On 2/Sep/15 16:08, Jared Mauch wrote:
It’s really because some people who drink the MPLS/VPN/VRF/VLAN kook-aid think it’s some magic that undoes fate sharing and proper engineering and planning. That a few bytes for a label of VLAN tag make your data more secure.
It’s possible to build a network that works without all these vendor pushed tricks. I see where Roland is trying to go and he’s in the “magic byte” realm of the extra label makes it “OOB” where as the rest of us just see 1’s and 0’s on the wire and know a bit is a bit regardless of tag-switching (the original name for MPLS) or IEEE 802.1q label. I’m sure there are people still doing ISL but i’d rather not.
There was a time when the early MPLS/VPN adopters built physically separate routers for MPLS traffic. When it became clear that this was not a good way to scale, they moved to building dedicated line cards in shared routers for MPLS/VPN's. As we see today, those that build - heaven forbid - "converged" networks tend to derive better ROI's from their network infrastructure. I'd be hard-pressed to hear from even the largest of operators physically separating MPLS and IP traffic at the hardware and/or link level. As you, Jared, say, and as I said in a previous post, both MPLS and IP traffic follows the same data plane. The routing table separation construct does not survive chassis-wide failures. Mark.