Hiding the information from network core!

Hiding the information from network core is important. But why hiding the information is important ? What type of information we are trying to hide ? Why from network core only ? How we can hide the information from network core ?  

Let’s start, why information hiding is important.   One of the best practices in network design is to keep network core as simple as possible. I explained this in my KISS principle post earlier.   Core devices job is to forward the packets only. Not dealing with any complex control plane protocols or data plane policies.

Keeping less information in the control plane node and actually only having the information which is used for the edge device connectivity is another best practice in network design. What type of information we are trying to hide from network core ? Any information which is related with the customers in operator networks for example.  

For example in Layer 2 VPN, MAC Addresses of the customers shouldn’t be learned by the core devices. In Layer 3 VPN, core devices don’t need to learn the IP addresses of the customers.   Core devices in layer 2 or layer 3 VPNs, (doesn’t have to be MPLS) should only provide the reachability between the edge devices.   Why we hide the information from the network core only ?  

Network core glues the aggregation and access networks. Huge traffic passed between core devices. Failure in the core network might affect millions of customer and results in GBs of packet loss.   Scalability in the core is more important than edge or aggregation or access domains of the network. Thus, we generally talk about hiding the information from network core.  

But if technology allows to hide the information from the edge and aggregation networks while providing the same functionality, hiding the information is always important for the scalability, so you should benefit from it.

How we can hide the information from the network core?   Of course you immediately think about summarization and traffic aggregation. By sending the less specific prefixes to the network core , or multiplexing many smaller size circuits onto larger circuit for traffic aggregation and having less but larger connections are good for scalability.

But another way is for information hiding from the core is tunneling. Tunneling hides many information from the network core. Imagine you create DMVPN network over the Internet.   What is the underlay control plane protocol for reachability ? In other words, how DMVPN hub and spokes reach their public IP addresses over the Internet ?  

Yes, it is BGP.   But the reason of creating DMVPN is to provide reachability between the Hub and Spoke subnets, right? Then now, the question for you.

Are you using BGP to provide between the Spoke and hub local area network subnets ? Or, does Autonomous Systems on the Internet learn those hub and spoke LAN subnets ? Answer is of course , NOT ! So, in this example, DMVPN hides the information from the network core which is Internet.

What about MPLS core ? When you have MPLS Layer 2 or Layer 3 VPN, does P routers learn the customer MAC or IP addresses ? Of course not.P routers job in MPLS is exactly the same with BGP routers in the above DMVPN over Internet example. Provide the reachability between the end points/edge nodes.

So, hide the information from the network core, it provides scalability, there are many ways as I explained in this post and share your thoughts/comments in the comment box below.

Created by
Orhan Ergun

Orhan Ergun, CCIE/CCDE Trainer, Author of Many Networking Books, Network Design Advisor, and Cisco Champion 2019/2020/2021

He created OrhanErgun.Net 10 years ago and has been serving the IT industry with his renowned and awarded training.

Wrote many books, mostly on Network Design, joined many IETF RFCs, gave Public talks at many Forums, and mentored thousands of his students.  

Today, with his carefully selected instructors, OrhanErgun.Net is providing IT courses to tens of thousands of IT engineers. 

View profile