[c-nsp] MPLS Routing with PBR
Curtis Piehler
cpiehler2 at gmail.com
Thu Jun 9 14:35:21 EDT 2016
I have quite a scenario here that we are working on testing in the lab but
wanted to know if anyone has experience in this.
In this scenario there are a few PE routers (ASR9K) connected to each other
with a "firewall" connecting to one of the PE routers. Two different PE
routers have a customer router connected to them. All the PE routers are
talking MPLS, LDP and BGP exchaning labels. The customer is in their own
and has a VRF on all the PE routers so the PE routers are VRF aware.
We attach an ACE to the ingress interface of the PE that the firewall
connects to that matches on some sources and destinations setting a vrf
nexthop of an interface hanging off of another PE router in the network.
If the packet ends up traversing PE routers that are VRF aware of the
customer on it's way to that final PE router will the in between PE routers
pop the labels and subject the packet to normal VPNV4 routing table instead
of just label switching entirely to the final PE router?
The orignating PE router where the firewall is connecting to has a nexthop
of the final PE router (not the in between routers).
Thanks
Curtis
More information about the cisco-nsp
mailing list