[c-nsp] MPLS L3VPN Hub and Spoke
Gerald K.
gerald at ax.tc
Tue Mar 22 13:29:39 EDT 2016
Am 17.03.2016 um 15:46 schrieb Mohammad Khalil:
> Dears
> I have 100 branch and 1 HQ for a customer
> The proposed MPLS L3VPN
> What am seeking is to control spoke to spoke communication
> i.e. no communication for the spoke except with the hub , even if I wanted the spoke to communicate with another spoke it should be through the hub site
> I have one VRF configured
As already suggested by others, create an additional VRF to distinguish
between upstream and downstream traffic and use the "Half Duplex VRF"
feature.
We've done this with ~150 branches to route all traffic among the spokes
through a ASA firewall connected to the hub in the data centre.
Maybe there could also exist a solution with DMVPN. But because HD VRF
was much easier to implement in our environment I haven't follow any
approach in this regard.
--
Gerald
More information about the cisco-nsp
mailing list