[c-nsp] One PE router, one customer, several sites
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Wed Aug 8 03:55:31 EDT 2018
> Dear Colleagues,
>
> If a customer's several sites are connected to the same PE router,
> but to different interfaces, which is the recommended practice,
> assuming that all these sites must be reachable from one another:
>
> 1. Place all the interfaces into the same VRF.
>
> 2. Place each site into a separate VRF and set up route import/export between the VRFs.
>
> Thanks in advance for any input.
It all depends on your VPN routing policy. If you want all sites to freely communicate between each other, put all of them into the same VRF. If you need to restrict communication (like forcing traffic to a central site/hub), use different VRFs with an appropriate import/export policy.
Using different VRFs with an unrestricted import/export policy is IMHO a waste of resources, but your mileage might vary.
oli
More information about the cisco-nsp
mailing list