VRF lite and Catalyst 3750

Answered Question
May 15th, 2009

Hello,

I have two networks (net1 & net2) in one site (Site A) and two networks (net3 & net4) in another site (site B), I want to connect the two sites but by isolating the access so net1 can access net3, and net2 can access net4.

Leased line of 300Mbps will be used to connect the two sites, a backup link will provided as passive line in case of failure of the main line.

I read about VRF lite that can be used to make virtual tables. (example here http://packetlife.net/blog/2009/apr/30/intro-vrf-lite/)

I am thinking to install two 3750 in each site and connect each of the leased lines (main and backup) to each switch.

My question is does the catalyst 3750 support the VRF lite feature? And does the interface support the creation of subinterfaces of dot1q (like if I connected the service provide Giga link to the 3750 switch and create two dot1q sub interfaces each one with two different IP one for VRF-A and one for VRF-B)?

Or do u suggest any other solution?

A brief drawing is attached.

Ahmad

Attachment: 
Correct Answer by cisco_lad2004 about 7 years 9 months ago

Yes it will work with no BGP !

HTH

Sam

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
cisco_lad2004 Fri, 05/15/2009 - 10:11

vrf lite is definitely supported on 12.2(25)SEC2 but I doubt dot1Q subif are.

you can use trunk from provider and have to SVIs terminated in separate VRFs.

HTH

Sam

anasmomo Fri, 05/15/2009 - 10:27

Thank you Sam,

do you mean that i need to configure two VLANs on the WAN link "one for each circuit".

what is the required IOS "Base or service..."?

i dont have MPLS eqperiance, but i only understand the example in the link above"

Is that enough? (like i will create on the first switch VRF for customer A and VRF on the VLAN of the WAN link)?

do i need BGP? or just VRFs and routing protocol like between the VRFs?

Thanks

Ahmad

cisco_lad2004 Fri, 05/15/2009 - 11:03

Ahmad,

full image is c3750-advipservicesk9-mz.122-25.SEC2.bin u need to check if its still supported. in any case it supports vrf lite.

I assume in your drawing. 3560's are really the 3750 where u need vrf lite and the 300Mb is offered over Gigabit Ethernet port ?

I would use BGP (remember route reflectors).

HTH

Sam

anasmomo Fri, 05/15/2009 - 11:22

hi Sam,

yes the 300Mb is offered over Giga Ethernet.

yes i will use the 3750 switches.

why do i need BGP?

i am thinking to use VRF in the switches with ospf

Example:

ip vrf Net1

description Net1

rd 1:1

route-target export 1:1

route-target import 1:1

interface G0/0

description connection to LAN1

no switchport

ip vrf forwarding Net1

ip address 172.16.1.1 255.255.255.0

interface G0/1

switchport mode trunk

description connection to the 300M

interface Vlan111

ip vrf forwarding Net1

ip address 172.16.7.1 255.255.255.0

!

router ospf 1 vrf Net1

network 172.16.1.0 0.0.0.255 area 0

network 172.16.7.0 0.0.0.255 area 0

Anas

cisco_lad2004 Fri, 05/15/2009 - 18:32

Hi Anas

OSPF is fine for PE-CE routing, what about PE-PE ? Unless you will have one PE for primary line and one for backup line.

take a look at this document:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configuration/guide/vrf.html

you also need to decide how you will manage your CPEs (if they are managed by you). One method is to have an additional management vrf.

HTH

Sam

anasmomo Fri, 05/15/2009 - 22:17

Hi Sam,

The provider will just provide layer 2 leased lines to the two location, i will provide the 3750 switches and configure the VRF-lite on it.

so i think the 3750 will work as a PE's and the LAN switches 6509's will work as a CE's.

i am thinking as you suggest to configure the WAN links as a trunks and terminate the the VLANs on separate VRFs on the 3750 switches.

but the confused thing is why do i need BGP in this case.

Thanks and regards,

Anas

cisco_lad2004 Fri, 05/15/2009 - 22:34

configuring trunk, and SVI PE terminated in a vrf is a must. I think you agree on this.

this will take care of routing between CE and PE...but how will routes from CE1 been propagated to CE2 ? you need PE1 to advertise them to PE2, which leads to how will you route between PE1 and PE2.

CE1<-vrf-lite->PE1<---->PE2<-vrf-lite->CE2

as stand corrected, as far as I know you need to have MPLS based VRF between PE1 and PE2 and therefore BGP to carry VPN4 prefixes and this is how I have implemented.

However if you have following setup, u will not need BGP.

CE1-3750A-3750B-3750C-CE2

make 3750-B PE and use 3750A and 3750-C as switching vlan from CE1 to CE2. so 3750-B has routes for both locations withing it vrf table.

HTH

Sam

anasmomo Fri, 05/15/2009 - 22:47

Hi Sam,

i think if i configure BGP then the network will be as a full MPLS.

i think without BGP, the routes from CE's in the two locations will be propagated using OSPF, because OSPF adjacency will be built as follow:

CE(first site)---VRF (3750-1)---VRF of WAN(3750-1)--- VRF of WAN(3750-2)--- VRF (3750-2)--- CE(second site)

Is that right, or the BGP is must configured

Thanks

Ahmad

Actions

This Discussion