© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Integrating Internet Access with MPLS VPNs Implementing Separate Internet Access and VPN Services
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Outline Overview Classical Internet Access for a VPN Customer Using Separate Subinterfaces Accessing the Internet from Every Customer Site Separate Internet Access Benefits and Limitations Summary
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Classical Internet Access for a VPN Customer
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Using Separate Subinterfaces Separate physical links for VPN and Internet traffic are sometimes not acceptable because of high cost. Subinterfaces could be used. –Over WAN links using Frame Relay or ATM encapsulation (including xDSL) –Over LAN links A tunnel interface could be used. –Over a VRF-aware tunnel, so that VPN traffic does not run over a global tunnel
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Example Configuration: Static Routes
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Example Configuration: Dynamic Routes
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Internet Access Through a Dedicated SubinterfaceTraffic Flow
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Every CE router needs two links (or subinterfaces) to its PE router. Using a separate link or links for Internet access will lead to a complex setup for this customer type. Internet Access at Every Customer Site
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Benefits: Well-known model Supports all customer requirements Allows all Internet services implementations, including a BGP session with the customer Drawbacks: This design model requires separate physical link or specific WAN encapsulation. PE routers must be able to perform Internet routing (and potentially carry full Internet routing). Wholesale Internet access or central firewall service cannot be implemented with this model. Benefits and Limitations of Separate Internet Access for the Service Provider
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Summary Classical Internet access for a VPN customer is based on a separated Internet access design model Separate subinterfaces can be used for implementing Internet access through global routing Internet access from every customer site can be supported but is often too complex or too expensive with classic Internet access. The main drawback of separate Internet access is that PE routers potentially carry full Internet routing table
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v