[c-nsp] MPLS-VPN migration

Luan Nguyen luan at netcraftsmen.net
Wed Dec 17 12:25:48 EST 2008 

Let me try thinking out loud :)
There BGP support for IP prefix import into VRF table:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_bgivt.htm
l
You could use static routes as well.
For dynamic, some people create two tunnels, same router, same subnet,
sourced from different loopbacks.  With one tunnel interface in the vrf, one
in the global routing table


ip vrf CUSTOMER1
rd 
route-target export 
route-target import 
!
interface Tunnel100
description VRF_CUSTOMER1_BRIDGE_TO_GLOBAL_ROUTING_TABLE
bandwidth 50000
ip vrf forwarding CUSTOMER1
ip address 172.31.254.254 255.255.255.252  
load-interval 30  
tunnel source x.x.x.x
tunnel destination y.y.y.y
!
interface Tunnel200
description GLOBAL_ROUTING_TABLE_BRIDGE_TO_VRF_CUSTOMER1
bandwidth 50000
ip address 172.31.254.253 255.255.255.252  
ip virtual-reassembly  
load-interval 30  
tunnel source y.y.y.y
tunnel destination x.x.x.x

If you have a lot of customers (a lot of VRFs), then maybe try DMVPN
configuration with the global being the hub and each spokes in their own
unique VRF...just a thought :)

Regards,

Luan Nguyen
Chesapeake NetCraftsmen, LLC.
www.NetCraftsmen.net



-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tim Durack
Sent: Wednesday, December 17, 2008 10:54 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] MPLS-VPN migration

Looking for some "creative" ideas on how best to accomplish this:

We are migrating a traditional enterprise-style IP network to an
MPLS-VPN network. All the infrastructure MPLS/IGP/MP-BGP work is
essentially done (it's a purely PE-PE network, no P routers anywhere.)

All "customer" networks are still in the global table. I need to
migrate them into VPN groups, but maintain full reachability between
global and VRFs during the migration. Route-leaking will be configured
between VRFs, and at a later stage some kind of firewall will be
employed between VPNs. The hard part is getting everything into the
VPNs first (without anyone noticing too much :-)

Ideally I'd like to bring up BGP sessions between the global table and
VRFs on each PE. I notice I can do BGP sessions between VRFs, but
can't quite wrap my head around global->VRF BGP. Is this even
possible?

Thanks for thinking about it.

Tim:>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list