Routing
Highlighted
Routing

Edge Router deployment using VRFs

2 weeks ago

We are purchasing a pair of new Juniper edge routers to deploy to replace our Cisco ASRs.  Currently, our Cisco ASRs terminate our ISP BGP sessions to upstream providers and then peer via OSPF back into the core.  Directly connected routes and default route is then redistributed from the edge routers back into the MPLS MP-BGP core into our Internet_public vrf.  

 

On the new deployment, we considered running MPLS up to the edge routers and extending the Internet public vrf to the edge routers.  We could peer BGP to upstream providers directly in the internet public vrf, but we don't want the full BGP tables residing on any routers except the edge routers.  (We are using QFX-5100s as PEs to terminate some customer gateways and could not handle full tables)

 

Is there a way to filter out connected routes and default route to other PEs while keeping full BGP tables on the edge routers within the same VRF?

 

Would it be better to create a VR to peer upstream providers to and then leak the connected and default route from the VR upstream BGP connections into the Internet public vrf?  

 

Or is the best option to not take MPLS or MP-BGP to the edge routers and use OSPF to redistribute the BGP and connected routes from the Edge routers to the core like we are doing now?  

 

Looking for some advise from some ISP admins.  Do you all run MPLS to the edge routers?  How do you filter out the full BGP tables from your core network?

2 REPLIES
Routing

Re: Edge Router deployment using VRFs

2 weeks ago

I prefer your current model and that is how we are setup today as well.  I like the clean separation between the domains.

 

I do use VR inside the edge physical routers to separate upstream providers and then another one to aggregate those feeds for connection downstream to the MPLS network.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Routing
Solution
Accepted by topic author beauharrington
2 weeks ago

Re: Edge Router deployment using VRFs

2 weeks ago

Hello,


@beauharrington wrote:

 

Would it be better to create a VR to peer upstream providers to and then leak the connected and default route from the VR upstream BGP connections into the Internet public vrf?  

 

 

 "Better" is relative and a very subjective word. The beauty is in the eye of the beholder :-)

If You foresee a requirement for hub-n-spoke VPN then go for MPLS L3VPNs  - it is difficult if not outright impossible to do hub-n-spoke in the global table.

 

 


@beauharrington wrote:

 

Or is the best option to not take MPLS or MP-BGP to the edge routers and use OSPF to redistribute the BGP and connected routes from the Edge routers to the core like we are doing now?  

 

Looking for some advise from some ISP admins.  Do you all run MPLS to the edge routers?  How do you filter out the full BGP tables from your core network?


I am not an ISP admin but I regularly see customers giving me design requirements either way.

One relatively simple way to allow only 0/0 + handful of other subnets to the Edge PEs is to use MPLS L3VPNs with Route Target Filtering and structure Your Route Targets -  for example, internet routes have to use RT 4:1, 0/0 has RT 3:1 and connected subnets have RT 2:1. Then You enable "family route-target" everywhere and construct VRF policies to allow only 3:1 and 2:1 into Your edge PEs with limited RIB.

HTH

Thx

Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !