Ppp over atm to mpls vpn – Cisco 10000 User Manual

Page 86

Advertising
background image

3-4

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 3 Configuring Remote Access to MPLS VPN

Access Technologies

Figure 3-3

shows the topology of an RBE to MPLS VPN solution.

Figure 3-3

RBE to MPLS VPN Topology

In the figure, the wholesale provider uses VPNs to separate the subscribers of different retail providers.
The subscribers are uniquely placed in VRFs on the access side. A tag interface separates traffic for the
different retail providers on the network side. The MPLS VPN technology is used to assign tags in a
VPN-aware manner.

PPP over ATM to MPLS VPN

The Cisco 10000 series router supports a PPP over ATM (PPPoA) connection to an MPLS VPN
architecture. In this model, when a remote user attempts to establish a connection with a corporate
network, a PPPoA session is initiated and is terminated on the service provider’s virtual home gateway
(VHG) or provider edge (PE) router. All remote hosts connected to a particular CE router must be part
of the same VPN to which the CE router is connected.

The following events occur when the remote user attempts to access the corporate network or ISP:

1.

A PPPoA session is initiated over the broadband access network.

2.

The VHG/PE router accepts and terminates the PPPoA session.

3.

The VHG/PE router obtains virtual access interface (VAI) configuration information.

a.

The VHG/PE obtains virtual template interface configuration information, which typically
includes virtual routing and forwarding (VRF) mapping for sessions.

b.

The VHG/PE sends a separate request to either the customer’s or service provider’s
RADIUS server for the VPN to authenticate the remote user.

c.

The VPN’s VRF instance was previously instantiated on the VHG or PE. The VPN’s VRF
contains a routing table and other information associated with a specific VPN.

Typically, the customer RADIUS server is located within the customer VPN. To ensure that
transactions between the VHG/PE router and the customer RADIUS server occur over routes within
the customer VPN, the VHG/PE router is assigned at least one IP address that is valid within
the VPN.

CPE

RFC 2684 bridged

format PDUs

Tag interface,
logically separated
into multiple VPNs

Provider 1

Provider 2

Provider n

ATM

access

network

VRF 1

VRF n

VRF 2

MPLS

network

76267

Retail

providers

Wholesale

provider

Subscribers

Advertising
Popular Brands
Popular manuals