Cisco 10000-2P2-2DC Software Guide - Page 89
PPP over Ethernet to MPLS VPN, ip:vrf-id, ip:ip-unnumbered, lcp:interface-config
View all Cisco 10000-2P2-2DC manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 89 highlights
Chapter 3 Configuring Remote Access to MPLS VPN Access Technologies 4. The VHG/PE router forwards accounting records to the service provider's proxy RADIUS server, which in turn logs the accounting records and forwards them to the appropriate customer RADIUS server. 5. The VHG/PE obtains an IP address for the CPE. The address is allocated from one of the following: • Local address pool • Service provider's RADIUS server, which either specifies the address pool or directly provides the address • Service provider's DHCP server 6. The CPE is now connected to the customer VPN. Packets can flow to and from the remote user. Use virtual template interfaces to map sessions to VRFs. The Cisco 10000 series router can then scale to 32,000 sessions. In Cisco IOS Release 12.2(16)BX1 and later releases, when you map sessions to VRFs by using the RADIUS server, use the syntax ip:vrf-id or ip:ip-unnumbered. These vendor specific attributes (VSAs) enhance the scalability of per-user configurations because a new full virtual access interface is not required. For more information, see the "Enhancing Scalability of Per-User Configurations" section on page 2-17. Note In releases earlier than Cisco IOS Release 12.2(16)BX1, to map sessions to VRFs by using the RADIUS server, use the syntax lcp:interface-config. This configuration forces the Cisco 10000 series router to use full access virtual interfaces, which decreases scaling. We recommend that you do not use this configuration. Upgrading to Cisco IOS Release 12.2(16)BX1 or later eliminates this restriction. PPP over Ethernet to MPLS VPN The Cisco 10000 series router supports a PPP over Ethernet (PPPoE) connection to an MPLS VPN architecture. In this model, when a remote user attempts to establish a connection with a corporate network, a PPPoE session is initiated and is terminated on the service provider's virtual home gateway (VHG) or provider edge (PE) router. All remote hosts connected to a particular CE router must be part of the VPN to which the CE router is connected. The PPPoE to MPLS VPN architecture is a flexible architecture with the following characteristics: • A remote host can create multiple concurrent PPPoE sessions, each to a different VPN. • If multiple remote hosts exist behind the same CE router, each remote host can log in to a different VPN. • Any remote host can log in to any VPN at any time because each VHG or PE router has the VRFs for all possible VPNs pre-instantiated on it. This configuration requires that the VRF be applied through the RADIUS server, which can cause scalability issues (see the following note). Use virtual template interfaces to map sessions to VRFs. The Cisco 10000 series router can then scale to 32,000 sessions. In Cisco IOS Release 12.2(16)BX1 and later releases, when you map sessions to VRFs by using the RADIUS server, use the syntax ip:vrf-id or ip:ip-unnumbered. These vendor specific attributes (VSAs) enhance the scalability of per-user configurations because a new full virtual access interface is not required. For more information, see the "Enhancing Scalability of Per-User Configurations" section on page 2-17. OL-2226-23 Cisco 10000 Series Router Software Configuration Guide 3-5