Summary

This chapter looked at different feature sets required to efficiently deploy a wholesale VPN over MPLS. First, the chapter described how dynamic VRF selection is a way to map subscribers to their VRF by using their domain name, their source IP address, or their name.

Then the chapter looked at how to provide a proxy RADIUS service in an MPLS-VPN environment. Existing architectures do not work because wholesale and retail AAA servers are in different address spaces. There are two different solutions available: Either create a separate VRF for all the AAA servers or use Per-VRF AAA. Per-VRF has several different possible configuration options: using AAA method_lists or the template command. Also, you can centralize part of the Per-VRF AAA server information in RADIUS.

Finally, this chapter looked at the challenge of efficient address assignment and route summarization. ODAP was developed specifically for access VPN situations and provides a way to assign IP pools to client routers. The routers can request additional address space or return addresses, depending on the situation. ODAP pools are automatically added to the routing tables, which allow subscriber subnet summarization.