[c-nsp] Restrictions for NAT Integration with MPLS VPNs

Volodymyr Yakovenko vovik at dumpty.org
Sat Mar 19 14:37:51 EST 2005


On Fri, Mar 18, 2005 at 06:04:20PM +0100, Oliver Boehmer (oboehmer) wrote:
[..skipped..]
>> 
>> ip vrf RED
>>   rd 10:10
>> !
>> int fa0/0/0
>> ip vrf forwarding RED
>> ip address 192.168.1.1 255.255.255.0
>> ip nat inside
>> !
>> int fa0/1/0
>> ip vrf forwarding RED
>> ip address 66.16.17.1 255.255.255.0
>> ip nat outside
>> !
>
>This configuration works, though (I tried it in 12.3(6)), but the
>current vrf-aware NAT functionality was designed around central services
>(several VRFs with overlapping IP addresses  want to access SP's central
>services, like an Internet connection), so the outside interface is
>usally in the global table.

Does it mean that the only currently possible right way is to put shared
services in global?

Is there any references or whitepapers which describe Cisco's understanding
of shared services implementation in MPLS VPN environment?

I am especially interested in examples where shared services reside in 
separate VPN rather than global.

One more shared services related thing - are there any plans to make inter-VRF
leaks be presented as logical interface instance with possibility to enforce 
in/out ACLs on particular inter-VRF leak?

>We'll release new vrf-aware NAT functionality in the upcoming 12.3(14)T
>release (due out soon)  which will also allow to translate between
>separate VRFs..

Will it be back-ported to 12.2S train?

-- 
Regards,
Volodymyr.



More information about the cisco-nsp mailing list