Routing

Expand all | Collapse all

Edge Router deployment using VRFs

Jump to Best Answer
  • 1.  Edge Router deployment using VRFs

    Posted 12-06-2018 13:29

    We are purchasing a pair of new Juniper edge routers to deploy to replace our Cisco ASRs.  Currently, our Cisco ASRs terminate our ISP BGP sessions to upstream providers and then peer via OSPF back into the core.  Directly connected routes and default route is then redistributed from the edge routers back into the MPLS MP-BGP core into our Internet_public vrf.  

     

    On the new deployment, we considered running MPLS up to the edge routers and extending the Internet public vrf to the edge routers.  We could peer BGP to upstream providers directly in the internet public vrf, but we don't want the full BGP tables residing on any routers except the edge routers.  (We are using QFX-5100s as PEs to terminate some customer gateways and could not handle full tables)

     

    Is there a way to filter out connected routes and default route to other PEs while keeping full BGP tables on the edge routers within the same VRF?

     

    Would it be better to create a VR to peer upstream providers to and then leak the connected and default route from the VR upstream BGP connections into the Internet public vrf?  

     

    Or is the best option to not take MPLS or MP-BGP to the edge routers and use OSPF to redistribute the BGP and connected routes from the Edge routers to the core like we are doing now?  

     

    Looking for some advise from some ISP admins.  Do you all run MPLS to the edge routers?  How do you filter out the full BGP tables from your core network?



  • 2.  RE: Edge Router deployment using VRFs

     
    Posted 12-06-2018 15:05

    I prefer your current model and that is how we are setup today as well.  I like the clean separation between the domains.

     

    I do use VR inside the edge physical routers to separate upstream providers and then another one to aggregate those feeds for connection downstream to the MPLS network.

     



  • 3.  RE: Edge Router deployment using VRFs
    Best Answer

    Posted 12-07-2018 00:41

    Hello,


    @beauharrington wrote:

     

    Would it be better to create a VR to peer upstream providers to and then leak the connected and default route from the VR upstream BGP connections into the Internet public vrf?  

     

     

     "Better" is relative and a very subjective word. The beauty is in the eye of the beholder 🙂

    If You foresee a requirement for hub-n-spoke VPN then go for MPLS L3VPNs  - it is difficult if not outright impossible to do hub-n-spoke in the global table.

     

     


    @beauharrington wrote:

     

    Or is the best option to not take MPLS or MP-BGP to the edge routers and use OSPF to redistribute the BGP and connected routes from the Edge routers to the core like we are doing now?  

     

    Looking for some advise from some ISP admins.  Do you all run MPLS to the edge routers?  How do you filter out the full BGP tables from your core network?


    I am not an ISP admin but I regularly see customers giving me design requirements either way.

    One relatively simple way to allow only 0/0 + handful of other subnets to the Edge PEs is to use MPLS L3VPNs with Route Target Filtering and structure Your Route Targets -  for example, internet routes have to use RT 4:1, 0/0 has RT 3:1 and connected subnets have RT 2:1. Then You enable "family route-target" everywhere and construct VRF policies to allow only 3:1 and 2:1 into Your edge PEs with limited RIB.

    HTH

    Thx

    Alex