[c-nsp] Inserting a default route into a MPLS/VPN pointing out of the VRF

Justin Shore justin at justinshore.com
Mon Oct 19 17:49:40 EDT 2009 

I'm having to rush a MPLS/VPN into service this week.  Certain customers 
will connect into this MPLS/VPN on PEs facing L2 switches with sub-ints 
in the correct VRF, MLPPP bundles, direct connect to PEs, etc (lots of 
variety down the road).  Simple so far.  The majority of the traffic 
will exit our network out another PE at a peering point across our 
network, exiting out another interface also assigned to the same VRF. 
Still simple.  I'm doing similar things today to support our data center 
and some other L3VPNs.  Easy stuff.

The problem that I'm faced with is figuring out how to insert a default 
route into that MPLS/VPN.  I do this today with the data center VRFs 
with the assistance of a FWSM in our core.  I insert a default route 
pointed to the backside of the customer's context on the FWSM; that 
route is a static in the VRF.  The FWSM bridges the gap between my 
MPLS/VPN and my default VRF quite nicely.  However in this situation I 
can't use the FWSMs.  I need to extract traffic from the VRF for the 
private network and out into the default VRF on my core where I keep my 
Internet routes.  Longest-match will take care of the MPLS/VPN routes to 
properly route traffic to my peer.  Everything else needs to get out of 
the VRF and to the Internet.

At my main POP I'm planning on inserting 2 default routes, 1 from each 
core router with different weights.  My daul core routers are homed to 
both of my border routers.  Here's the simplified topology:


BR1   BR2
|  \/  |
|  /\  |
| /  \ |
P1----P2----PE1--Peer
|      |
|      |
PE2     PE3
|      |
CE1    CE2

There are more Ps and PEs but this gets the general idea across.

I've come across route-leaking examples but they all require me to point 
traffic to an outward-facing interface.  Ie, I can't just point the 
default route to a specific upstream-facing interface.  Is there another 
way?  I can't see a solution with importing routes at the route-target 
level.  Can I point it to a loopback outside of the VRF?

http://www.cisco.com/en/US/tech/tk436/tk832/technologies_configuration_example09186a0080231a3e.shtml

This is probably a simple process but I haven't had to do it before 
without the FWSM which made it trivially easy.  What simple solution 
have I overlooked and will kick myself for missing later?

Thanks
  Justin

More information about the cisco-nsp mailing list