The output shown in Example 2-68 is a debug of DHCP activity on the San Jose PE router when a client on the Palo Alto LAN requests a DHCP address. The first section shows the DHCP Discover being received with the giaddr initially being set to 10.6.1.1 (the incoming interface address). The Option 82 information is added, and the giaddr is then overwritten with the outgoing global interface address on the San Jose PE router (the interface that is used to reach the DHCP server).
The next sections show the BOOTREPLY from the DHCP server (containing the DHCP Offer), followed by the DHCP Request from the client and then another BOOTREPLY (containing the DHCP Ack).
Example 2-68. VPN-Aware DHCP Relay Debug Output
DHCPD: DHCPDISCOVER received from client 0100.0347.bb2f.12 on interface ATM2/0.1.
DHCPD: there is no address pool for 10.6.1.1.
DHCPD: setting giaddr to 10.6.1.1.
DHCPD: adding relay information option.
DHCPD: VPN id =ACDE48:27
DHCPD: Selected subnet=10.6.1.0 DHCPD: Server-id-override=10.6.1.1 DHCPD: giaddr changed to 194.22.15.17
DHCPD: BOOTREQUEST from 0100.0347.bb2f.12 forwarded to 194.22.16.3.
DHCPD: forwarding BOOTREPLY to client 0003.47bb.2f12.
DHCPD: Vrf name from sub-option = EuroBank DHCPD: Forwarding reply on numbered intf
DHCPD: creating ARP entry (10.6.1.2, 0003.47bb.2f12).
DHCPD: unicasting BOOTREPLY to client 0003.47bb.2f12 (10.6.1.2).
DHCPD: DHCPREQUEST received from client 0100.0347.bb2f.12.
DHCPD: setting giaddr to 10.6.1.1.
DHCPD: adding relay information option.
DHCPD: VPN id =ACDE48:27
DHCPD: Selected subnet=10.6.1.0 DHCPD: Server-id-override=10.6.1.1
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced DHCPD: giaddr changed to 192.22.15.17
DHCPD: BOOTREQUEST from 0100.0347.bb2f.12 forwarded to 192.22.16.3.
DHCPD: forwarding BOOTREPLY to client 0003.47bb.2f12.
DHCPD: Vrf name from sub-option = EuroBank DHCPD: Forwarding reply on numbered intf
DHCPD: creating ARP entry (10.6.1.2, 0003.47bb.2f12).
DHCPD: unicasting BOOTREPLY to client 0003.47bb.2f12 (10.6.1.2).
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced
Summary
Remote access to an MPLS VPN supports many different access technologies. These include PSTN and ISDN dial-in and dial-out, all DSL encapsulation modes, and cable access using a DOCSIS-1.0 compliant network. By centralizing configuration and addressing functions on service provider or customer AAA/DHCP servers, a highly scalable remote access solution can be built. In addition, many features have been introduced or enhanced in Cisco IOS to provide VRF-aware support, including ODAPs, per-VRF AAA, DHCP Relay—VPN Support, and VPN-ID among others. The use of these features and the architectures described throughout this chapter allows a service provider to build a single remote access infrastructure that many customers can share. Remote access to an MPLS VPN allows a customer to obviate the need to build, manage, and maintain his own remote access infrastructure, lowering costs and improving coverage. Service providers can generate new revenue streams by assuming responsibility of remote access provisioning on behalf of the customer.
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced