In this chapter, we have highlighted several issues that will be common to most implementations of the MPLS/VPN architecture.

MPLS/VPN requires BGP throughout the service provider network to support the exchange of VPN routes between the PE-routers. The infrastructure that must be put in place for the MPLS/VPN technology can also be utilized to migrate customer routes from the existing IGP routing protocol run within the service provider backbone to BGP. This results in a cleaner network design, a more stable core network, and a more scalable solution in the long run. Most of the MPLS/VPN implementations will also have to implement BGP scalability mechanisms, from route reflectors to confederations (assuming that next-hop-self is used between sub-AS boundaries) to reduce the full-mesh requirement imposed on iBGP sessions by the BGP protocol and to performance optimizations made possible by BGP peer groups in the Cisco Systems IOS.

Another important consideration in MPLS/VPN deployment is the usage of loopback interfaces as the endpoints of MP-iBGP sessions and related BGP next-hop issues. Although the MPLS/VPN architecture does not mandate it, the common guideline of configuring /32 subnets on loopback interfaces should be followed if at all possible. The subnets assigned to loopback interfaces should not be summarized in the IGP run in the service provider network?summarization of these loopback addresses will result in loss of VPN connectivity.

MPLS/VPN is usually deployed across WAN links connecting PE-routers with CE-routers. However, in some cases the PE-router and the customer router are linked with shared LAN media. In these scenarios, MPLS/VPN is best configured in combination with virtual LAN technologies (ISL, for example), and care should be taken to avoid any MTU issues such as the ones discussed in Chapter 5. Alternatively, IP-over-IP tunnels can be used, resulting in degraded security of the overall solution.

We have also seen several examples of how customer routers can be managed by the service provider (the same scenario applies to any common service offered by the service provider to its customers), and we have explored what issues are likely to occur based on the method chosen to implement the service.

    Part 2: MPLS-based Virtual Private Networks