[c-nsp] vrf-lite over a layer3 link

David Freedman david.freedman at uk.clara.net
Tue Oct 6 09:03:12 EDT 2009


If you don't have overlapping subnets and are brave, you could try
vrf source-select or vrf pbr , with "global" next hops
(since both of these techniques create a half-duplex vrf situation),
this avoids the mess of tunnels and their packet overheads, but
introduces another mess (and potentially security hole) of its own :)

Dave.


Ian MacKinnon wrote:
> You need to tunnel it :-)
> GRE is one option, and there is some info about this in the Building MPLS Based Broadband Access VPNs book
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Stefan Juon
> Sent: 06 October 2009 13:04
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] vrf-lite over a layer3 link
> 
>  Hi all
> This is my first post to this list, so I guess I should say hello ;-)
> We are considering an advanced network design which allows us to separate
> several services or customers using vrf-lite. There are some local sites
> which are connected by our own cabling. Nevertheless there are also some
> remote sites which are connected over a provider which provides common
> layer3 links. I understand that vrf-lite uses vlan's to separate the
> customers between ce and pe, I have seen these in all the examples I already
> read. As supposely no provider supports vlan's but rather layer 3 lines the
> big question is: How to span a network using vrf-lite over a provider?
> 
> Thanks for any ideas.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.420 / Virus Database: 270.14.3/2415 - Release Date: 10/05/09 18:23:00
> 
> --
> 
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the sender. Any
> offers or quotation of service are subject to formal specification.
> Errors and omissions excepted.  Please note that any views or opinions
> presented in this email are solely those of the author and do not
> necessarily represent those of Lumison.
> Finally, the recipient should check this email and any attachments for the
> presence of viruses.  Lumison accept no liability for any
> damage caused by any virus transmitted by this email.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



More information about the cisco-nsp mailing list