Erich has encountered a familiar MPLS/VPN design challenge:
We have Cisco's 2901s with the data license running MPLS/VPN on customer site (the classical PE is at the customer site). Should we use eBGP between CPE router and network edge router, some sort of iBGP route reflector design, or something completely different?
The “it depends” answer depends primarily on how much you can trust the routers installed at the customer site (CPE routers).
CPE router is managed by the service provider
If the service provider considers the CPE routers trustworthy enough to be part of the MPLS/VPN backbone, we’re dealing with a traditional MPLS/VPN network (admittedly an order of magnitude bigger than usual).
If you don’t want to extend IGP to customer sites for scalability or performance reasons, use Inter-AS MPLS/VPN (Option B) between the CPE routers and network edge routers. If you’re running out of private AS numbers, put all CPE routers in the same autonomous system (obviously you’d have to configure allowas-in on them).
CPE router is managed by the customer
A router you don’t trust should never become part of your MPLS/VPN backbone (it can easily pollute your VPNv4 tables); I would also have qualms running Inter-AS MPLS/VPN with it ... or use heavy inbound filters should someone force this design on me.
The ideal solution would be Carrier’s Carrier (CsC) architecture – it was designed to address exactly this type of requirements.