[c-nsp] Managed internet VPN solution
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Mon Apr 21 01:25:50 EDT 2008
Ibrahim Abo Zaid <> wrote on Sunday, April 20, 2008 10:30 PM:
> Hi All
>
> one of my clients has a managed Internet solution with his simple
> MPLS VPN and Internet access in granted to a selected group of sites
> including HQ through managed internet router hosted at his ISP but he
> has a bit weired request as he needs a site to connect to the
> Internet using Internet connection of other site not directly to
> provider Internet gateway
I'm not entirely sure I understand the topology. Can you put a diagram
somewhere?
> i thought about two solution how this solution can be implemented
>
> 1-use PBR under this site PE interface and direct the Internet
> traffic to the other site network using set key *set next-hop
> recursive* and point to one of the remote site IPs so MPLS labels
> will do the work and route the traffic to the remote CE and then to
> the Internet and of course reverse reachability will be maintained .
Where exactly are you planning to apply the PBR route-map? Not sure if
this will work on the PE.
> 2- isolate these two site into a different VRF and set up overlapping
> VPN between the overall simple VPN and the special managed Internet
> VPN composed of those 2 sites
sounds like a feasible approach (need to understand the topology
better).
> any suggestion how this solution can be met will be welcomed :)
>
If the "hub" site has the Internet connection, you could also have this
site inject a default-route into the VPN so all sites can follow it
(and use ACLs or route filters if you want to restrict this access to
only certain sites).
oli
More information about the cisco-nsp
mailing list