-
Cisco IP Solution Center MPLS VPN User Guide, 4.1
-
Index
-
Preface
-
Getting Started
-
Provisioning Unmanaged Multi-VRF CE
-
Creating Resource Pools
-
Defining VPNs and CERCs
-
MPLS VPN Service Policies
-
MPLS VPN Service Requests
-
Provisioning Regular PE-CE Links
-
Provisioning MVRFCE PE-CE Links
-
Provisioning Management VPN
-
Provisioning Cable Services
-
Provisioning Carrier Supporting Carrier
-
Provisioning Multiple Devices
-
Spanning Multiple Autonomous Systems
-
Creating Custom MPLS Reports
-
IP Solution Center - MPLS VPN
-
Service Request Transition States
-
Troubleshooting MPLS VPN
-
FeedbackTable Of Contents
A - B - C - D - E - F - G - H - I - L - M - N - O - P - R - S - T - U - V - W -
Index
A
about IP addresses in Cisco ISC 5-7
access domain A-14
Access Domain Management 12-11
accessing MPLS reports 14-1
Access Port 12-11
ACLs
on the PE-CE link A-31
role in MPLS security A-30
adding
CLE service request 6-33
PE-CE Links to the Management VPN 9-16
adding a new customer CPE 2-5
adding a new provider PE 2-12
address space and routing separation A-27
address space separation A-27
advertised routes 6-16
allowas-in option 5-23
API
approach A-11
functionality supported A-11
assigning IP address
automatically 5-13
attacks, types of A-29
audience, for guide xi
auditing service requests 6-37
autonomous system (AS) number
number of occurrences in as path 5-23
autonomous systems, spanning 13-1
auto-pick route target values 4-7
B
backbone carrier
definition 11-1
backbone network
with a customer carrier ISP 11-1
with customer carrier BGP/MPLS VPN service provider 11-3
benefits of cable MPLS VPNs 10-1
allowas-in option 5-23
as number for CE's network 5-22
community attribute A-33
dampening A-30
neighbor allowas-in value 5-22
neighbor AS-override option 5-23
RDs and RTs A-24
redistribute connected routes 5-22
redistributing protocols into BGP 5-23
route-target communities A-25
security features A-33
BGP protocol chosen 5-21
Border Gateway Protocol. See BGP
broken state 6-2
business application A-1
C
cable MPLS VPN network 10-2
cable services
cable-CE, creating 10-6
CMTS 10-4
DOCSIS 10-4
maintenance subinterface, provisioning 10-6
MSO 10-4
primary IP address range 10-5
redistributing connected routes recommended 5-33
redistributing static routes 5-33
secondary IP address range 10-5
specifying no routing protocol 5-33
cable VPN
configuration overview 10-4
interfaces and subinterfaces 10-5
carrier supporting
carrier overview 11-1
carrier supporting carrier. See CSC.
CE
BGP as number for 5-22
cable-CE, creating 10-6
default routes to 5-15
description of A-12
extra loopback address 5-13
managed CE considerations 9-2
OSPF process ID 5-25
routing context table A-32
unmanaged CEs 9-1
CE interface information 5-12
CE present 5-8
CERC 5-40
auto-pick route target values 4-7
creating 4-6
full mesh A-26
overview A-25
route target values, entering 4-7
CERC not intialized C-5
CE Routing Communities A-25
closed state 6-2
CMTS 10-4
CNS 2100 Series Intelligence Engine
wait deployed state C-3
collect
configuration 2-8
common provisioning issues C-2
confederation 13-8
configuration audit 6-38
how to perform 6-38
where to find 6-38
why it could fail 6-39
configuration files
editing 6-39
security requirement A-32
viewing 6-39
Configuring ETTH 12-11
Configuring NPC Ring Topology 12-4
connected routes, redistributing 5-21, 5-24, 5-28, 5-32
connectivity between VPNs A-32
creating
cable link service request 10-11
cable subinterface service request 10-6
ce routing communities 4-6
CPE 2-11
customer 2-10
customer, site, and cpe 2-10
device 2-6
device group 2-14
IP address pool 3-2
IP multicast VPN 4-3
MCE Service Request 9-9
MPLS service policy for PE-to-CE link 5-7
MPLS VPN 4-1
MPLS VPN in ISC 5-1
MPLS VPN MVRFCE PE-CE Service Policies 8-6
MPLS VPN MVRFCE PE-CE Service Requests 8-18
MPLS VPN PE-CE Service Policies 7-5
MPLS VPN PE-CE Service Requests 7-14
multicast pool 3-4
multi-VRF service request 6-17
MVRFCE PE-CE Service Policy 8-6
MVRFCE PE-CE Service Request 8-18
MVRFCE PE-CE service request 6-17
MVRFCE PE-NoCE Service Request 8-27
PE-CE Service Policy 7-6
PE-CE Service Request 7-14
PE-CE service request 6-6
PE-NoCE Service Policy 7-10, 8-12
PE-NoCE Service Request 7-21
PE-only service request 6-26
provider and a PE 2-14
region for the PE 2-14
route distinguisher pool 3-6
route target pool 3-7
service policies 5-6
site 2-10
site of origin pool 3-9
VC ID pool 3-11
VLAN pool 3-13
Creating a Ring of Three PE-CLE 12-2
creating custom reports 14-6
CSC
creating service request 11-5
defining a service policy 5-15, 5-16, 5-18, 5-22, 5-25, 5-29, 5-33
defining service policy 11-5
definition 11-1
using MPLS 11-2
CSC support 5-15
customer carrier
as BGP/MPLS service provider 11-3
definition 11-1
customer view A-16
D
dampening A-30
Data Over Cable Service Interface Specifications. See DOCSIS
default information originate option 5-17
default routes 5-18
default routes to CE 5-15
defining
CE as an MCE 9-8
CSC service policy 11-5
MVRFCE PE-CE service policy 5-34
Defining a VPN for the MVRFCE PE-CE Link 8-4
Defining a VPN for the PE-CE Link 7-3
defining the service policy VRF and VPN information 5-39
denial-of-service attack A-29
deployed state 6-2
deploying service requests 6-33
device access algorithm 6-4
Device Configuration Service (DCS) C-1
DOCSIS 10-4
documentation xiii
document organization xi
download order for devices, specifying C-6
E
EBGP 5-21
edge device routers
access algorithm 6-4
editable attributes 5-6
editing
configuration files 6-39
PE with ISC GUI 2-15
EIGRP 5-28
metrics 5-30
protocol chosen 5-28
encapsulations for each interface type 5-10
ensuring VPN isolation A-34
Ethernet-To-The-Home 12-9
ETTH Overview 12-9
exchanging VPN routing information 13-4
export route map
defining name of 5-39
extra CE loopback required 5-13
extranets A-22
F
failed deploy state 6-3
frame relay
IETF encapsulation 5-11
frequently asked questions C-5
full mesh considerations A-26
full mesh topology A-26
definition A-25
functional audit 6-37
how to perform 6-37
where to find 6-37
why it could fail 6-38
functional state 6-3
G
gateway of last resort 5-18
general troubleshooting guidelines C-2
Generic Transport Library (GTL) C-1
getting started 1-1
creating CERCs 1-3
creating customer sites 1-2
creating PEs 1-2
creating provider 1-2
creating region 1-2
creating VPNs 1-3
customer information 1-2
devices 1-2
license 1-1
populating ISC 1-1
provider information 1-2
resource information 1-3
resource pools 1-3
route distinguisher pool 1-3
route target pool 1-3
giving only default routes to CE 5-15
H
hiding MPLS core structure A-28
hub and spoke considerations A-26
hub-and-spoke topology A-26
definition A-25
hub route target 5-5
I
IBGP 5-21
IGMP with MVR 12-11
IGP route label 13-6
implementation techniques 9-4
import route map
defining name of 5-39
in-band connection 9-4
inter-autonomous systems
benefits 13-2
confederation 13-8
IGP route label 13-6
neighbor next-hop-self command 13-3
overview 13-1
redistribute connected command 13-5
redistribute connected subnets command 13-4
routing between AS's' 13-2
VPN route label 13-6
interfaces
cable maintenance subinterface, provisioning 10-6
encapsulations available 5-10
IP numbered 5-13
loopback, using existing number 5-14
subinterface numbers, how chosen by VPNSC 10-5
supported interfaces 5-9
Internet Service Provider. See ISP
intranets A-22
Intranets and Extranets A-22
intrusion attack A-29
invalid state 6-3
inventory and connection manager 5-2
IP address
keeping IP addresses on CE and PE intact C-6
IP addresses 5-7
automatically assigned 5-13
IP numbered with extra CE loopback 5-13
and network security A-34
numbered 5-13
primary IP address range 10-5
secondary IP address range 10-5
unnumbered 5-13
VPN-IPV4 address 5-40
VPN-IPv4 address A-27
in VPNs A-13
IP address pool 5-13
IP address pool, create a 3-2
IP address pools
and automatically assigned addresses 5-13
and regions 5-13
on the PE-CE link 5-7
IP numbering scheme 5-12
IP Solution Center
collection server A-12
network management subnet A-12
processing server A-12
servers, status of C-3
ip solution center
device access algorithm 6-4
IP Solution Center Overview A-1
IPv4 BGP label distribution 11-4
ISC configuration options 11-4
ISC ETTH Implementation 12-11
ISP 10-5
secondary IP address range 10-5
issues regarding access to VPNs 9-4
L
LDP/IGP 11-4
LDP Authentication A-32
LDP authentication A-32
load balancing A-5
loopback
extra loopback address on CE 5-13
interface number, using existing 5-14
and ip unnumbered addressing scheme 5-13
SR ID not included 5-14
loopback address missing C-6
lost state 6-3
M
managed CE
considerations 9-2
Managed Customer Edge Routers 9-2
Management CE (MCE) 9-4
Management PE (MPE) 9-5
management route map 9-6
Management VPN 9-5
and export route map 5-39
in cable network 10-4
and management route map 9-6
PE-CE links, provisioning 9-16
redistribute connected routes required 5-17
topology 9-5
maximum number of routes into VRF 5-40
monitoring
task logs 2-10
monitoring service requests 6-35
MP-BGP Security Features A-33
MPE 9-5
and shadow CE 9-5
MPLS PE service report 14-3
filter values 14-3
output values 14-3
MPLS reports
accessing 14-1
creating custom 14-6
overview 14-1
running 14-4
MPLS Service Activation 1-1
MPLS service activation 1-1
MPLS service request report 14-5
filter values 14-5
output filters 14-5
MPLS services
provisioning workflow C-1
MPLS VPN A-20
MPLS VPN MVRFCE PE-CE Link Overview 8-1
MPLS VPN PE-CE Link Overview 7-1
MPLS VPN Provisioning Workflow C-1
MPLS VPNS
routing protocols 5-15
MPLS VPNs A-20
address space separation A-27
CERCs in A-25
characteristics A-21
connectivity between A-32
default routes to CE 5-15
extranets A-22
implementation techniques 9-4
in-band connection 9-4
intranets A-22
management VPN 9-5
multiple VPNS merged into a single VPN A-33
out-of-band VPN 9-5
principal technologies A-21
route-target communities A-25
routing separation A-27
service requests, defining 6-26, 9-9, 10-6, 10-11
VRF forwarding table A-32
MPLS VPN Security A-27
MPLS VPN Solution
security requirements A-27
MPLS VPN topology example 6-5
MSO
domain 10-4
primary IP address range 10-5
multicast
data MDT size 5-4
data MDT threshold 5-4
enabling 5-4
multicast domain (MD) 5-4, 6-4
multicast pool, create a 3-4
multiple VPNS merged into a single VPN A-33
Multi-VPN routing and forwarding tables 2-1
multi-VRF
example 6-5
overview 6-17
Multi-VRF CE A-18
data path A-19
description of A-18
switch supported for A-18
unlike a CE A-19
MVRF 2-1
MVRFCE CE Information 8-32
MVRFCE PE-CE
policy type 2-4
MVRFCE PE-CE Link
creating a Service Policy 8-6
creating a Service Request 8-18
defining a VPN 8-4
overview 8-1
MVRFCE PE-CE link
creating a service policy 5-34
MVRFCE PE-NoCE Link
creating a Service Policy 8-12
creating a Service Request 8-27
N
NBI Benefits A-11
neighbor allowas-in value 5-22
neighbor AS-override option 5-23
neighbor next-hop-self command 13-3
network devices
how ISC accesses 6-4
network inventory 2-2
network layer reachability information. See NLRI
network management subnet A-12
management VPN technique 9-5
out-of-band technique 9-7
Network Management Subnets 9-3
NLRI A-21
none chosen
cable services 5-33
North Bound Interface (NBI) A-10
NPC
Ring Topology 12-2
NPC Ring Topology 12-1
O
OSPF 5-24
area number on PE 5-26
connected routes, redistributing 5-25
process ID on CE 5-25
process ID on PE 5-25
OSPF protocol chosen 5-24
Out-of-Band Technique 9-7
out-of-band technique 9-5, 9-7
out-of-memory error C-4
overview
access domain 2-16
ISC customer 2-5
ISC management network 9-1
ISC provider 2-13
of MPLS VPN cable 10-1
resource pools 3-1
overview of service requests 6-1
P
PE
description of A-18
export route map 5-39
import route map 5-39
and MPE 9-5
OSPF area number 5-26
OSPF process ID 5-25
PE-CE
example 6-5
PE-CE Interface A-31
PE-CE Link
creating a Service Policy 7-5
creating a Service Request 7-14
defining a VPN 7-3
PE-CE link
for management VPN 9-16
routing protocols for 5-15
security considerations A-31
static route for IP unnumbered scheme 5-13
static route provisioning 5-16
PE-CE Service Policy Overview 7-5
PE-CLE
Ring Topology 12-2
pe interface information 5-9
pending state 6-3
PE-NoCE Link
creating a Service Policy 7-10
creating a Service Request 7-21
PE-only
example 6-5
point-to-point address pool 5-13
policy
name 5-8
owner 5-8
Policy for Residential Services Over Shared VLAN 12-16
pos interface 5-11
primary IP address range 10-5
process overview 2-2
provider edge routers A-18
Provider View A-17
provisioning
cable maintenance subinterface 10-6
Provisioning.Service.mpls.saveDebugData property C-5
provisioning a CSC service request 11-5
provisioning a management CE in ISC 9-7
provisioning cable services in ISC 10-6
Provisioning driver (ProvDrv) C-1
PVLAN or Protected Port 12-11
R
RD
allocate new RD 5-40
description of A-24
in hub-and-spoke environments A-26
overwriting default RD value 5-40
role in routing separation A-27
redistribute connected 5-21, 5-24, 5-28, 5-32
redistribute connected command 13-5
redistribute connected subnets command 13-4
redistribution of IP routes 5-15
redistribution of routing information 5-19
regions
ip address pools 5-13
related documentation xiii
reports 14-1
requested state 6-3
Residential Service 12-15
resistance to attacks A-28
Ring Topology 12-1
configuring Ring Topology 12-4
NPC 12-2
PE-CLE 12-2
Ring Topology Overview 12-1
RIP
default route to CE 5-18
giving only default routes to CE 5-18
hop counts 5-19
metrics 5-19
redistributing connected routes 5-18
redistributing OSPF routes to a PE 5-21, 5-24, 5-28
redistributing static routes 5-18
route provisioning 5-18
RIP protocol chosen 5-17
Role-Based Access Control (RBAC) A-10
route distinguisher 5-40
route distinguisher pool 1-3
route distinguisher pool, create a 3-6
route distinguishers and route targets A-24
route map
export 5-39
import 5-39
routers
access algorithm 6-4
redistribute connected 5-21, 5-24, 5-28, 5-32
redistribution 5-19
routing context table A-32
VRF forwarding table A-32
routes to reach other sites 6-16
route target communities A-25
route-target communities A-25
route target pool 1-3
route target pool, create a 3-7
routing
authentication A-32
separation A-27
routing between autonomous systems 13-2
routing between subautonomous systems in a confederation 13-8
routing context table A-32
routing protocols
defining for PE-CE link 5-15
redistribute connected 5-21, 5-24, 5-28, 5-32
redistribution 5-19
securing A-29
routing separation A-27
RT
description of A-24
entering RT values in CERC definition 4-7
S
secondary IP address range 10-5
securing
MPLS core A-31
routing protocol A-29
security considerations
address space and routing separation A-27
connectivity between VPNs A-32
denial-of-service attack A-29
hiding the MPLS core structure A-28
intrusion attack A-29
label spoofing A-31
PE-CE link A-31
security requirements for MPLS VPNs A-27
security through IP address resolution A-34
separation of CE-PE Links A-32
servers
status of C-3
wdclient status command C-3
multi-VRF CE
in service provider network A-12
service audit A-19
service enhancements 6-4
service module C-2
service operator 5-6
CERC membership 5-40
editable attributes 5-6
editor 5-6
entering values 5-6
interface attributes 5-8
overview 5-1
VRF and VPN information 5-39
service provider network A-12
service request 2-4
states 6-2
transition states 6-1
service requests 12-17
defining 6-26, 9-9, 10-6, 10-11
deploying 6-33
RD value, overwriting 5-40
service policy 5-6
templates, enabling 5-40
VRF name, overwriting 5-40
shadow CE
and Management PE 9-5
site of origin 6-4
site of origin pool, create a 3-9
specifying
IP address scheme 5-12
PE and CE interface parameters 5-8
routing protocol for a service 5-15
spoke route target 5-5
state
broken 6-2
closed 6-2
deployed 6-2
failed audit 6-3
failed deploy 6-3
functional 6-3
invalid 6-3
lost 6-3
pending 6-3
requested 6-3
wait deployed 6-3
states of service requests 6-2
static protocol chosen 5-16
static route provisioning 5-16
created for IP unnumbered link 5-13
default information originate option 5-17
giving default routes to CE 5-16
redistributing connected routes 5-17, 5-22, 5-29, 5-32, 5-33
static routing protocols 6-14
subinterface numbers, how chosen by VPNSC 10-5
system
architecture A-2
features A-7
T
task does not execute C-3
template manager A-9
templates
enabling for service policy 5-40
terms defined C-2
troubleshooting
IPsec Mapping into MPLS C-6
MPLS VPN and Layer 2 VPN C-4
trusted devices A-31
U
UNI security information 5-11
unmanaged CEs 9-1
unmanaged customer edge routers 9-1
unmanaged MVRFCE
overview 2-1
select management type 2-12
unnumbered IP addresses 5-13
using existing loopback interface number 5-14
using ISC to span multiple autonomous systems 13-10
V
vc id pool, create a 3-11
VLAN
ID, automatically set by ISC 5-11
VLAN ID pool and access domain C-5
vlan pool, create a 3-13
VPN
auto-pick route target values 4-7
route label 13-6
VPN-IPV4 address 5-40
VPN Profile A-16
VPN route forwarding table. See VRF
VPN route label 13-6
VPN Routing and Forwarding Tables A-22
VPNs
creating 5-1
issues regarding access to 9-4
multicast routing 5-4
VRF A-21
configuration commands A-24
Description 5-40
elements of A-22
export route map, defining name of 5-39
implementation A-23
implementation considerations A-23
import route map, defining name of 5-39
instance A-24
maximum routes in 5-40
naming convention A-22
overwriting VRF name 5-40
and route-target communities A-25
and routing separation A-27
subinterface associated with 10-5
VRF forwarding table A-32
W
wan interfaces
loopback, using existing loopback number 5-14
wdclient command C-3