[c-nsp] MPLS VPN with lot of PPP interfaces and central firewall (Half Duplex VRF / HDVRF)
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Wed Feb 24 03:53:26 EST 2010
> > I just
> > tried this with "regular" serial interfaces, and I don't see the
issue,
> > i.e. without a default route, the CEs don't see each other.
>
> I assume even without any MP-BGP between the SPOKE and HUB PEs, it
> should be possible to isolate two interfaces on the SPOKE/PE with the
> Half Duplex VRF feature enabled. I'am right here? So how looks your
> SPOKE/PE test setup regarding the VRF configuration (VRF definition,
> interfaces and static routes for that VRF)? That would be interesting
> for me.
very simple:
ip vrf down
rd 1:2
!
ip vrf up
rd 1:1
!
ip cef
!
interface Loopback1
ip vrf forwarding up
ip address 1.0.0.1 255.255.255.255
!
interface Serial2/0
ip vrf forwarding up downstream down
ip unnumbered Loopback1
ip verify unicast reverse-path
encapsulation ppp
peer default ip address pool default
serial restart-delay 0
!
interface Serial2/1
ip vrf forwarding up downstream down
ip unnumbered Loopback1
ip verify unicast reverse-path
encapsulation ppp
peer default ip address pool default
serial restart-delay 0
!
ip local pool default 2.0.0.1 2.0.0.10
Didn't try with static routes.. also don't have MPLS/BGP configured on
this "PE".. it's a standalone box..
> Maybe I can build a similar setup with some unused FastEth's in
> my LNS/SPOKE/PE.
hmm, not sure if FastEth will work, HD-VRF is only supported on
unnumbered interfaces.
oli
More information about the cisco-nsp
mailing list