Ip Vpn Lite - Avaya 8800 Planning And Engineering, Network Design

IP VPN Lite

With Avaya IP VPN-Lite, the Avaya Ethernet Routing Switch 8800/8600 can provide a framework for
delivering RFC4364 IP VPNs over an IP backbone, rather than over MPLS.
In terms of Data Plane packet forwarding across the same backplane, RFC 4364 defines an
implementation based on MPLS where the backbone must be MPLS capable and a full mesh of
MPLS Label Switched Paths (LSPs) must already be in place between the PE nodes.
While still leveraging the same identical RFC 4364 framework at the control plane level, Avaya IP
VPN-Lite delivers the same IP VPN capabilities over a IP routed backbone using simple IP in IP
encapsulation with no requirement for MPLS and the complexities involved with running and
maintaining an MPLS backbone.
With IP VPN-Lite a second Circuitless IP (CLIP) address is configured on the PE nodes (in the
Backbone GRT and re-advertised across the Backbone by the IGP). This second CLIP address is
used to provide address space for the outer header of IP-in-IP encapsulation for all IP VPNs packets
terminating to and originating from the PE. This second Circuitless address is therefore ideally
configured as a network route (in other words, not as a 32 bit mask host route) with enough address
space to accommodate every VRF configured on the PE. A 24 bit mask provides sufficient address
space for 252 VRFs. Furthermore, as these networks only need to be routed within the provider
backbone and no further, public address space can be used. When this second CLIP address is
configured it must also be enabled for IP VPN services.
With Avaya IP VPN-Lite, the RD is now used to convey one extra piece of information over and
above its intended use within the RFC 4364 framework. In the RFC, the only purpose of the RD is to
ensure that identical IPv4 routes from different customers are rendered unique so that BGP can
treat them as separate VPN-IPv4 routes. With IP VPN-Lite, the RD is now also used to advertise to
remote PE devices what IP address needs to be used as the outer IP-in-IP encapsulation when
those remote PE devices need to deliver a customer packet over the IP VPN back to the PE node
which owns the destination route to which the packet is addressed.
Therefore, when configuring RD for IP VPN-Lite, the RD must always be configured as Type 1
format (IPaddress:number), and the IP address configured in the RD must allocate one host IP
address defined by the second CLIP interface for each VRF on the PE. Again, the RD must still be
configured to ensure that no other VRF on any other PE has the same RD.
In the following figure, the second CLIP interface is configured as a private address, with a 24 bit
mask, where the third octet identifies the PE node-id and the fourth octet (the host portion) defines
the VRF on that PE node. The number following the IP address is then simply allocated to uniquely
identify the VPN-ID.
June 2016 Planning and Engineering — Network Design
Comments on this document? infodev@avaya.com
IP VPN Lite
245