[c-nsp] MPLS-VPN migration

schilling schilling2006 at gmail.com
Fri Dec 26 15:17:49 EST 2008


A simple question regarding Per-VRF Assignment of BGP Router ID which makes
the VRF-to-VRF peering of BGP on the same router possible. I just could not
get my head straight.

Do we need a physical cable from interface/VLAN in one VRF to another VRF on
the same router? Otherwise, how the data flow from one VRF to another?

Thanks.

Schilling



On Thu, Dec 18, 2008 at 3:12 AM, Aaron Daniels - Lists
<lists at daniels.id.au>wrote:

> We just tackled this one in our organisation.
>
> 2 Gotchas.
>
> 1. Router-id must be different between peers, make sure your code supports
> vrf specific router-id.
> 2. iBGP was very messy IMHO, so we went with eBGP using local-as to have
> each vrf appear to be a different 65xxx AS
>
> I can sent you my lab config's tomorrow.
>
> Thanks,
> Aaron
>
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] On Behalf Of Tim Durack
> > Sent: Thursday, 18 December 2008 1:54 AM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] MPLS-VPN migration
> >
> > Looking for some "creative" ideas on how best to accomplish this:
> >
> > We are migrating a traditional enterprise-style IP network to an
> > MPLS-VPN network. All the infrastructure MPLS/IGP/MP-BGP work is
> > essentially done (it's a purely PE-PE network, no P routers anywhere.)
> >
> > All "customer" networks are still in the global table. I need to
> > migrate them into VPN groups, but maintain full reachability between
> > global and VRFs during the migration. Route-leaking will be configured
> > between VRFs, and at a later stage some kind of firewall will be
> > employed between VPNs. The hard part is getting everything into the
> > VPNs first (without anyone noticing too much :-)
> >
> > Ideally I'd like to bring up BGP sessions between the global table and
> > VRFs on each PE. I notice I can do BGP sessions between VRFs, but
> > can't quite wrap my head around global->VRF BGP. Is this even
> > possible?
> >
> > Thanks for thinking about it.
> >
> > Tim:>
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list