[c-nsp] Large scale "central services" VRF, best practice?

Fri Mar 18 10:42:02 EDT 2011

Depending on platform and scalability requirements, EVN Route
Replication might provide some options....

http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_shared_svcs_xe.html

Cheers,

Matt

> Message: 9
> Date: Fri, 18 Mar 2011 14:04:45 +0100
> From: Peter Rathlev <peter at rathlev.dk>
> To: cisco-nsp <cisco-nsp at puck.nether.net>
> Subject: [c-nsp] Large scale "central services" VRF, best practice?
> Message-ID: <1300453485.10962.21.camel at abehat.dyn.net.rm.dk>
> Content-Type: text/plain; charset="UTF-8"
>
> Is there any "smart" way configure an MPLS VPN network for a "central
> services" VRF for all (or many) other VRFs?
>
> I see three possible ways:
>
>  1)  Use import & export on the central services VRF, no configuration
>     on the other VRFs:
>
>     ip vrf A
>      rd 1:1
>      route-target both 1:1
>     !
>     ip vrf B
>      rd 1:2
>      route-target both 1:2
>     !
>     ip vrf Central_Services
>      rd 1:3
>      route-target both 1:1
>      route-target both 1:2
>      route-target both 1:3
>     !
>
>  2)  Use import & export on each VRF that needs to access the central
>     services VRF.
>
>     ip vrf A
>      rd 1:1
>      route-target both 1:1
>      route-target both 1:3
>     !
>     ip vrf B
>      rd 1:2
>      route-target both 1:2
>      route-target both 1:3
>     !
>     ip vrf Central_Services
>      rd 1:3
>      route-target both 1:1
>     !
>
>  3)  Use an empty (permit anything) import map on the central services
>     VRF and an export map on the other VRFs:
>
>     route-map CS_EXPORT_MAP permit 10
>      set extcommunity rt 1:3 additive
>     !
>     route-map CS_IMPORT_MAP permit 10
>     !
>     ip vrf A
>      rd 1:1
>      route-target both 1:1
>      export map CS_EXPORT_MAP
>     !
>     ip vrf B
>      rd 1:2
>      route-target both 1:2
>      export map CS_EXPORT_MAP
>     !
>     ip vrf Central_Services
>      rd 1:3
>      route-target both 1:3
>      import map CS_IMPORT_MAP
>     !
>
> In my eyes all approaches seem like a lot of work, but I'm leaning
> towards solution 2 because it seems easier to not make mistakes.
>
> An SP from which we buy last-mile in a couple of VRFs have their
> management prefixes leaked out into every VRF and we're looking for
> something similar.
>
> Does anybody know of a smart(er) way of doing this? Are anybody on this
> list using it large scale and are willing to share some experience?
>
> --
> Peter
>
>
>
>
>
> ------------------------------
>
> _______________________________________________
> cisco-nsp mailing list
> cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
>
> End of cisco-nsp Digest, Vol 100, Issue 51
> ******************************************
>

-- 
Matthew Melbourne