[c-nsp] MPLS/VPN + Internet Setup - Update
Mark Tinka
mtinka at africaonline.co.zw
Fri Aug 4 08:14:21 EDT 2006
On Thursday 03 August 2006 19:36, Oliver Boehmer (oboehmer)
wrote:
> yes, vrf-lite is used for this purpose in several networks I'm
> aware of, so I'd call this still best current practice for
> most applications (maybe not for some very security sensible
> folks who don't trust VRF-lite segmentation on the CE).
Two other questions, Oli:
a) For the VRF-Lite setup, I'd like to use NAT on the CE router,
so the customer overloads their internal network onto one or
more public IP addresses assigned to the PE-facing-Internet
interface. Are there any restrictions in this deployment, as
most documentation on www.cisco.com suggest NAT-PE.
b) Are there any benefits deploying private IP addresses for
PE-CE link when setting up the customer VPN's? I'm inclined
to using public IP addresses for the MPLS/VPN PE-CE links
(even though they might not see much "public" action), but
I'd appreciate insight on the general feeling about this.
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20060804/ef82916e/attachment.bin
More information about the cisco-nsp
mailing list