[c-nsp] Large scale "central services" VRF, best practice?
marc williams
marcuk at me.com
Fri Mar 18 10:18:37 EDT 2011
Have you looked at doing vrf-nat?
On 18 Mar 2011, at 13:04, Peter Rathlev wrote:
> Is there any "smart" way configure an MPLS VPN network for a "central
> services" VRF for all (or many) other VRFs?
>
> I see three possible ways:
>
> 1) Use import & export on the central services VRF, no configuration
> on the other VRFs:
>
> ip vrf A
> rd 1:1
> route-target both 1:1
> !
> ip vrf B
> rd 1:2
> route-target both 1:2
> !
> ip vrf Central_Services
> rd 1:3
> route-target both 1:1
> route-target both 1:2
> route-target both 1:3
> !
>
> 2) Use import & export on each VRF that needs to access the central
> services VRF.
>
> ip vrf A
> rd 1:1
> route-target both 1:1
> route-target both 1:3
> !
> ip vrf B
> rd 1:2
> route-target both 1:2
> route-target both 1:3
> !
> ip vrf Central_Services
> rd 1:3
> route-target both 1:1
> !
>
> 3) Use an empty (permit anything) import map on the central services
> VRF and an export map on the other VRFs:
>
> route-map CS_EXPORT_MAP permit 10
> set extcommunity rt 1:3 additive
> !
> route-map CS_IMPORT_MAP permit 10
> !
> ip vrf A
> rd 1:1
> route-target both 1:1
> export map CS_EXPORT_MAP
> !
> ip vrf B
> rd 1:2
> route-target both 1:2
> export map CS_EXPORT_MAP
> !
> ip vrf Central_Services
> rd 1:3
> route-target both 1:3
> import map CS_IMPORT_MAP
> !
>
> In my eyes all approaches seem like a lot of work, but I'm leaning
> towards solution 2 because it seems easier to not make mistakes.
>
> An SP from which we buy last-mile in a couple of VRFs have their
> management prefixes leaked out into every VRF and we're looking for
> something similar.
>
> Does anybody know of a smart(er) way of doing this? Are anybody on this
> list using it large scale and are willing to share some experience?
>
> --
> Peter
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list