Chapter 6. Wholesale MPLS-VPN Related Service Features

In this chapter, you learn about the following topics:

• Dynamic VRF Selection Using PPP, DHCP, and Other Methods

• Deploying Proxy RADIUS for MPLS-VPN Architectures, Using Per-VRF AAA and Per-VRF Phase II

• Managing Dynamic Address Assignment for VRFs, Using Local Pools and ODAP

Wholesale VPN providers have a specific set of operational requirements. They must be able to apply policy to subscribers with whom they cannot explicitly interact, and they must respect the private nature of VPN traffic. Many sophisticated features have evolved over the years to serve the needs of this particular category of providers. This chapter deals with the implementation of the most significant of the features in the context of MPLS and looks at them as comprising a toolkit that gives you a variety of ways to deploy the features in your network.

The chapter starts by reviewing the whole issue of binding: how to dynamically put a subscriber in the right VPN and how to know which VPN subscriber belongs to which VPN. RADIUS is a good, widely deployed option for PPP architectures that can be used to map subscribers to VRFs. Dynamic Host Configuration Protocol (DHCP) offers another way to assign VRFs but is more limited than RADIUS. Finally, there are some point solutions that can be useful, depending on the application, such as policy-based routing.

The next topic is address management in a VRF context, first using RADIUS architectures, then at the DHCP equivalents that allow wholesale VPN providers to allocate addresses to their subscribers. Wholesale VPN providers all have some method for doing this today, so an MPLS-based solution should, as much as possible, use the same methods.