Shared local services across vrf w/o going into the backbone.

Unanswered Question
Aug 29th, 2007

Looking for a secure yet simple solution to leek an ip over so multiple vrf's can access a pool of printers.

Stipulation

I do not wish to leak host routes into the respective routing tables to accomplish this.

I have the following remote office setup

1 Global routing table Native employee access etc

2 vrf Guest Internet

3 vrf Business Partner

Customer has 1 pool of printers in the employee network that both vrfs wish to get to.

Cusomer has a fax server on the BP vrf that employee's wish to access.

Remote office is standard 2800 series router with 3560 wg switches

wan setup is vrf lite with gre tunnels per vrf

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
swaroop.potdar Wed, 08/29/2007 - 08:22

In this scenario I believe you must have configured Vrf lite on your central site CE router.

To achieve what you need, you will have to enable standalone MPBGP so it can be done in a simple and effective way.

Once MPBGP is enabled its a matter of import and export of routes using the route targets with the aid of import-maps ( to allow only specific services like the printers routes to be imported into the guest/partner vrf;s.

Enabling MPBGP will not affect your setup in any adverse manner as its just standalone and used locally, even though you may have upstream connectivity through your CE to the MPLS cloud and this would not go into the backbone any way as well.

Also to make things more granular, you can recommend to the customer to use, different VRF's for each segment. For Eg:

1) VRF for Internal (employees)

2) VRF for Guests

3) VRF for Partners

4) VRF for Services ( Printers, specific servers etc)

This way you can lay a good foundation for future expansion and requirements.

HTH-Cheers,

Swaroop

Actions

This Discussion