MPLS and Next-Generation Networks: Foundations for NGN and Enterprise Virtualization
Remote access capability is not without challenges when it comes to scalability and network convergence time. First, in sizing the PE/VHG, you must note how many L2TP or IPSec connections the VHG/PE can terminate. This number helps you determine the number of remote access users that can use the PE. Second, you also must note that VHG might need to have all the VRFs configured because any given user from any VPN can dial in to any local POP. This implies that VPN information must be present at those POPs and PEs and VHGs must have the relevant VPN information for the user to be authenticated and mapped. One technique to improve scale is to partition the user space to dial/connect to specific PEs for their VPN access. This distributes the load between different PEs. For example, VPNs A through F could be mapped to VHG/PE1, and VPNs G through K could be mapped to VHG/PE2. Another important aspect to consider is the convergence of the remote access network. If dynamic routing protocols are used, a setup latency exists on the remote access connections due to the establishment of the tunnel's (PPP, IPSec, or L2TP) routing adjacency setup and exchange of routing information. Hence, static routing is commonly used for faster convergence. If the convergence takes a long time, the remote access user might terminate the remote access connection, thinking it has not connected, and try again. If the entries do not age out quickly on the VHG/PE, this can cause a buildup of aged entries and reduce the number of total accepted connections for a certain period of time. This causes unnecessary network churn and user dissatisfaction. |
Категории