[c-nsp] vrf-lite routing

Dan Letkeman danletkeman at gmail.com
Wed Jul 17 20:45:33 EDT 2013

The current network is routed via EIGRP, but also has a lot of vlan's
trunked everywhere...its an STP nightmare with various ISP's providing
service via fiber, and a host of wireless bridges, that are any where from
10-40 miles....  My though was to use tunnel's and vrf-lite instead of
trunking vlan's everywhere, but from what I am hearing, GRE tunnels are not
going to perform.  I have this working in a test network and it's working
well.  Other than I have not tried a performance test.

They do want separation on some of the networks, but not all.  I have done
this in the past with access lists and vlan's but its a pain.  Is there any
other way to segregate the traffic on routed network?

Ideally they should have a router at each location and not a switch.


On Wed, Jul 17, 2013 at 1:28 AM, Mattias Gyllenvarg
<mattias at gyllenvarg.se>wrote:

> Hi Dan
> Sounds like your getting of on the wrong foot.
> The 3560 can't do much more then routing and switching. No GRE or MPLS so
> you are pretty much stuck with trunking.
> VRFs will only be helpfull with MPLS unless you want VRF-lite (thats VRF
> that is local to one machine only). Then you still need the trunks and
> vlans.
> You can setup the VRFs to talk fairly easily, but why have the separation
> if you want them to talk?
> Sound like you should just replace the old machine with the new one.
> If you should do anything then setup the 3k boxes for dynamic routing so
> that they simply route the traffic instead of switching it. Then you wont
> have to add vlans for every new internet customer. But shaping may be
> harder to do as you dont have the customers interface in your core.
> //Mattias
> On Wed, Jul 17, 2013 at 4:12 AM, Dan Letkeman <danletkeman at gmail.com>wrote:
>> Hello,
>> Just wondering if anyone can direct me down the correct path.   I have
>> been
>> asked by a friend to help replace an ISR2851 with a new ASR1001.   The
>> 2851
>> currently does some route-maps for different networks and a few customers
>> as well as some shaping.  They want to use the ASR to peer with an ISP and
>> I suggested to use tunnel's and VRF's instead of trunking vlan's through
>> there network to the customers, like they are doing now.
>> The network currently consists of mostly 3k switches and either fiber or
>> wireless trunks to about 45 different locations.  The main goal is to
>> provide internet to each of the 45 locations each having there own public
>> ip/range.
>> My thought was to create tunnels from the ASR to each of the locations
>> (each have a 3560 switch) and then to create VRF's on each tunnel and
>> assign a public IP to each VRF and then advertise those networks into the
>> global BGP table.
>> First time I have done anything like this...Any thoughts?
>> Dan.
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> --
> *Med Vänliga Hälsningar*
> *Mattias Gyllenvarg*

More information about the cisco-nsp mailing list