Use of BGP and MPLS VPNs: A Case Study Fred P. Baker CCIE#3555.

Page 1

Use of BGP and MPLS VPNs: A Case Study

Fred P. Baker

CCIE#3555

Page 2

Contents

• Current Network

• The MPLS VPN project

• Routing Objectives

• What we did

• How we tested

Page 3

Current Network

Page 4

Current Environment

• Hub and spoke to 4 data centers– Sites do not in general connect to 2 data centers due

to cost and OSPF issues• Generally place servers by geography

– You servers are in the data center your links are in• Mostly Frame Relay to ATM interworking with

some private lines– 70 of some 350 remote sites have 2 links

• ATM PVC dual mesh between the data centers• 12000 agent location network done by MCI with

combination of DSL and Fractional T1

Page 5

Address Space• 10.0.0.0/8

– Mostly inside – Some BP

• 192.168.0.0/16– Used all over

• 172.16.0.0/12– Extranet

• 167.127.0.0/16– Public address space– Used mostly by extranet– Some legacy inside

Page 6

Core

• ATM PVCs

• 2 10meg between each pair of data centers

• 2 routers on the core

• So 2 meshes

Page 7

Allstate Core

rt5

rt7

rt6

rt7

rt6

rt1

rt1

rt1

HO LAN

IPX@DLAN

ADCLAN

IPC@ HLAN

Page 8

10.0.0.0 address allocation/11 for core 1 per data center

rt5

rt7

rt6

rt7

rt6

rt1

rt1

rt1

HO IP AddressRange

10.32.x.x - 10.63.x.x

IPX@DIP Address Range

10.128.x.x - 10.159.x.x

ADCIP Address Range

10.96.x.x - 10.127.x.x

IPC@ HIP Address Range

10.64.x.x - 10.95.x.x

CoreIP Address Range10.0.x.x - 10.31.x.x

Page 9

Allstate Data Center

OS/390 VIPATotal Stub AreaAgent BB

Total Stub Area

Data CenterAreas

AREA 0

SiSi

SiSi

SiSi

SiSi

SiSi

DLSWDistribution

Router

WAN CoreArea 0

OSPFRemote SiteTotal StubATM/FR

EIGRPDual DC sites

OSPFRemote SiteTotal Stub

CoreRouter

CoreRouter

SwitchingRouter

OSPFRemote SiteTotal Stub

CoreSwitch

SwitchingMSFC

CoreSwitch

DistributionMSFC

SwitchingRouter

AccessMSFCs

DistributionSwitch

Core Router: Communicates between Data CentersSwitching Router: Talks to other routersDistribution Router: Talks to other networks/Routing domainsAccess Router: First hop router

OSPFRemote SiteTotal Stub

Direct Connect

Page 10

Routing Protocol

• Single OSPF AS

• Cisco and OS/390 based routers only

• Firewalls now static routed

• Peer authentication soon

Page 11

Remote sites

• AT&T frame relay at the site

• ATM into the data center

• Some ISDN backup

• A remote site is connected to a single data center (for now)

• Servers and applications tend to have geographic affinity

Page 12

Remote Site swdc-all-

rt1

swdc-all-rt7

adc-all-rt7

adc-all-rt1

IPC@D LAN

ADC LAN

CoreConnection

CoreConnection

StandardAccess

with ISDN

Standard AccessE

ther

net

EhancedAccessDual Rtr

Dual WAN

Eth

erne

t

Enhanced Access

Enhanced Access

PremiumAccessDual Rtr

Dual WANMult DC

Eth

erne

t

Premium

Premium

Premium

Page 13

Remote Site Switch Layer Layer 2 Network with

Spanning Tree

SiSi SiSi

VLAN 1 VLAN1

Trunk with Vlan 1, 2 Trunk with Vlan 1, 2

VLAN2

Trunk with Vlan 1, 2

MDF #1Spanning Tree RootBridge Priority 100

MDF #2Backup Root

Bridge Priority 200

Gig Fiber Gig Fiber

Cost 4

X X X

RP RP

RP

RP RP RP

DPDP

DP DP

DP DP

DPDP

Cost 4 Cost 4

Cost 4Cost 4 Cost 4

Cost 19Cost 19

Cost 3019 Cost 3019 Cost 3019

Page 14

Agent Broadband

• 10,000 locations• Connected via IPSEC VPN• WorldCom managed routers• NO split tunneling• IPSec Transport with GRE tunnel to Dallas

and Hudson• Agent PCs are 10.*.*.*• Agent access is via Allstate Internet Proxy

Page 15

Overview

SPOKEEIGRPAS 519

eBGPeBGP

OSPF NSSA TSAREA 160

OSPF NSSA TSAREA 161

OSPFAREA 0

10.88.212.128/2510.88.212.0/2510.151.212.0/25 10.151.212.128/25

10.66.2.240/2810.128.2.240/28

192.168.1.0/24192.168.2.0/24

192.168.3.0/24

erie-Intranet

e2 .1

e1 .1 e0 .1

e1 .2

LB0 10.12.0.69/30

e0 .241

e0 .245

LB0 10.12.0.85/30Lakewood DS1

e1 .2

e2 .131

e0 .246

e1 .130

e2 .3LB0 10.12.0.89/30

Lakewood DS2

Lakewoodback-end

e0 .2

LB0 10.12.0.45/30Sanduskyback-end

e1 .241

LB0 10.12.0.61/30Sandusky DS1

e1 .245

e0 .2

e2 .131

e1 .246

LB0 10.12.0.65/30Sandusky DS2e2 .3

e3 .130

f0/0 .4f0/1 .132

LB1 192.168.24.129/32LB2 192.168.24.254/32LINCOLN (DSL)

LB1 192.168.24.130/32LB2 192.168.24.253/32KITTY HAWK (T1)

f0/1 .133f0/0 .5

f0/0 .4f0/1 .132 f0/0 .5

f0/1 .133

LB1 192.168.24.1/32LB2 192.168.24.126/32TR (DSL)

LB1 192.168.24.2/32LB2 192.168.24.125/32IKE (T1)

WorldCom ITSO Internet LAB Connectivity

DSL SitesT1 Sites

AVENGER10.160.1.1/26

DEFENDER10.160.2.1/26

DEVESTATOR10.160.3.1/26

BURKE10.162.161.1/26

RAMAGE10.162.162.1/26

STOUT10.162.163.1/26

Hub VPN Router RedistributionEIGRP AS 519 BGP ASBGP AS EIGRP AS 519Hub site routers to not peer in EIGRP AS 519. VPNrouters only peer with DS routers at the hub sitethrough eBGP.

Downstream Router RedistributionBGP AS OSPF ProcessSTATIC Routes BGP AS network

All redistribution is controlled by route-mapstatements filtering only desired routes.

Nauticus(Allstate Lab Mockup)

Current Solution

Page 16

Agent Broadband in Data Center

U9

09

77

CA

T4

Cis

co

Sy

ste

ms

29

48

GN

etw

ork

10

.15

1.2

10

.0 /

25

SC

0 1

0.8

8.2

10

.12

3

U8

54

67

CA

T3

Cis

co

Sy

ste

ms

29

48

GN

etw

ork

10

.88

.21

0.1

28

/2

5S

C0

10

.88

.21

0.2

50

U8

55

15

CA

T2

Cis

co

Sy

ste

ms

29

48

GN

etw

ork

65

.22

1.2

30

.64

/26

SC

0 6

5.2

22

.45

.68

U8

55

14

CA

T1

Cis

co

Sy

ste

ms

29

48

GN

etw

ork

65

.22

1.2

30

.0/2

6S

C0

65

.22

1.2

30

.4

C is c o 1 2 0 0 0 c s e r ie s

C is c o 1 2 0 0 0 c s e r ie s

C is c o 1 2 0 0 0 c s e r ie s

C is c o 1 2 0 0 0 c s e r ie s

GW9.DFW9

POS4/1Primary

OC-3/155MbpsPOS2/0

157.130.148.32/30 .34

.33

GE6/0

.1GE5/0 2/49

2/50

.66

HSRP Standby Group 1 =.3HSRP Standby Group 2 = .67

GE6/0

.2GE5/0

.65

2/49

2/50

Cisco Systems12008

Cisco Systems12008

U85514E2

Cisco Systems 7206VXRVPN Routers

Loopback 0 /32 from192.168.24.0/24 Network

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

FE2/0

U85515C1-CTALLSTA01US

U85515C3-CTALLSTA03US

U85515C5-CTALLSTA05US

U85515C7-CTALLSTA07US

U85515C9-CTALLSTA09US

U85515C11-CTALLSTAAHUS

U85515C13-CTALLSTAABUS

U85515C15-CTALLSTAADUS

U85515C17-CTALLSTAAFUS

U85515C19-NOT INSTALLED

U85515C21-NOT INSTALLED

U85515C23-NOT INSTALLED

U85515C25-NOT INSTALLED

U85515C27-NOT INSTALLED

U85515C29-NOT INSTALLED

U85515C31-NOT INSTALLED

U85515C33-NOT INSTALLED

U85515C35-NOT INSTALLED

.7

.8

.9

.10

.11

.12

.13

.14

.15

U85514C2-CTALLSTA02US

U85514C4-CTALLSTA04US

U85514C6-CTALLSTA06US

U85514C8-CTALLSTA08US

U85514C10-CTALLSTAAIUS

U85514C12-CTALLSTAAAUS

U85514C14-CTALLSTAACUS

U85514C16-CTALLSTAAEUS

U85514C18-CTALLSTAAGUS

U85514C20-NOT INSTALLED

U85514C22-NOT INSTALLED

U85514C24-NOT INSTALLED

U85514C26-NOT INSTALLED

U85514C28-NOT INSTALLED

U85514C30-NOT INSTALLED

U85514C32-NOT INSTALLED

U85514C34-NOT INSTALLED

U85514C36-NOT INSTALLED

.71

.72

.73

.74

.75

.76

.77

.78

.79

2/1

2/3

2/5

2/7

2/9

2/11

2/13

2/15

2/17

2/19

2/21

2/23

2/25

2/27

2/29

2/31

2/33

2/35

2/2

2/4

2/6

2/8

2/10

2/12

2/14

2/16

2/18

2/20

2/22

2/24

2/26

2/28

2/30

2/32

2/34

2/36

2/2

2/4

2/6

2/8

2/10

2/12

2/14

2/16

2/18

2/20

2/22

2/24

2/28

2/26

2/30

2/32

2/34

2/36

2/1

2/3

2/5

2/7

2/9

2/11

2/13

2/15

2/17

2/19

2/21

2/23

2/25

2/27

2/29

2/31

2/33

2/35

FE0/1 .19FE0/0 .147

FE0/1 .20FE0/0 .148

FE0/1 .21FE0/0 .149

FE0/1 .22FE0/0 .150

FE0/1 .23FE0/0 .151

FE0/1 .24FE0/0 .152

FE0/1 .25FE0/0 .153

FE0/1 .26FE0/0 .154

FE0/1 .27FE0/0 .155

FE0/1 .1FE0/0 .130

FE0/1 .2FE0/0 .131

FE0/1 .3FE0/0 .132

FE0/1 .4FE0/0 .133

FE0/1 .5FE0/0 .134

FE0/1 .6FE0/0 .135

FE0/1 .7FE0/0 .136

FE0/1 .8FE0/0 .137

FE0/1 .9FE0/0 .138

LB0 .38

LB0 .40

LB0 .425

LB0 .44

LB0 .46

LB0 .48

LB0 .50

LB0 .52

LB0 .54

LB0 .2

LB0 .4

LB0 .6

LB0 .8

LB0 .10

LB0 .12

LB0 .14

LB0 .16

LB0 .18

2/50

2/49

2/49

2/50

GE1/0

GE0/0

GE2/0

GE2/0

GE1/0

GE0/0

2/36

2/34

2/32

2/30

2/28

2/26

2/24

2/22

2/20

2/18

2/16

2/14

2/12

2/10

2/8

2/6

2/4

2/2

2/35

2/33

2/31

2/29

2/27

2/25

2/23

2/21

2/19

2/17

2/15

2/13

2/11

2/9

2/7

2/5

2/3

2/1

HSRP Standby Group 1 =.3HSRP Standby Group 2 = .67

U85515TS1

U85514TS2

FE0/0 .6FE0/1 .70

FE0/1 .5FE0/0 .69

Host Table Loopback192.168.24.252

Host Table Loopback192.168.24.254

Access to console forall U85515 equipment

and U85514TS2.

Access to console forall U85514 equipment

and U85515TS1.

2/482/47

2/482/47

OSPFNSSA

NO SUMMARYAREA 160

OSPF exceptsBGP routes via

filtering.

Network10.128.2.240/29

AS 65021

AS 65023

AS 65025

AS 65027

AS 65029

AS 65031

AS 65033

AS 65035

AS 65037

AS 65003

AS 65005

AS 65007

AS 65009

AS 65011

AS 65013

AS 65015

AS 65017

AS 65019

AS 65001

AS 65001U85515DS1

U85514DS2

.252

.125

.251

.124

swdc-mdf-rsw2loopback 010.12.0.69

swdc-mdf-rsw3

loopback 010.12.0.77

.241.244GE4/1

GE4/1.242 .243

Static routes anchoredto Allstate Loopback0

and advertized in BGP:10.0.0.0/810.32.0.0/1110.128.0.0/1164.94.5.0/24166.90.140.0/24167.127.0.0/16172.16.0.0/12192.168.0.0/16

eBGP peering

LB0 10.12.0.97/30LB1 65.218.69.29/32

LB0 10.12.0.93/30LB1 65.218.69.30/32

Static routes anchoredto Allstate Loopback0

and advertized in BGP:10.0.0.0/810.32.0.0/1110.128.0.0/1164.94.5.0/24166.90.140.0/24167.127.0.0/16172.16.0.0/12192.168.0.0/16

AllstateIrving Texas

SouthWest Data CenterSuper Hub

U85515E1

Each VPN has its own EIGRPAS 519 routing domain. EIGRP

AS 519 and BGP mutuallyredistribute routes via filtering.

GW7.DFW7

POS2/0.110

POS1/1

.109

ShadowOC-3/155Mbps

157.130.148.108/30

Page 17

Agent office

glic-mdf-rsw2 - Cisco 6509port - tba

Allstate Northbrook - GGG Allstate IPC Hudson

IPC Hudson - Agency Broadband QOS Test

VLAN 66

Allstate FE - IP 10.66.2.245Mask 255.255.255.248

Test Crypto - 7200 VXR

Test Downstream - 7200

MCI Inet

Production Edge

Test 1751 Spoke -u82977

Allstate LAN - IP 10.173.193.1Mask 255.255.255.192

Production LAN switch

Production LAN switch

Topology for MCI QOS Test

FILENAME: Mciqos.vsd Page: 1 of 1Author: Network EngineeringLast Updated: July 7, 2003

Allstate FE - IP 10.66.2.243Mask 255.255.255.248

Ethernet

Static routesAllstate Data Network 10.0.0.0/8

Allstate agent LAN 10.173.185.1/26VPN router to downstream

Agent router public interfaceVPN router public interface

192.168.25.0/25

Page 18

Internet/Extranet

• We do not use the default route

• There are 3 data center with ISP connections

• We code static routes to the firewalls (we don’t trust firewalls running dynamic routing protocols) and redist to OSPF

Page 19

The project

Page 20

The project

• We use a single data network provider

• This is a single point of failure of that providers ATM/Frame networks

• Add a second data provider– Initially to use for the dual attached sites– Then convert 1 of the core ATM meshes to

the second provider

Page 21

Layer 2 vs Layer 3 provider

• Frame Relay is layer 2 connectivity– The routers have a direct peering relationship

• Many providers are offering Layer 3– Costs are the same or even less– MPLS VPN is the data transport

• Many providers are using MPLS to move even layer 2 networks

– You have a routing relationships with the provider not with yourself

• So More complex to configure and fix• Not a simple OSPF network anymore

Page 22

Which one we picked

• Layer 3…– DR becomes free do not need to run more PVCs to a

DR data center– The data center placement of servers assumption is

changing• Apps are being put to 1 DC

– Also there is more site to site traffic than we expect– So we can reduce traffic on the ATM core– And increase response time– Do dual homed sites first convert 1 link to L3– Single homed late

Page 23

MPLS VPN

VPN A/Site 1

VPN A/Site 2

VPN A/Site 3

VPN B/Site 2

VPN B/Site 1

VPN B/Site 3

CEA1

CEB3

CEA3

CEB2

CEA2CE1B1

CE2B1

PE1

PE2

PE3

P1

P2

P3

10.1/16

10.2/16

10.3/16

10.1/16

10.2/16

10.4/16

Page 24

Route types

• CE customer Edge– your router– run BGP to provider– Knows nothing about other customers or provider

routes

• PE provider Edge– Knows about all local customer VPNS– Has multiple routing tables

• P providers– Transport only– No customer routes

Page 25

Routing objectives

• Support load share from the home DC

• Remote site goes direct to non home DC over L3

• Remote site directly to remote site

• Reduce transit of the core

• Support a L3 provider in the core replacing 1 ATM mesh

• Do not use remote sites to transit traffic

Page 26

Technical Objectives

• Limit the number of bgp attributes used

• Keep the remote site configuration simple

• Do not inject the default route unless you must

• How to inject the Internet routes

Page 27

Routing protocol design

Page 28

Don’t forget the 3 rules of routing

• Longest subnet mask

• Lowest distance

• Best metric

Page 29

BGP features we used

• As path

• Path length filters

• No export

• Backdoor

• If AS Paths are equal then router uses eBGP route

Page 30

How to route

• Must look at the routes going BOTH ways– Routes to – Routes from

• The routes you advertise drags traffic to you• The routes you take in is how you route back• We load share by having each router use a

different path, then send equal cost into IGP

Page 31

Result• Use MPLS VPN based L3 provider

• Remote sites 2nd link to L3

• Each data center connects to L3

• Will not use L3 to route between DCs due to QoS concerns

Frame-RelayRouter

Frame-Relay L3

L3 Router

Data Center #1Frame-Relay

RouterL3 Router

Data Center #2Frame-Relay

RouterL3 Router

Core ATM PVCMesh

BGP AS 65401 BGP AS 65402

BGP AS 650xx

Remote-Site X

iBGP

SiSiSiSi

OSPF 500

Page 32

Routing

• Use BGP at remote sites– Can use OSPF with SOME providers but not all– BGP works much better– Each site is 1 AS

• EACH data center is 1 AS– This allows us to put an L3 provider in later– BGP routes BETWEEN ASes

• Address ASes from private space• This is ok because provider is a VPN

Page 33

Route injection to/from BGP

• Allstate Data Center – Explicit network statements to BGP– Redist BGP to OSPF

• Remote site routes– Redist from OSPF

• Decided that using network statements to complex

– BGP routers send just default route to any switches• We will accept the extra LAN transit

• Internet routes– Redist static

Page 34

Internet routes

• There will be non BGP L3 switches between Inet and allstate core

• Redist static into OSPF already

• So just redist into BGP also

• Put internet router in same AS as datacenter (have to as no direct path)

• Use sync

• Send to L3 provider and to sites over L3

Page 35

BGP to L3 provider (and then remote sites

• Data center side– Send data center /11s– Send internet routes– Take routes from L3 provider– Do not forward other eBGP learned routes

• Remote site side– Send all local routes– do not forward other learned eBGP routes– Remember the no export to kill transit– Receive all routes

• Want to take L3 when I can

Page 36

DC to Remote site FR

• Send all bgp derived routes

• Do as prepend of the data center AS

• This makes AS path =2 for DC on FR and L3 paths

• This makes AS Path=3 for DC to DC via ATM core so site to remote DC traffic over L3

Page 37

Remote site to DC on FR

• Do as prepend of 1 AS at remote end

• Need this so FR and L3 paths have AS Path=2 so we load share

• Filter routes with AS Path >1 – I only want to send the local site routes up the

FR link– Do not want DC to send transit traffic to site

Page 38

IBGP in the remote site• Set next hop self• Routers must have a shared Enet• No redist of BGP to OSPF• So cant use sync so cant transit a L3 switch• Do not forward routes I learn via FR• Do not want a transit from L3 up the FR link• Do not want a transit to L3 from FR link• Set no export attribute on routes from DC over the FR

link• This prevents site from passing them to L3• Cannot AS path filter on IBGP because I want to pass

the DC route via iBGP– Why I use no export

Page 39

Results

Page 40

DC to DC

• Each site learns over ATM network with AS Path = 1

• Cannot route over L3 provider

Frame-RelayRouter

Frame-Relay L3

L3 Router

Data Center #1Frame-Relay

RouterL3 Router

Data Center #2Frame-Relay

RouterL3 Router

Core ATM PVCMesh

BGP AS 65401 BGP AS 65402

BGP AS 650xx

Remote-Site X

iBGP

SiSiSiSi

OSPF 500

Page 41

Remote site to non home dc

• Non home DC sent via L3 AS Path = 2

• Home data sends via FR AS Path = 3 due to prepend– Use if L3

down

BGP AS 65401

Frame-RelayRouter

Frame-Relay L3

L3 Router

Data Center #1Frame-Relay

RouterL3 Router

Data Center #2Frame-Relay

RouterL3 Router

Core ATM PVCMesh

BGP AS 65402

BGP AS 650xx

Remote-Site X

iBGP

SiSiSiSi

OSPF 500

Page 42

non home dc to remote site

• Non Home DC learns remote site routes from L3

• Home data center sends only the /11 summary

• so longest match says L3

Frame-RelayRouter

Frame-Relay L3

L3 Router

Data Center #1Frame-Relay

RouterL3 Router

Data Center #2Frame-Relay

RouterL3 Router

Core ATM PVCMesh

BGP AS 65402

BGP AS 650xx

Remote-Site X

iBGP

SiSiSiSi

OSPF 500

BGP AS 65401

Page 43

home dc to remote site

• Load share• Routes from L3

have AS Path = 2

• Routes from FR have AS Path = 2 due to prepend

• So each router uses eBGP route

Frame-RelayRouter

Frame-Relay L3

L3 Router

Data Center #1Frame-Relay

RouterL3 Router

Data Center #2Frame-Relay

RouterL3 Router

Core ATM PVCMesh

BGP AS 65402

BGP AS 650xx

Remote-Site X

iBGP

SiSiSiSi

OSPF 500

BGP AS 65401

Page 44

remote site to home dc

• Don’t care as much about load share

• Routes from L3 have AS Path = 2

• Routes from FR have AS Path = 2 due to prepend

• So each router uses eBGP route

Frame-RelayRouter

Frame-Relay L3

L3 Router

Data Center #1Frame-Relay

RouterL3 Router

Data Center #2Frame-Relay

RouterL3 Router

Core ATM PVCMesh

BGP AS 65402

BGP AS 650xx

Remote-Site X

iBGP

SiSiSiSi

OSPF 500

BGP AS 65401

Page 45

remote site to remote site

• Use L3 network

• Learn site specific routes directly from site

• Learn /11 summaries from DCs

BGP AS 65401

Data Center #1Frame-Relay

RouterL3 Router

Data Center #2Frame-Relay

RouterL3 Router

Core ATM PVCMesh

BGP AS 65402

Frame-RelayRouter

Frame-Relay

L3

L3 Router

BGP AS 650xx

Remote-Site 1

iBGP

SiSiSiSi

OSPF 500

Frame-RelayRouter L3 Router

BGP AS 650xx

Remote-Site 2

iBGP

SiSiSiSi

OSPF 500

Page 46

Agent routes

• Only dual DC connected things that don’t use BGP• Many routes summarized as /19s• I get these from MCI as OSPF externals• Have not decided how to inject them• They go to two data centers for redundancy• So I need to send them via BGP• So a router will get an OSPF external from the local MCI

connection and the other data center via BGP• eBGP < OSPF so BOOM• Use backdoor on core routers to set distance on the

agent routes to > than OSPF• So if local MCI connection up use it, else transit core

Page 47

Testing

Page 48

Local Testing

• Use 7 routers• 1 remote site

OSPF route not shown

• Paths– iBGP at remote– L3 – FR to home DC– Inter DC

TNG2TNG3

TNG4 TNG7

TNG1

TNG5

10.60.2.9

10.60.2.10

10.60.2.13

10.60.2.14

10.60.2.17

10.60.2.33

AS65000

AS100

OSPF

10.60.2.253

10.60.2.34

10.60.2.36

10.60.2.249

10.60.2.35

10.60.2.18

AS65001

Page 49

CPOC

• Cisco Proof Of Concept

• In Raleigh and San Jose

• Lab use is free (if you are big enough)

• Send in specific test plan

• Your SE goes in a week ahead of time

• Lab is all setup when you arrive

Page 50

Testing

• Test migrations• Test routing

– based on our policies– failovers

• Measure convergence• Test a migration of a core ATM mesh to L3• Get some data and experience on the MPLS

side• Try multicast over MPLS/VPN

Page 51

CPOC Network Diagram

Rem ote Site #5

R_CPE_RS5_A

AS 6500510.51.x.y

Rem ote Site #4

R_CPE_RS4_A

AS 6500410.102.x.y

Data Center #4

R_CPE_DC4_A R_CPE_DC4_B

SiSi

S_DC4_A

iBGP

R_EXT 4_A

iBGPiBGP

Data Center #3

R_CPE_DC3_A R_CPE_DC3_B

SiSi

S_DC3_A

iBGP

R_EXT 3_A

iBGPiBGP

Data Center #1

R_CPE_DC1_A

R_CPE_DC1_B

SiS i

S_DC1_A

iBGP

R_EXT 1_A

iBGP iBGP

Data Center #2

R_CPE_DC2_A R_CPE_DC2_B

SiS i

S_DC2_A

iBGP

R_EXT 2_A

iBGPiBGP

AS 6540210.130.x.y

AS 6540310.100.x.y

AS 6540410.40.x.y

AS 6540110.70.x.y

Rem ote Site #1

R_CPE_RS1_A R_CPE_RS1_B

AS 6500110.80.x.y

AS 6500210.81.x.y

SiSi SiSi

S_CPE_RS1_BS_CPE_RS1_A

Rem ote Site #2

R_CPE_RS2_A R_CPE_RS2_B

SiSi S iS i

S_CPE_RS2_BS_CPE_RS2_A

Allstate Core Migration - Network Setup

iBGPiBGP

MPLS Connection

BGP Connection

OSPF Connection

AS 100L3 Provider

(MPLS)

R_Core_A

R_Core_BR_PE_E

R_PE_F

Core ATM2 Meshes

S_LS

Fram e RelayFR_1

FR_2

R_PE_A

R_PE_B R_PE_C

R_PE_D

R_PE_G

10.10.x.y

R_CPE_DC1_C

iBGP

iBGP

AS 6500310.140.x.y

Rem ote Site #3

R_CPE_RS3_A R_CPE_RS3_B

SiS i SiS i

S_CPE_RS3_BS_CPE_RS3_A

iBGPR_CPE_RS2_C

PVCs- ries ling to ecu1 (DLCI 100 to DLCI 200)- ries ling to ecu2 (DLCI 120 to DLCI 220)- muscat to navy1 (DLCI 101 to DLCI 201)- muscat to navy4 (DLCI 121 to DLCI 221)

- chardonnay to ecu3 (DLCI 130 to DLCI 330)- chardonnay to navy3 (DLCI 131 to DLCI 331)

- pinot to ecu4 (DLCI 140 to DLCI 440)- merlot to navy5 (DLCI 150 to DLCI 550)

colby

cheedar

sw i ssparm esan

brie

feta cheesewhiz

rom ano

m ozzarel la

reisl ingm uscat

sem i l lon chardonnay cabernet pinotchabl is m erlot

baldheadborabora hawai i baham as

ecu1 navy2 ecu3navy1 ecu2 navy3

crete easter caym an aruba berm uda barbados

cobbler custard cookiecake

navy5ecu4

franzia

ricotta

navy4

Page 52

CPOC Learnings

• Inject all links both ATM core and L3 into BGP as they will source pings

• Turn sync off due to code defect• You must explicitly code send community in iBGP• If you reference a non-existent as-path statement NO

ROUTES• OSPF LSAs stay in the data base up to 90 minutes due

to timer jitter– This is a migration issue

• Do lots of clear routes/clear ip bgp in the migration• Need to change the BGP timers as default convergence

is 3 minutes• iBGP only sends the best route

Page 53

Going forward

• Already run BGP to some remote sites• Migrate the core to bgp first

– Do a dress rehearsal– Will be a big scary change so plan well

• Examine tools – May not be able to assume we will get traps– May have to watch the BGP tables for

changes

• Get a test connection in place