Home > Articles > Networking

  • Print
  • + Share This
Like this article? We recommend

Potential Cross-Interactions

If a network's configuration is managed perfectly, and no error can ever be made by the operating personnel, using BGP to manage both the inter-domain routing and the new VPN functions may not be a bad idea. But the reality in networking is that BGP configurations need to be continuously updated to reflect the changing conditions in the Internet, and frequent changes invariably lead to errors and corrective measures. The new applications of BGP for functions unrelated to its original purpose—inter-domain routing—thus creates cross-interaction problems.

Operationally, the management of BGP and VPN would assume the combined complexity of both tasks. Let's examine a scenario in which a service provider needs to support MPLS VPN service through BGP. First, BGP must be implemented on all the edge routers, regardless of whether it's involved in inter-domain routing. Second, logical full mesh must be established among all the BGP speakers, regardless of whether they support VPN only, inter-domain routing only, or both. Third, policies must be configured on the routers that support inter-domain routing only to filter out the VPN specific routes, and for the routers that support VPN only to ignore the inter-domain routes. For routes supporting both, it's imperative to have the right policies in place, so that VPN routes are installed in the appropriate VPN forwarding tables and inter-domain routes are installed in the appropriate inter-domain table.

Suppose a misconfiguration of route policy caused a VPN-specific route to be installed into the inter-domain routing table, rather than the VPN forwarding table. The VPN will certainly not function, as the traffic cannot be forwarded. Further, since a wrong route is injected into the inter-domain routing system, this will disrupt the routing in the public Internet, traffic can be misrouted or black-holed, and routing loops may occur.

In a service provider, the management of inter-domain routing is the responsibility of the backbone network engineering team. On the other hand, the provisioning and management of VPN service is the responsibility of service operations. These two function teams are completely independent of each other and require different technical expertise. To have them both changing the same piece of critical infrastructure of the network—BGP—makes it difficult to coordinate, and will have negative impacts on the operations of both.

Is any advantage gained by overloading BGP to support MPLS-based VPNs? After all, it has been proposed by the IETF, and many leading vendors and service providers have jumped on the bandwagon. Perhaps the biggest advantage is the familiarity of BGP for service provider and vendors, and as long as BGP can do the job, why reinvent a different set of tools?

  • + Share This
  • 🔖 Save To Your Account