[c-nsp] Inserting a default route into a MPLS/VPN pointing out of the VRF

Pshem Kowalczyk pshem.k at gmail.com
Mon Oct 19 18:51:53 EDT 2009 

Hi,

I don't think there is a simple solution to that problem. Here are two
ideas that we came up with to solve our issues and still maintain
relatively 'clean' design.

1. With border routers as CEs  - run a trunk between the PE and border
routers with one vlan per vrf. That gives you ability to put a static
in a vrf.
2. Turn the border routers into PEs and move the internet table into a
vrf. From that vrf you can leak only specific routes (like the
default).

Ultimately we implemented second option (mainly because it was easier to scale).

kind regards
Pshem



2009/10/20 Justin Shore <justin at justinshore.com>:
> I'm having to rush a MPLS/VPN into service this week.  Certain customers
> will connect into this MPLS/VPN on PEs facing L2 switches with sub-ints in
> the correct VRF, MLPPP bundles, direct connect to PEs, etc (lots of variety
> down the road).  Simple so far.  The majority of the traffic will exit our
> network out another PE at a peering point across our network, exiting out
> another interface also assigned to the same VRF. Still simple.  I'm doing
> similar things today to support our data center and some other L3VPNs.  Easy
> stuff.
>
> The problem that I'm faced with is figuring out how to insert a default
> route into that MPLS/VPN.  I do this today with the data center VRFs with
> the assistance of a FWSM in our core.  I insert a default route pointed to
> the backside of the customer's context on the FWSM; that route is a static
> in the VRF.  The FWSM bridges the gap between my MPLS/VPN and my default VRF
> quite nicely.  However in this situation I can't use the FWSMs.  I need to
> extract traffic from the VRF for the private network and out into the
> default VRF on my core where I keep my Internet routes.  Longest-match will
> take care of the MPLS/VPN routes to properly route traffic to my peer.
>  Everything else needs to get out of the VRF and to the Internet.
>
> At my main POP I'm planning on inserting 2 default routes, 1 from each core
> router with different weights.  My daul core routers are homed to both of my
> border routers.  Here's the simplified topology:
>
>
> BR1   BR2
> |  \/  |
> |  /\  |
> | /  \ |
> P1----P2----PE1--Peer
> |      |
> |      |
> PE2     PE3
> |      |
> CE1    CE2
>
> There are more Ps and PEs but this gets the general idea across.
>
> I've come across route-leaking examples but they all require me to point
> traffic to an outward-facing interface.  Ie, I can't just point the default
> route to a specific upstream-facing interface.  Is there another way?  I
> can't see a solution with importing routes at the route-target level.  Can I
> point it to a loopback outside of the VRF?
>
> http://www.cisco.com/en/US/tech/tk436/tk832/technologies_configuration_example09186a0080231a3e.shtml
>
> This is probably a simple process but I haven't had to do it before without
> the FWSM which made it trivially easy.  What simple solution have I
> overlooked and will kick myself for missing later?
>
> Thanks
>  Justin
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list