MPLS and Next-Generation Networks: Foundations for NGN and Enterprise Virtualization

When building pseudowires across an AS boundary within a provider or across service providers, the PEs must have a directed LDP session to exchange labels for that pseudowire across the AS boundary. This means PE reachability is needed inside the AS; this could be considered a security issue. To prevent malicious access, service providers do not allow the building of sessions with a PE router in their domains from anyone outside their own domains. You must have PE reachability to build a contiguous pseudowire from one PE to another, so LDP signaling solution is not desirable from a security standpoint.

To overcome this problem, segmented pseudowires can be built between ASs. For example, one pseudowire can be built from the PE1 to ASBR1, another pseudowire can be built between ASBRs 1 and 2, and a third pseudowire can be built between the ASBR2 and the remote PE2, as shown in Figure 4-5.

Figure 4-5. Inter-AS Pseudowires

The segments are then stitched together at the ASBR routers to complete the end-to-end Layer 2 connection. This allows SPs to maintain their security while building pseudowires independently. The handshake at the ASBR boundary and stitching of pseudowires enables independent control of the respective autonomous systems domains while maintaining a pseudowire-specific SLA between providers.

Категории