Team LiB
Previous Section Next Section

Chapter 7. Implementing Network-Based Access VPNs Without MPLS

In this chapter, you learn about the following topics:

  • Introduction to Virtual Routers

  • Implementing Virtual Routing with Cisco IOS

  • Using Tunnels to Build Network-Based IP VPN

  • Using GRE for IP VPN

  • Using IPSec for IP VPN

  • Routing Between VRF-Lite PEs

Up to this point in the book, only MPLS has been offered as a way to run network-based VPN services from provider edge (as opposed to customer premises) routers. However, not all networks in the world run MPLS. The IPSec and GRE VPNs discussed in Chapter 3, "VPNs in Broadband Networks," are all initiated from the customer premises. (Thus, they are CPE VPNs according to the taxonomy.) Using CPE VPNs is a perfectly valid and heavily deployed solution, but it is not the only option.

From a purely implementation perspective, a fundamental requirement of IP VPNs is to support overlapping IP addresses, but Cisco IOS crypto maps and tunnel subinterfaces did not allow this by themselves. By combining IP tunnels with the private routing tables added to Cisco IOS for MPLS-VPN services, you can have a network-based VPN service over an IP core, which is the subject of this chapter.

The chapter starts by introducing the concept of virtual routers (VRs) as a vehicle to provide services to end users. Virtual routers were first implemented on specialized broadband devices, on which they are still used. There is some work being done at the standards bodies regarding building IP VPNs using VR architectures. Although Cisco IOS does not support true VRs, VRF-Lite covers most, but not all, of what you can do with VRs.

Chapter 1, "Introduction: Broadband Access and Virtual Private Networks," discussed several VPN frameworks, such as RFC 2547bis and RFC 2764. In Chapter 5, "Introduction to MPLS-Based Access VPN Architectures," you looked at the peer-to-peer model and how it is applied to broadband networks. Now it is time to revisit the overlay model so that you understand more about this alternative topology and how it applies to broadband access. This chapter covers how to interconnect VRFs (and VRs) using tunnels. It does not introduce any new architecture concepts.

Although point-to-point tunnels have their disadvantages (but also advantages), they are certainly used in operational networks. So, you look at some implementations of point-to-point tunnels. First, you look at a GRE solution, with some detailed examples of routing across IP tunnels in an overlay network. Then, you look at an IPSec approach for both remote-access and site-to-site topologies.

The examples throughout the book are extracts from the complete configurations. The full configurations I used are posted on the Cisco Press website and are available for download on http://www.ciscopress.com/1587051362.

    Team LiB
    Previous Section Next Section