[c-nsp] vrf-lite routing

Mattias Gyllenvarg mattias at gyllenvarg.se
Thu Jul 18 02:26:42 EDT 2013 

You will still need a vlan for every vrf between the relevant machines with
vrf-lite. Only MPLS or tunnels solve that.

If it is internet traffic you dont need more then Layer2 separation, you
have that with a vlan/customer. So building VRFs will separate Layer3 and
the you have too "short circuit" manually. Makes no sense. If you dont
whant the customer routes in EIGRP then you should setup iBGP.

Mostly, you should be careful when building something that you cannot
troubleshoot for a friend. There is alot of "gotchas" in VRF and MPLS and
you may end up with less features and more work when provitioning then the
old network.




On Thu, Jul 18, 2013 at 3:02 AM, Dan Letkeman <danletkeman at gmail.com> wrote:

> I think it makes more sense to do this based on the equipment they have.
>
> http://packetlife.net/blog/2009/apr/30/intro-vrf-lite/
>
> Get the performance of routing on the 3k switches but the segregation of
> VRF-lite if they want it.
>
> Dan.
>
>
> On Wed, Jul 17, 2013 at 7:45 PM, Dan Letkeman <danletkeman at gmail.com>
> wrote:
>
> > The current network is routed via EIGRP, but also has a lot of vlan's
> > trunked everywhere...its an STP nightmare with various ISP's providing
> > service via fiber, and a host of wireless bridges, that are any where
> from
> > 10-40 miles....  My though was to use tunnel's and vrf-lite instead of
> > trunking vlan's everywhere, but from what I am hearing, GRE tunnels are
> not
> > going to perform.  I have this working in a test network and it's working
> > well.  Other than I have not tried a performance test.
> >
> > They do want separation on some of the networks, but not all.  I have
> done
> > this in the past with access lists and vlan's but its a pain.  Is there
> any
> > other way to segregate the traffic on routed network?
> >
> > Ideally they should have a router at each location and not a switch.
> >
> > Dan.
> >
> >
> > On Wed, Jul 17, 2013 at 1:28 AM, Mattias Gyllenvarg <
> mattias at gyllenvarg.se
> > > wrote:
> >
> >> Hi Dan
> >>
> >> Sounds like your getting of on the wrong foot.
> >>
> >> The 3560 can't do much more then routing and switching. No GRE or MPLS
> so
> >> you are pretty much stuck with trunking.
> >>
> >> VRFs will only be helpfull with MPLS unless you want VRF-lite (thats VRF
> >> that is local to one machine only). Then you still need the trunks and
> >> vlans.
> >> You can setup the VRFs to talk fairly easily, but why have the
> separation
> >> if you want them to talk?
> >>
> >> Sound like you should just replace the old machine with the new one.
> >>
> >> If you should do anything then setup the 3k boxes for dynamic routing so
> >> that they simply route the traffic instead of switching it. Then you
> wont
> >> have to add vlans for every new internet customer. But shaping may be
> >> harder to do as you dont have the customers interface in your core.
> >>
> >> //Mattias
> >>
> >>
> >> On Wed, Jul 17, 2013 at 4:12 AM, Dan Letkeman <danletkeman at gmail.com
> >wrote:
> >>
> >>> Hello,
> >>>
> >>> Just wondering if anyone can direct me down the correct path.   I have
> >>> been
> >>> asked by a friend to help replace an ISR2851 with a new ASR1001.   The
> >>> 2851
> >>> currently does some route-maps for different networks and a few
> customers
> >>> as well as some shaping.  They want to use the ASR to peer with an ISP
> >>> and
> >>> I suggested to use tunnel's and VRF's instead of trunking vlan's
> through
> >>> there network to the customers, like they are doing now.
> >>>
> >>> The network currently consists of mostly 3k switches and either fiber
> or
> >>> wireless trunks to about 45 different locations.  The main goal is to
> >>> provide internet to each of the 45 locations each having there own
> public
> >>> ip/range.
> >>>
> >>> My thought was to create tunnels from the ASR to each of the locations
> >>> (each have a 3560 switch) and then to create VRF's on each tunnel and
> >>> assign a public IP to each VRF and then advertise those networks into
> the
> >>> global BGP table.
> >>>
> >>> First time I have done anything like this...Any thoughts?
> >>>
> >>> Dan.
> >>> _______________________________________________
> >>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>>
> >>
> >>
> >>
> >> --
> >> *Med Vänliga Hälsningar*
> >> *Mattias Gyllenvarg*
> >>
> >
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



-- 
*Med Vänliga Hälsningar*
*Mattias Gyllenvarg*

More information about the cisco-nsp mailing list