[c-nsp] PBR or VRF

Kristofer Sigurdsson kristo at ipf.is
Thu Dec 1 05:08:31 EST 2005 

Hi,

On Wed, 2005-11-30 at 21:10 -0700, james edwards wrote:
> I have a customer who has locations throughout the state. Their requirements 
> for internet access a not great, the major requirement is each office has 
> good connections (low latency/jitter) to the other offices. They have a VoIP 
> and POTS PBX, VoIP is only for office to office, all other calls are on the 
> POTS card on the PBX. They also have a central database that the business 
> lives and dies on. New Mexico has 14 phone companies so the VoIP allows then 
> to save big bucks, xLEC to xLEC calls can be as much a 50 cents/min.

A VRF does have it's advantages here, first of all, a cleaner 
configuration, you can route like you're used to, instead of adding
PBR rules for everything (I don't know how much "everything" is in your 
case).  Also, using VRF, you can be reasonably sure no other customer 
on your network has direct access to this company's network, which may 
be a concern because of the VoIP PBX and this central database.

In my opinion, a VRF with routes are a much cleaner solution than PBR.

> 
> Sales came up with a solution and now I have to implement it. There is a 
> main office and outlying offices, each has a T-1 (integrated voice and data) 
> into our cloud (CBX-500 network) and as luck would have it this all comes 
> together on one router. It looks like a hub and spoke network with the hub 
> being this router. The main office also has DSL with us; to save some $$ all 
> the outlying offices will send internet bound traffic to the main office on 
> the DSL, which defaults back to us. Any on net traffic (traffic bound to 
> addresses on our network) will take the normal route across our network.

If you choose to use VRF, you will have to either terminate the 
Internet uplink from the central office at a seperate logical interface 
(a special physical uplink or just a VLAN/PVC/whatever) or provide 
Internet connectivity from the VRF by other means, which might 
complicate things.  If I understand correctly, the central office uses 
DSL for their connection to the spokes and T1 for Internet access, so 
this won't be a problem for you.

> 
> My first thought was PBR to force the outlying offices internet bound 
> traffic down the DSL link. I was wondering if VRF would be another way to 
> make this work. In reading it seems so but much of the docs on VRF are in 
> the context of VPN's or MPLS. If VRF would work is there an 
> advantage/disadvantage to VRF over PBR. The hub router where the PBR or VRF 
> happens is a 7206 NPE-400.

The feature you need is VRF-lite, you might want to check for that in 
the Feature Navigator (http://www.cisco.com/go/fn) for your IOS.

Regards,
Kristofer

More information about the cisco-nsp mailing list