[c-nsp] MPLS VPN with lot of PPP interfaces and central firewall (Half Duplex VRF / HDVRF)
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Tue Feb 23 10:47:04 EST 2010
> Hello Oli, thx for your support again. I have configured the HUB/PE as
> suggested:
> [..]
> I see that a traceroute from CPE1 to CPE2 now take the path over the
HUB
> and then back to the LNS as expected:
> [...]
> When I remove the def-route on the HUB, I'am still able to reach CPE2
> from CPE1 directly over the LNS:
>
> cpe1-vrftest#traceroute
> Target IP address: 10.98.2.1
> Source address: 10.98.1.1
> Tracing the route to 10.98.2.1
> 1 10.99.17.254 68 msec 60 msec 64 msec (Loopback102 LNS)
> 2 10.99.17.2 152 msec * 148 msec (CPE2)
>
> So I *can* re-direct the traffic from CPE to CPE through the HUB but
in
> the case the HUB fails, the CPEs are directly connected again through
> the LNS/SPOKE PE. Is that the expected behaviour? Or is there still
some
> thing I'am missing (RPF is enabled on the Vi's)?
That's strange.. Can you open a TAC case to get this looked at? I just
tried this with "regular" serial interfaces, and I don't see the issue,
i.e. without a default route, the CEs don't see each other. Can you
remove urpf and try again?
oli
More information about the cisco-nsp
mailing list