[c-nsp] MPLS-VPN migration

Luan Nguyen luan at netcraftsmen.net
Wed Dec 17 12:25:48 EST 2008

Let me try thinking out loud :)
There BGP support for IP prefix import into VRF table:
You could use static routes as well.
For dynamic, some people create two tunnels, same router, same subnet,
sourced from different loopbacks.  With one tunnel interface in the vrf, one
in the global routing table

ip vrf CUSTOMER1
route-target export 
route-target import 
interface Tunnel100
bandwidth 50000
ip vrf forwarding CUSTOMER1
ip address  
load-interval 30  
tunnel source x.x.x.x
tunnel destination y.y.y.y
interface Tunnel200
bandwidth 50000
ip address  
ip virtual-reassembly  
load-interval 30  
tunnel source y.y.y.y
tunnel destination x.x.x.x

If you have a lot of customers (a lot of VRFs), then maybe try DMVPN
configuration with the global being the hub and each spokes in their own
unique VRF...just a thought :)


Luan Nguyen
Chesapeake NetCraftsmen, LLC.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tim Durack
Sent: Wednesday, December 17, 2008 10:54 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] MPLS-VPN migration

Looking for some "creative" ideas on how best to accomplish this:

We are migrating a traditional enterprise-style IP network to an
MPLS-VPN network. All the infrastructure MPLS/IGP/MP-BGP work is
essentially done (it's a purely PE-PE network, no P routers anywhere.)

All "customer" networks are still in the global table. I need to
migrate them into VPN groups, but maintain full reachability between
global and VRFs during the migration. Route-leaking will be configured
between VRFs, and at a later stage some kind of firewall will be
employed between VPNs. The hard part is getting everything into the
VPNs first (without anyone noticing too much :-)

Ideally I'd like to bring up BGP sessions between the global table and
VRFs on each PE. I notice I can do BGP sessions between VRFs, but
can't quite wrap my head around global->VRF BGP. Is this even

Thanks for thinking about it.

cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list