[c-nsp] Extending MPLS over external providers cloud

Saku Ytti saku+cisco-nsp at ytti.fi
Wed Aug 6 05:06:08 EDT 2008


On (2008-08-05 22:14 -0500), lists at daniels.id.au wrote:

> In an ethernet scenario, I agree VRF-Lite, dot1q and away we go, but here I
> have a cloud in the middle connecting several (20-30) DSL sites to a head
> office (hub and spoke), and the thought of having to manage multiple
> tunnels (one per vrf), per site is making me cringe..

Yet another solution that was not suggested yet, which doesn't reduce your
MTU either is 'vrf select'. Problem with it is, that if your customers
can spoof their source address, they can get packets to different
VRFs.
So you'd need to run uRPF/strict in LAN interface in CE and make sure
CE is physically secured. It is ugly hack, that is granted.

VRF-lite and multiple PVC's would be my preferred solution.
-- 
  ++ytti


More information about the cisco-nsp mailing list