[c-nsp] Large scale "central services" VRF, best practice?

schilling schilling2006 at gmail.com
Fri Mar 18 09:31:55 EDT 2011


I don't think any of them will work.  The router import and export has
to be symmetric if you want bidirectional communication.

      ip vrf A
      rd 1:1
      route-target both 1:1
     route-target import 1:3
     !
     ip vrf B
      rd 1:2
      route-target both 1:2
      route-target import 1:3
    !
     ip vrf Central_Services
     rd 1:3
        route-target both 1:3
        route-target import 1:1
        route-target import 1:2


Schilling

On Fri, Mar 18, 2011 at 9:04 AM, Peter Rathlev <peter at rathlev.dk> wrote:
> Is there any "smart" way configure an MPLS VPN network for a "central
> services" VRF for all (or many) other VRFs?
>
> I see three possible ways:
>
>  1)  Use import & export on the central services VRF, no configuration
>     on the other VRFs:
>
>     ip vrf A
>      rd 1:1
>      route-target both 1:1
>     !
>     ip vrf B
>      rd 1:2
>      route-target both 1:2
>     !
>     ip vrf Central_Services
>      rd 1:3
>      route-target both 1:1
>      route-target both 1:2
>      route-target both 1:3
>     !
>
>  2)  Use import & export on each VRF that needs to access the central
>     services VRF.
>
>     ip vrf A
>      rd 1:1
>      route-target both 1:1
>      route-target both 1:3
>     !
>     ip vrf B
>      rd 1:2
>      route-target both 1:2
>      route-target both 1:3
>     !
>     ip vrf Central_Services
>      rd 1:3
>      route-target both 1:1
>     !
>
>  3)  Use an empty (permit anything) import map on the central services
>     VRF and an export map on the other VRFs:
>
>     route-map CS_EXPORT_MAP permit 10
>      set extcommunity rt 1:3 additive
>     !
>     route-map CS_IMPORT_MAP permit 10
>     !
>     ip vrf A
>      rd 1:1
>      route-target both 1:1
>      export map CS_EXPORT_MAP
>     !
>     ip vrf B
>      rd 1:2
>      route-target both 1:2
>      export map CS_EXPORT_MAP
>     !
>     ip vrf Central_Services
>      rd 1:3
>      route-target both 1:3
>      import map CS_IMPORT_MAP
>     !
>
> In my eyes all approaches seem like a lot of work, but I'm leaning
> towards solution 2 because it seems easier to not make mistakes.
>
> An SP from which we buy last-mile in a couple of VRFs have their
> management prefixes leaked out into every VRF and we're looking for
> something similar.
>
> Does anybody know of a smart(er) way of doing this? Are anybody on this
> list using it large scale and are willing to share some experience?
>
> --
> Peter
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list