A TE Tunnel Per VRF

Rather than taking advantage of MPLS's LSP hierarchy, some people want to build a TE LSP per VPN between a pair of CEs. In other words, rather than letting all VPN traffic between gsr1 and gsr8 share the same tunnel, they want each VPN to have its own LSP.

A TE tunnel per VRF is often not a good idea. If you have more traffic between gsr1 and gsr8 than you can fit in a single LSP (such as if you want to make a 200 Mb reservation and you have two OC-3s between gsr1 and gsr8), build two TE LSPs. But the idea here is that TE LSPs transport core traffic; they're not really for per-user traffic. Also, besides scaling horribly, a per-VPN LSP makes little to no sense. What does it buy you? Yes, each customer is in its own TE LSP, but so what? That's like building a network to carry OC-3s by laying dozens of strands of dark fiber, each carrying its own OC-3, rather than grooming 64 OC-3s into a single OC-192. Hierarchy is good. Use it.

On the other hand, there might be the occasional legitimate reason to have separate TE tunnels for services between the same pair of routers. For example, if you want to offer strict QoS guarantees for a VPN service, it might be easier to do this with multiple TE tunnels. Just make sure that before you start provisioning TE tunnels on a per-service basis, you have both a justification for doing so and a handle on the scalability aspects.

Was this article helpful?

0 0

Post a comment