×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VRF lite and Catalyst 3750

Answered Question
May 15th, 2009
User Badges:


Hello,


I have two networks (net1 & net2) in one site (Site A) and two networks (net3 & net4) in another site (site B), I want to connect the two sites but by isolating the access so net1 can access net3, and net2 can access net4.

Leased line of 300Mbps will be used to connect the two sites, a backup link will provided as passive line in case of failure of the main line.

I read about VRF lite that can be used to make virtual tables. (example here http://packetlife.net/blog/2009/apr/30/intro-vrf-lite/)

I am thinking to install two 3750 in each site and connect each of the leased lines (main and backup) to each switch.


My question is does the catalyst 3750 support the VRF lite feature? And does the interface support the creation of subinterfaces of dot1q (like if I connected the service provide Giga link to the 3750 switch and create two dot1q sub interfaces each one with two different IP one for VRF-A and one for VRF-B)?

Or do u suggest any other solution?

A brief drawing is attached.


Ahmad



Attachment: 
Correct Answer by cisco_lad2004 about 8 years 3 months ago

Yes it will work with no BGP !


HTH


Sam

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
cisco_lad2004 Fri, 05/15/2009 - 10:11
User Badges:
  • Gold, 750 points or more

vrf lite is definitely supported on 12.2(25)SEC2 but I doubt dot1Q subif are.


you can use trunk from provider and have to SVIs terminated in separate VRFs.


HTH


Sam

anasmomo Fri, 05/15/2009 - 10:27
User Badges:

Thank you Sam,

do you mean that i need to configure two VLANs on the WAN link "one for each circuit".

what is the required IOS "Base or service..."?

i dont have MPLS eqperiance, but i only understand the example in the link above"

Is that enough? (like i will create on the first switch VRF for customer A and VRF on the VLAN of the WAN link)?


do i need BGP? or just VRFs and routing protocol like between the VRFs?




Thanks

Ahmad


cisco_lad2004 Fri, 05/15/2009 - 11:03
User Badges:
  • Gold, 750 points or more

Ahmad,


full image is c3750-advipservicesk9-mz.122-25.SEC2.bin u need to check if its still supported. in any case it supports vrf lite.


I assume in your drawing. 3560's are really the 3750 where u need vrf lite and the 300Mb is offered over Gigabit Ethernet port ?


I would use BGP (remember route reflectors).


HTH


Sam

anasmomo Fri, 05/15/2009 - 11:22
User Badges:

hi Sam,

yes the 300Mb is offered over Giga Ethernet.


yes i will use the 3750 switches.


why do i need BGP?

i am thinking to use VRF in the switches with ospf



Example:


ip vrf Net1

description Net1

rd 1:1

route-target export 1:1

route-target import 1:1



interface G0/0

description connection to LAN1

no switchport

ip vrf forwarding Net1

ip address 172.16.1.1 255.255.255.0


interface G0/1

switchport mode trunk

description connection to the 300M


interface Vlan111

ip vrf forwarding Net1

ip address 172.16.7.1 255.255.255.0

!

router ospf 1 vrf Net1

network 172.16.1.0 0.0.0.255 area 0

network 172.16.7.0 0.0.0.255 area 0




Anas

cisco_lad2004 Fri, 05/15/2009 - 18:32
User Badges:
  • Gold, 750 points or more

Hi Anas


OSPF is fine for PE-CE routing, what about PE-PE ? Unless you will have one PE for primary line and one for backup line.


take a look at this document:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configuration/guide/vrf.html


you also need to decide how you will manage your CPEs (if they are managed by you). One method is to have an additional management vrf.


HTH


Sam

anasmomo Fri, 05/15/2009 - 22:17
User Badges:

Hi Sam,

The provider will just provide layer 2 leased lines to the two location, i will provide the 3750 switches and configure the VRF-lite on it.

so i think the 3750 will work as a PE's and the LAN switches 6509's will work as a CE's.

i am thinking as you suggest to configure the WAN links as a trunks and terminate the the VLANs on separate VRFs on the 3750 switches.

but the confused thing is why do i need BGP in this case.


Thanks and regards,

Anas

cisco_lad2004 Fri, 05/15/2009 - 22:34
User Badges:
  • Gold, 750 points or more

configuring trunk, and SVI PE terminated in a vrf is a must. I think you agree on this.

this will take care of routing between CE and PE...but how will routes from CE1 been propagated to CE2 ? you need PE1 to advertise them to PE2, which leads to how will you route between PE1 and PE2.

CE1<-vrf-lite->PE1<---->PE2<-vrf-lite->CE2


as stand corrected, as far as I know you need to have MPLS based VRF between PE1 and PE2 and therefore BGP to carry VPN4 prefixes and this is how I have implemented.


However if you have following setup, u will not need BGP.


CE1-3750A-3750B-3750C-CE2


make 3750-B PE and use 3750A and 3750-C as switching vlan from CE1 to CE2. so 3750-B has routes for both locations withing it vrf table.


HTH


Sam

anasmomo Fri, 05/15/2009 - 22:47
User Badges:

Hi Sam,

i think if i configure BGP then the network will be as a full MPLS.

i think without BGP, the routes from CE's in the two locations will be propagated using OSPF, because OSPF adjacency will be built as follow:

CE(first site)---VRF (3750-1)---VRF of WAN(3750-1)--- VRF of WAN(3750-2)--- VRF (3750-2)--- CE(second site)

Is that right, or the BGP is must configured

Thanks

Ahmad


Correct Answer
cisco_lad2004 Sat, 05/16/2009 - 00:31
User Badges:
  • Gold, 750 points or more

Yes it will work with no BGP !


HTH


Sam

Actions

This Discussion