[c-nsp] Large scale "central services" VRF, best practice?
Peter Rathlev
peter at rathlev.dk
Fri Mar 18 09:04:45 EDT 2011
Is there any "smart" way configure an MPLS VPN network for a "central
services" VRF for all (or many) other VRFs?
I see three possible ways:
1) Use import & export on the central services VRF, no configuration
on the other VRFs:
ip vrf A
rd 1:1
route-target both 1:1
!
ip vrf B
rd 1:2
route-target both 1:2
!
ip vrf Central_Services
rd 1:3
route-target both 1:1
route-target both 1:2
route-target both 1:3
!
2) Use import & export on each VRF that needs to access the central
services VRF.
ip vrf A
rd 1:1
route-target both 1:1
route-target both 1:3
!
ip vrf B
rd 1:2
route-target both 1:2
route-target both 1:3
!
ip vrf Central_Services
rd 1:3
route-target both 1:1
!
3) Use an empty (permit anything) import map on the central services
VRF and an export map on the other VRFs:
route-map CS_EXPORT_MAP permit 10
set extcommunity rt 1:3 additive
!
route-map CS_IMPORT_MAP permit 10
!
ip vrf A
rd 1:1
route-target both 1:1
export map CS_EXPORT_MAP
!
ip vrf B
rd 1:2
route-target both 1:2
export map CS_EXPORT_MAP
!
ip vrf Central_Services
rd 1:3
route-target both 1:3
import map CS_IMPORT_MAP
!
In my eyes all approaches seem like a lot of work, but I'm leaning
towards solution 2 because it seems easier to not make mistakes.
An SP from which we buy last-mile in a couple of VRFs have their
management prefixes leaked out into every VRF and we're looking for
something similar.
Does anybody know of a smart(er) way of doing this? Are anybody on this
list using it large scale and are willing to share some experience?
--
Peter
More information about the cisco-nsp
mailing list