Flexible Extranet Implementation

From CT3

Jump to: navigation, search

By Ivan Pepelnjak

Traditional IP-based extranets force IP addressing on its participants: each site participating in the extranet has a fixed IP address range from the IP address space used by the Extranet. The underlying extranet owner’s assumption is simple: each participant would install a few workstations on a dedicated LAN segment and work from there.

Large organizations usually participate in multiple incompatible extranets. Furthermore, the applications offered by extranet providers have to be accessible from anywhere within the participant’s network, not from a dedicated workstation. The result is usually a complex mix of Network Address Translation (NAT) rules, sometimes implemented on multiple NAT devices due to routing problems caused by the extranet providers, some of which use default routing to the core of their network.

MPLS VPN combined with VRF-aware NAT offers a production-grade solution to this challenge but is rarely used since the enterprise network engineers believe MPLS VPN is a purely Service Provider technology.

Extranet implemented with VRF-aware NAT
If you need professional help in designing or deploying solutions described in this tutorial, contact the author or NIL's Professional Services team

Read the Flexible Extranet Implementation IP corner article

Personal tools


Main menu