I have Head office and Branch offices connected using MPLS VPN. It is not fully meshed, It is Hub & Spoke Topology
Now I am able communicate between branch offices and Headoffices.
But I want communication between Branch offices thru Head office (Not direct connection between Branch offices). I want to configure ACLS in Headoffice CE Router to block/allow some traffic between branchoffices.
I am aware that in Point-point Hub & spoke topology, it is possible. But in MPLS how it has to be done. The reason for raising this point is, When Traffic is destined from Branch-1 CE Router to Branch-2 CE Router, it get routed in
PE-3 Router itself and not via Head Office CE Router.
Then how to achieve this. Please help
It won't because the traffic is MPLS switched up to the CE.
The PE will have a CEF entry with an outgoing interface associated to the VPN label so there is not lookup in the VRF routing table.