[c-nsp] VRF-Lite between PE

Maile Halatuituia maile.halatuituia at tcc.to
Mon Oct 24 18:09:56 EDT 2016


James
Thanks, yes you right like i mention i believe without the mpls, it is not ideal.
Bit i manage to figure it out the way you mention i guess.
Here is my attempt.
1. I use L2 failover between the PE with HSRP on some VLAN on one PE as priority and some on other VLAN on the other PE this is to make sute that both PE beign used instead on one just sitting there doing nothing.

2. I connect my two LINK router to each PE with two connection each, for my Primary Link router i use higher same ospf cost on both connection to my PE's, and from my Secondary Link Router is use lower same ospf cost to each link to my PE's. In addition to that i also use higher metric on my Primary Link router ospf than my secondary therefore its default route should always injected to my two INTERNET vrf's on each PE.

3. Then from my Two Internet VRF on both PE i distribute it to all VRF on each PE therefore all departments reach internet.

4. The last bith is that from my scenario now the route injection only happen if the Primary Link Router in down or link to it is down. However if the internet link is down i have figure out a way to still inject the route back to the PE's instead of just stuck in it.
I guess i 'm gonna use route-map on ospf default-information instead or maybe someone would suggest something else.


I hope this also make sense ....
________________________________________
From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> on behalf of James Bensley <jwbensley at gmail.com>
Sent: Tuesday, October 25, 2016 9:38 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] VRF-Lite between PE

> From: Maile Halatuituia
> Sent: Thursday, October 20, 2016 9:35 AM
> To: cisco-nsp at puck.nether.net
> Subject: VRF-Lite between PE
>
>
> Hi
>
>
> I have this scenario.
>
>
> CUSTOMER -------- PE1 ----------- PE2 --------CUSTOMER
>                                     |                    |
>
>
>                                     |                    |
>                             Primary                Secondary
>                                 LINK                    LINK
>
> My situation is that my PE L3 Switch router does not support MPLS.
>
> I also want to use VRF to differentiate my customer departments.
>
> The main goal is that if Primary link to internet fails, internet traffic goes automatically to Secondary Link.
>
> OSPF with in VRF on both PE1 to get the default route from the two Internet router then distribute that to the two Primary and Secondary VRF so that it can import to departments VRF. Therefore they can reach internet.
>
> I have two issues
>
>
> 1. I want to connect the two LINK router to both the PE for redundancy if any PE and a LINK Router fails. I assume i will include the second link to my ospf at the moment but not sure how i will use cost or set it up so that it will fail over.
>
>
> 2. Secondary is it possible if  VRF A on PE2 recieves routes from VRF A on PE1 after create it with same  rd on both PE. Or maybe that's the function for mpls but i dont have that in my PE.

Your set-up is not ideal.

One option ('m not saying it’s the best) is that you can run layer 2
VLANs between your PEs for each VRF and run OSPF instances inside each
VRF. If you use different RDs on your PEs and use RTs to manage route
imports/exports you can have multiple customer VRFs and export the
default route from your upstream Internet providers into your customer
VRFs (route leaking).

You would end up with lots of VLANs stretched around but it would “work”.


Cheers,
James.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.
Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.


More information about the cisco-nsp mailing list