
follows:
•
Table of Contents
•
Index
MPLS and VPN Architectures, Volume II
Vertical bars (|) separate alternative, mutually exclusive elements.
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
Square brackets [ ] indicate optional elements.
Publisher: Cisco Press
Braces { } indicate a required choice.
Pub Date: June 06, 2003
ISBN: 1-58705-112-5
Braces
within brackets [{ }] indicate a required choice within an optional element.
Pages: 504
Boldface indicates commands and keywords that are entered literally as shown. In
actual configuration examples and output (not general command syntax), boldface
indicates commands that are manually input by the user (such as a show command).
Italics indicate arguments for which you supply actual values.
WithMPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
Part I: Introduction
Chapter 1 MPLS VPN Architecture Overview
•
Table of Contents
•
Index
MPLS and VPN Architectures, Volume II
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press
Pub Date: June 06, 2003
ISBN: 1-58705-112-5
Pages: 504
WithMPLS and VPN Architectures, Volume II , you'll learn:
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the
customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
Chapter 1. MPLS VPN Architecture
Overview
•
Table of Contents
Virtual private
networks (VPNs) have recently received a lot of attention from equipment
•
Index
manufacturers,
consultants,
network
designers, service providers, large enterprises, and end
MPLS and VPN Architectures,
Volume
II
users
due
to
their
cost
advantages
over
traditional enterprise networks. As with most
ByJim Guichard, Ivan Pepelnjak, Jeff Apcar
technologies, the foundation for today's VPN networks and underlying technologies was
created more than 20 years ago. During its development, end users discovered that it made
Publisher: Cisco Press
financial
sense to replace links between sites in their own private network with virtual
Pub Date: June
06, 2003
connections
across
a shared infrastructure. The assumption for doing this was that a shared
ISBN: 1-58705-112-5
environment
(or VPN) is equivalent in terms of security and privacy to the network (links) it
was replacing.
Pages: 504
This chapter reviews the basic Multiprotocol Label Switching (MPLS) and MPLS-based VPN
concepts and terminologies to ensure an understanding of the terms used in this book. It also
covers the latest developments in the MPLS VPN arena and how they enable the service
provider to offer new MPLS-based services, such as remote access into an MPLS-based VPN
WithMPLS and VPN Architectures, Volume II , you'll learn:
or Internet Protocol (IP) multicast within a VPN. These developments are also described in
depth in later chapters.
How to integrate various remote access technologies into the backbone providing VPN
service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN
NOTE
Network Address Translation (PE-NAT)
You
find
more
in-depth descriptions
of these
concepts
additional
MPLS
Howcan
VRFs
can
be extended
into a customer
site to
provideand
separation
inside
theor
VPN
background
information
in
Ivan
Pepelnjak
and
Jim
Guichard's
MPLS
and
VPN
customer network
Architectures (Volume I), published by Cisco Press, which is a prerequisite to
understanding
this
book.
The latest MPLS
VPN
security features and designs aimed at protecting the MPLS VPN
backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment
of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability
MPLS and VPN Architectures, Volume II , builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced
topics and deployment architectures, Volume II provides readers with the necessary tools
they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II , begins with a brief refresher of the MPLS VPN
Architecture. Part II describes advanced MPLS VPN connectivity including the integration of
service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing
protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to
integrate these features into the VPN backbone. Part III details advanced deployment issues
including security, outlining the necessary steps the service provider must take to protect the
backbone and any attached VPN sites, and also detailing the latest security features to allow
more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN
troubleshooting.
MPLS and VPN Architectures, Volume II , also introduces the latest advances in customer
integration, security, and troubleshooting features essential to providing the advanced
.PDF 
611 
540 
58 
