10-2
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 10 Configuring Address Pools
Address Assignment Mechanisms
Local Address Pool
A local address pool is a pool of IP addresses statically configured on a PE router. The pool name
identifies the address pool. When a PPP session requests an address from a specific pool, the pool
manager assigns an unused address from the pool. When the PPP session returns the address, the pool
manager puts the address back into the pool from which it was taken.
A common group identifier identifies a group of pools. In an MPLS VPN network architecture, each pool
group is used to assign addresses to remote users belonging to a particular VPN. Though not officially
associated with a VRF, the address pool is unofficially tied to the VRF because each VPN associated
with an address pool is also associated with a specific VRF.
The ability to assign overlapping addresses provides a significant benefit to VPN customers who use
private addresses. Two address pools in different groups can have overlapping IP addresses, but two
pools in the same group cannot contain overlapping addresses.
Benefits of a Local Address Pool
The main benefit of a local address pool is the ability to efficiently summarize routes:
• The total number of routes configured on a single PE router can grow enormously. Route
summarization avoids lengthy VRF and default routing tables.
• Summarized routes correspond to all subnets present in the address pool.
• The summarized routes are configured in the VRF associated with the address pool.
Limitations of a Local Address Pool
A drawback to local address pools is that because they are statically configured, the pool might be poorly
utilized or it might run out of addresses. The provider’s ISP customers have a limited number of public
addresses and are particularly affected by poorly managed pools. For example, for the same ISP it is
possible that one PE router is underutilizing its local pool while another PE router has exhausted its local
pool.
RADIUS-Based Address Assignment
RADIUS is a distributed client/server system that secures networks against unauthorized access. In
addition to providing authentication, authorization, and accounting (AAA) services, RADIUS also
provides IP address assignment by using user defined static routes and IP pool definitions on the
RADIUS server.
In the Cisco 10000 series router implementation, a RADIUS client runs on the router and queries a
central RADIUS server for a remote user’s static route or an IP address from the RADIUS IP pool
definitions. Typically, the RADIUS server assigns addresses from a separate pool of addresses for each
VPN associated with a particular PE router. This allows the server to assign contiguous addresses to
remote users who are in the same VPN and who connect to the same PE router. The RADIUS server uses
the remote user’s domain name to identify the VPN.
To Next Page
Loading...
