[c-nsp] vrf-lite routing

Dan Letkeman danletkeman at gmail.com
Wed Jul 17 21:02:16 EDT 2013


I think it makes more sense to do this based on the equipment they have.

http://packetlife.net/blog/2009/apr/30/intro-vrf-lite/

Get the performance of routing on the 3k switches but the segregation of
VRF-lite if they want it.

Dan.


On Wed, Jul 17, 2013 at 7:45 PM, Dan Letkeman <danletkeman at gmail.com> wrote:

> The current network is routed via EIGRP, but also has a lot of vlan's
> trunked everywhere...its an STP nightmare with various ISP's providing
> service via fiber, and a host of wireless bridges, that are any where from
> 10-40 miles....  My though was to use tunnel's and vrf-lite instead of
> trunking vlan's everywhere, but from what I am hearing, GRE tunnels are not
> going to perform.  I have this working in a test network and it's working
> well.  Other than I have not tried a performance test.
>
> They do want separation on some of the networks, but not all.  I have done
> this in the past with access lists and vlan's but its a pain.  Is there any
> other way to segregate the traffic on routed network?
>
> Ideally they should have a router at each location and not a switch.
>
> Dan.
>
>
> On Wed, Jul 17, 2013 at 1:28 AM, Mattias Gyllenvarg <mattias at gyllenvarg.se
> > wrote:
>
>> Hi Dan
>>
>> Sounds like your getting of on the wrong foot.
>>
>> The 3560 can't do much more then routing and switching. No GRE or MPLS so
>> you are pretty much stuck with trunking.
>>
>> VRFs will only be helpfull with MPLS unless you want VRF-lite (thats VRF
>> that is local to one machine only). Then you still need the trunks and
>> vlans.
>> You can setup the VRFs to talk fairly easily, but why have the separation
>> if you want them to talk?
>>
>> Sound like you should just replace the old machine with the new one.
>>
>> If you should do anything then setup the 3k boxes for dynamic routing so
>> that they simply route the traffic instead of switching it. Then you wont
>> have to add vlans for every new internet customer. But shaping may be
>> harder to do as you dont have the customers interface in your core.
>>
>> //Mattias
>>
>>
>> On Wed, Jul 17, 2013 at 4:12 AM, Dan Letkeman <danletkeman at gmail.com>wrote:
>>
>>> Hello,
>>>
>>> Just wondering if anyone can direct me down the correct path.   I have
>>> been
>>> asked by a friend to help replace an ISR2851 with a new ASR1001.   The
>>> 2851
>>> currently does some route-maps for different networks and a few customers
>>> as well as some shaping.  They want to use the ASR to peer with an ISP
>>> and
>>> I suggested to use tunnel's and VRF's instead of trunking vlan's through
>>> there network to the customers, like they are doing now.
>>>
>>> The network currently consists of mostly 3k switches and either fiber or
>>> wireless trunks to about 45 different locations.  The main goal is to
>>> provide internet to each of the 45 locations each having there own public
>>> ip/range.
>>>
>>> My thought was to create tunnels from the ASR to each of the locations
>>> (each have a 3560 switch) and then to create VRF's on each tunnel and
>>> assign a public IP to each VRF and then advertise those networks into the
>>> global BGP table.
>>>
>>> First time I have done anything like this...Any thoughts?
>>>
>>> Dan.
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>>
>>
>> --
>> *Med Vänliga Hälsningar*
>> *Mattias Gyllenvarg*
>>
>
>


More information about the cisco-nsp mailing list