[c-nsp] Managed internet VPN solution

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Mon Apr 21 04:23:11 EDT 2008 

Thanks for the addtl. info. How does Site A connect to the Internet?
Can't you just replicate whatever you did there and apply it to Site B?

I don't know of PBR is a solution, it really depends on the routing
setup. Please bear in mind that the PE performs another routing lookup,
so PBR on the CE site B alone will likely not help.

	oli

Ibrahim Abo Zaid <mailto:ibrahim.abozaid at gmail.com> wrote on Monday,
April 21, 2008 10:09 AM:

> Thanks Oliver for your interset , you'll find the topology attached
> 
> 
> both HQ and Site A connect to the internet through managed internet
> CE and the customer needs Site B to connect through Site A then
> managed internet CE , about the PBR point , i plan to configure it
> under Site B PE interface   
> 
> i hope that will clarify my whole solution and thanks for your help :)
> 
> 
> best regards
> --Abo Zaid
> 
> 
> On 4/21/08, Oliver Boehmer (oboehmer) <oboehmer at cisco.com> wrote:
> 
> 	Ibrahim Abo Zaid <> wrote on Sunday, April 20, 2008 10:30 PM:
> 
> 	> Hi All
> 	>
> 	> one of my clients has a managed Internet solution with his
simple
> 	> MPLS VPN and Internet access in granted to a selected group of
> 	sites > including HQ through managed internet router hosted at
his
> 	ISP but he > has a bit weired request as he needs a site to
connect
> 	to the > Internet using Internet connection of other site not
> 	directly to > provider Internet gateway
> 
> 	I'm not entirely sure I understand the topology. Can you put a
> 	diagram somewhere?
> 
> 	> i thought about two solution how this solution can be
implemented
> 	>
> 	> 1-use PBR under this site PE interface and direct the Internet
> 	> traffic to the other site network using set key *set next-hop
> 	> recursive* and point to one of the remote site IPs so MPLS
labels
> 	> will do the work and route the traffic to the remote CE and
then to
> 	> the Internet and of course reverse reachability will be
maintained
> . 
> 
> 	Where exactly are you planning to apply the PBR route-map? Not
sure
> 	if this will work on the PE.
> 
> 	> 2- isolate these two site into a different VRF and set up
> 	overlapping > VPN between the overall simple VPN and the special
> 	managed Internet > VPN composed of those 2 sites
> 
> 	sounds like a feasible approach (need to understand the topology
> 	better).
> 
> 	> any suggestion how this solution can be met will be welcomed
:)
> 	>
> 
> 	If the "hub" site has the Internet connection, you could also
have
> 	this site inject a default-route into the VPN  so all sites can
> 	follow it (and use ACLs or route filters if you want to restrict
> 	this access to only certain sites).
> 
> 	       oli

More information about the cisco-nsp mailing list