-
Cisco IP Solution Center MPLS VPN User Guide, 4.0
-
Index
-
About This Guide
-
IP Solution Center - MPLS VPN
-
Provisioning an Unmanaged Multi-VRF CE
-
MPLS VPN Service Policies
-
MPLS VPN Service Requests
-
Provisioning Regular PE-CE Links
-
Provisioning MVRFCE PE-CE Links
-
Provisioning Management VPN
-
Provisioning Cable Services
-
Provisioning Carrier Supporting Carrier
-
Spanning Multiple Autonomous Systems
-
Setting Up the Network
-
Service Request Transition States
-
Troubleshooting MPLS VPN
-
Feedback
Table Of Contents
A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - R - S - T - U - V - W -
Index
A
access domain 1-14
ACLs
on the PE-CE link 1-31
role in MPLS security 1-30
address space separation 1-27
advertised routes 4-14
allowAS-in option 3-24
attacks, types of 1-29
audience, for guide xxv
autonomous system (AS) number
number of occurrences in AS path 3-24
autonomous systems, spanning 11-1
auto-pick route target values 3-7
B
backbone carrier
definition 9-1
allowAS-in option 3-24
AS number for CE's network 3-24
community attribute 1-33
dampening 1-30
neighbor allowAS-in value 3-24
neighbor AS-override option 3-24
RDs and RTs 1-24
redistribute connected routes 3-23
redistributing protocols into BGP 3-24
route-target communities 1-25
security features 1-33
Border Gateway Protocol. See BGP
C
cable services
cable-CE, creating 8-6
CMTS 8-4
DOCSIS 8-4
maintenance subinterface, provisioning 8-6
MSO 8-4
primary IP address range 8-5
redistributing connected routes recommended 3-35
redistributing static routes 3-34
secondary IP address range 8-5
specifying no routing protocol 3-34
carrier supporting carrier. See CSC.
CE
BGP AS number for 3-24
cable-CE, creating 8-6
default routes to 3-17
description of 1-12
extra loopback address 3-14
managed CE considerations 7-2
OSPF process ID 3-27
routing context table 1-32
unmanaged CEs 7-1
CE present 3-10
CERC 3-37
auto-pick route target values 3-7
creating new CERC 3-6
full mesh 1-26
overview 1-25
route target values, entering 3-7
CERC not intialized C-5
closed state 4-2
CMTS 8-4
CNS 2100 Series Intelligence Engine
Wait Deployed state C-3
collection server 1-4, 1-12, 1-13, A-2, A-12
collection zones
assigning devices to A-14
defining A-13
devices assigned, list of A-15
confederation 11-8
configuration files
editing 4-35
security requirement 1-32
viewing 4-35
connected routes, redistributing 3-22, 3-25, 3-29, 3-33
crypto key generate rsa command A-4
CSC
creating a Service Request 9-5
defining a Service Policy 3-16, 3-17, 3-19, 3-23, 3-26, 3-30, 3-34, 9-5
definition 9-1
using MPLS 9-2
customer carrier
as a BGP/MPLS service provider 9-3
definition 9-1
D
dampening 1-30
Data Over Cable Service Interface Specifications. See DOCSIS
default information originate option 3-18
default routes 3-19
default routes to CE 3-17
denial-of-service attack 1-29
deployed state 4-2
deploying service requests 4-30
device access algorithm 4-4
Device Configuration Service (DCS) C-1
DOCSIS 8-4
documentation xxvi
document organization xxvi
download order for devices, specifying C-6
E
EBGP 3-23
edge device routers
access algorithm 4-4
SNMP, setting up A-4
editable attributes 3-8
EIGRP 3-29
metrics 3-31
encapsulations for each interface type 3-12
Ethernet-To-The-Home 10-9
export route map
defining name of 3-35
extranets 1-22
F
Failed Audit state C-3
failed audit state 4-3
failed deploy state 4-3
file descriptor limit, fixing problem with A-3
Frame Relay
IETF encapsulation 3-12
full mesh topology 1-26
definition 1-25
G
gateway of last resort 3-19
Generic Transport Library (GTL) C-1
H
hub-and-spoke topology 1-26
definition 1-25
hub route target 3-5
I
iBGP 3-23
IGP route label 11-6
import route map
defining name of 3-36
in-band connection 7-4
inter-autonomous systems
benefits 11-2
confederation 11-8
IGP route label 11-6
neighbor next-hop-self command 11-3
overview 11-1
redistribute connected command 11-5
redistribute connected subnets command 11-4
routing between AS's' 11-2
VPN route label 11-6
interfaces
cable maintenance subinterface, provisioning 8-6
encapsulations available 3-12
IP numbered 3-14
loopback, using existing number 3-15
subinterface numbers, how chosen by VPNSC 8-5
supported interfaces 3-11
Internet Service Provider. See ISP
intranets 1-22
intrusion attack 1-29
invalid state 4-3
Inventory and Connection Manager 3-2
IP address
keeping IP addresses on CE and PE intact C-6
IP addresses 3-8
automatically assigned 3-14
IP numbered with extra CE loopback 3-14
and network security 1-34
numbered 3-14
primary IP address range 8-5
secondary IP address range 8-5
unnumbered 3-14
in VPNs 1-13
IP address pools
and automatically assigned addresses 3-14
on the PE-CE link 3-8
and regions 3-15
IP Solution Center
device access algorithm 4-4
enabling TFTP A-8
network management subnet 1-12, A-2
servers, status of C-3
setting ISC workstation as TFTP server A-10
IP SolutionCenter
file descriptor limit A-3
ISP 8-5
secondary IP address range 8-5
J
jitter probes, enabling SA Agent for A-7
L
label spoofing 1-31
LDP authentication 1-32
login command A-4
login shell file A-3
loopback
extra loopback address on CE 3-14
interface number, using existing 3-15
and IP unnumbered addressing scheme 3-14
SR ID not included 3-16
loopback address missing C-6
lost state 4-3
M
managed CE
considerations 7-2
management route map 7-6
and export route map 3-36
and management route map 7-6
PE-CE links, provisioning 7-16
redistribute connected routes required 3-18
topology 7-5
maximum number of routes into VRF 3-36
MPE 7-5
and shadow CE 7-5
MPLS services
provisioning workflow C-1
MPLS VPNs 1-20
address space separation 1-27
CERCs in 1-25
characteristics 1-21
connectivity between 1-32
default routes to CE 3-17
extranets 1-22
implementation techniques 7-4
in-band connection 7-4
intranets 1-22
management VPN 7-5
multiple VPNS merged into a single VPN 1-33
out-of-band VPN 7-5
principal technologies 1-21
route-target communities 1-25
routing protocols 3-16
routing separation 1-27
service requests, defining 4-6, 4-15, 4-24, 7-9, 8-6, 8-11
VRF forwarding table 1-32
MPLS VPN Solution
security requirements 1-27
MSO
domain 8-4
primary IP address range 8-5
multicast
data MDT size 3-4
data MDT threshold 3-4
enabling 3-4
multicast domain (MD) 3-4, 4-4
multiple VPNS merged into a single VPN 1-33
Multi-VRF CE
data path 1-19
description of 1-18
switches for A-2
switch supported for 1-18
unlike a CE 1-19
MVRFCE PE-CE Link
creating a Service Policy 2-48, 6-6
creating a Service Request 6-18
overview 6-1
MVRFCE PE-NoCE Link
creating a Service Policy 6-12
creating a Service Request 6-27
N
neighbor allowAS-in value 3-24
neighbor AS-override option 3-24
neighbor next-hop-self command 11-3
network layer reachability information. See NLRI
network management subnet 1-12, A-2
management VPN technique 7-5
out-of-band technique 7-7
NLRI 1-21
NPC
Ring Topology 10-2
O
OSPF 3-25
area number on PE 3-27
connected routes, redistributing 3-26
process ID on CE 3-27
process ID on PE 3-26
out-of-band technique 7-5, 7-7
out-of-memory error C-4
P
PE
description of 1-18
export route map 3-35
import route map 3-36
and MPE 7-5
OSPF area number 3-27
OSPF process ID 3-26
PE-CE Link
creating a Service Policy 5-5
creating a Service Request 5-14
defining a VPN 5-3
PE-CE link
for management VPN 7-16
routing protocols for 3-16
security considerations 1-31
static route for IP unnumbered scheme 3-14
static route provisioning 3-18
PE-CLE
Ring Topology 10-2
pending state 4-3
PE-NoCE Link
creating a Service Policy 5-10
creating a Service Request 5-21
point-to-point address pool 3-14
Policy
Name 3-10
policy
owner 3-10
POS interface 3-13
primary IP address range 8-5
processing server 1-4, 1-12, A-2
provisioning
cable maintenance subinterface 8-6
Provisioning.Service.mpls.saveDebugData property C-5
Provisioning driver (ProvDrv) C-1
R
RD
allocate new RD 3-36
description of 1-24
in hub-and-spoke environments 1-26
overwriting default RD value 3-36
role in routing separation 1-27
redistribute connected 3-22, 3-25, 3-29, 3-33
redistribute connected command 11-5
redistribute connected subnets command 11-4
redistribution of IP routes 3-16
redistribution of routing information 3-20
regions
IP address pools 3-15
related documentation xxvi
requested state 4-4
Ring Topology 10-1
configuring Ring Topology 10-4
NPC 10-2
PE-CLE 10-2
RIP
default route to CE 3-19
giving only default routes to CE 3-19
hop counts 3-20
metrics 3-20
redistributing connected routes 3-19
redistributing OSPF routes to a PE 3-22, 3-25, 3-29
redistributing static routes 3-19
route provisioning 3-19
route distinguisher 3-36
route map
export 3-35
import 3-36
routers
access algorithm 4-4
redistribute connected 3-22, 3-25, 3-29, 3-33
redistribution 3-20
routing context table 1-32
SA Agent, enabling for jitter probes A-7
SSH, setting up A-3
VRF forwarding table 1-32
Routes to Reach Other Sites 4-14
route-target communities 1-25
routing context table 1-32
routing protocols
defining for PE-CE link 3-16
redistribute connected 3-22, 3-25, 3-29, 3-33
redistribution 3-20
securing 1-29
routing separation 1-27
RT
description of 1-24
entering RT values in CERC definition 3-7
rtr responder, enabling A-7
S
SA Agent
enabling on edge devices for jitter probes A-7
secondary IP address range 8-5
Secure Shell. See SSH A-2
security considerations
address space and routing separation 1-27
connectivity between VPNs 1-32
denial-of-service attack 1-29
hiding the MPLS core structure 1-28
intrusion attack 1-29
label spoofing 1-31
PE-CE link 1-31
security level in SNMPv3 A-5
security model in SNMPv3 A-5
security requirements for MPLS VPNs 1-27
servers
status of C-3
wdclient status command C-3
multi-VRF CE
in service provider network 1-12
service module C-2
CERC membership 3-37
editable attributes 3-8
editor 3-8
entering values 3-8
interface attributes 3-10
VRF and VPN information 3-35
service requests
defining 4-6, 4-15, 4-24, 7-9, 8-6, 8-11
deploying 4-30
RD value, overwriting 3-36
states 4-2
templates, enabling 3-36
VRF name, overwriting 3-36
shadow CE
and Management PE 7-5
site of origin 4-4
SNMP
rtr responder, enabling A-7
security level A-5
security model A-5
setting SNMP community strings on routers A-4
version 3 configuration A-5
SNMPv3
object characteristics A-6
spoke route target 3-5
SSH
generate crypto keys for A-4
setting up on routers A-3
state
closed 4-2
deployed 4-2
failed audit 4-3
failed deploy 4-3
invalid 4-3
lost 4-3
pending 4-3
requested 4-4
states of service requests 4-2
static route provisioning 3-18
created for IP unnumbered link 3-14
default information originate option 3-18
giving default routes to CE 3-18
redistributing connected routes 3-18, 3-23, 3-30, 3-33, 3-35
static routing protocols 4-12
subinterface numbers, how chosen by VPNSC 8-5
T
task does not execute C-3
templates
enabling for service policy 3-36
terminal server
Telnet sessions, setting appropriate number A-8
TFTP
setting ISC workstation as TFTP server A-10
using instead of Telnet A-8
time zones
supported A-8
troubleshooting
file descriptor limit, fixing problem with A-3
U
unmanaged CEs 7-1
unmanaged MVRFCE
overview 2-1
select management type 2-15
unnumbered IP addresses 3-14
V
VLAN
ID, automatically set by ISC 3-13
VLAN ID pool and access domain C-5
VPN
auto-pick route target values 3-7
route label 11-6
VPN-IPv4 address 1-27, 3-36, 11-11
VPN route forwarding table. See VRF
VPN route label 11-6
VPNs
creating 3-1
multicast routing 3-4
VRF 1-21
configuration commands 1-24
description 3-36
elements of 1-22
export route map, defining name of 3-35
implementation considerations 1-23
import route map, defining name of 3-36
maximum routes in 3-36
naming convention 1-22
overwriting VRF name 3-36
and route-target communities 1-25
and routing separation 1-27
subinterface associated with 8-5
VRF forwarding table 1-32
W
Wait Deployed state C-3
WAN interfaces
loopback, using existing loopback number 3-15
wdclient command C-3