Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4294
Views
9
Helpful
5
Replies

Multi-VRF and VLAN Transparency (L2 VLAN)

oguarisco
Level 3
Level 3

‎10-21-2009 04:15 AM - edited ‎03-06-2019 08:13 AM

Dear all,

we are considering to create a Multi-VRF architecture on a network based of 2xMain Offices and 7xBranches which are attached to an ISP using a single VLAN L2 to interconnect the customer's CPE.

CPE on the Main Offices are Cat3750 and on the branches are ISR Router and all are doing routing between the inside LAN and the ISP LAN.

Which feature can you advice me to use since the ISP LAN connection is a pure L2 (single broadcast domain) for implementing a Multi-VRF architecture on top of this L2 ISP connection without modifying anything on the ISP's side?...802.1QinQ?

CPE on the main Offices are Cat3750 switches and on the branch offices are ISR Router

Labels:
0 Helpful
5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-21-2009 06:32 AM

Hello Omar,

the question is ISP provides a service that can carry Vlan-ids that is 802.1Q tagged frames.

So if the ISP service is port based you may simply deploy multiple Vlans between locations.

if yes you can even split logically the ISP LAN in N Vlans one for global routing table and one for each VRF you are going to create.

if the ISP provides you a service based on frames with a specific Vlan-tag id, ideally you would need 802.1Q in Q tunneling that is supported on C3750.

I'm not sure that ISR routers can do it.

in 12.4 mainline LAN switching configuration guide 802.1Q tunneling is not mentioned not among unsupported features not among supported features no guidelines for its configuration are reported.

see

http://www.cisco.com/en/US/partner/docs/ios/lanswitch/configuration/guide/12_4/lsw_12_4_bk.html

or

http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/12_4/lsw_12_4_bk.html

You may find that ISR can use L2TPv3 services to carry multiple Vlans over an IP (L2tPv3) tunnel but this may be not supported on C3750.

Again ISR routers could use GRE tunnels for carrying different VRFs traffic but again this is out of discussion with C3750.

unless your C3750 are metroethernet C3750 ME that hay some more features.

Hope to help

Giuseppe

oguarisco
Level 3
Level 3
In response to Giuseppe Larosa

‎10-21-2009 02:50 PM

Ciao Giuseppe,

grazie mille per le utili info!!!

As far as I know(we are waiting for detailed explanation of this L2 solution) the ISP is calling this service "VLAN Transparency" and it should be based on a L2 cloud with L2 transparent links so basically I suppose that the CPE ethernet port where is connected the customer component has to be in access mode...or maybe in dynamic mode (but i can't imagine that ISP are not setting the port mode :-( ).

Supposing that we won't change this ISP L2 cloud but implmenting a Multi-VRF solution on top of this what technology you suggest? 802.1QinQ won't be possible until the ISP gives me a trunk port with at least a VLAN ID that span on all the L2 cloud

Basically the best idea would be to change the Cat3750 with two ISR so that we'll have the same network component on all the offices and on top of the L2 transparent cloud build a GRE-Tunnel infrastructure per VRF? But this means since we've 9 offices in a broadcast environment => 8 tunnel for each router for each VRF entity...isn't it?

Thanks for you help

Omar

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to oguarisco

‎10-21-2009 11:19 PM

Hello Omar,

if you add two ISR routers you can think of using MPLS and MPLS VPN can be carried within MPLS frames.

this would avoid the need of dedicated tunnel interfaces for each VRF.

But requires you to deploy MP-BGP with address-family vpnv4 and VRFs.

see

http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_cfg_layer3_vpn_ps6350_TSD_Products_Configuration_Guide_Chapter.html

Or you may consider to use DMVPN to have a multipoint GRE tunnel for each VRF instead of 8 point-to-point GRE tunnel for each VRF.

Hope to help

Giuseppe

0 Helpful

oguarisco
Level 3
Level 3
In response to Giuseppe Larosa

‎10-22-2009 01:35 AM

Hello Giuseppe,

Thanks for the useful information infact thinking about it the GRE tunnel setup fully meshed per VRF doesn't scale!!! It would be best a Hub-n-spoke setup.

but using MPLS means I've to change the connection with the ISP from Ethernet VLAN Trasparency to a MLPS one isn'it?

Sorry for asking such a question but I've only a few experience in Service Provider architecture since i'm coming form the Campus and Data center environment ;-)

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to oguarisco

‎10-22-2009 02:29 AM

Hello Omar,

>> but using MPLS means I've to change the connection with the ISP from Ethernet VLAN Trasparency to a MLPS one isn'it?

No, I'm suggesting to enable MPLS on your routers using the current service.

Be aware of an issue you can face with this solution:

MTU problems

an MPLS VPN packet will travel with an additional 4 bytes MPLS label on the SP network.

you should ask your SP to check max MTU and eventually to increase it.

Apart from this this solution provides the best scalability.

Anothe possible option could be MPLS L3 VPN over L2TPv3 tunnels but not sure it is supported on your devices.

Or mapping each VRF over a DMVPN.

These two approaches could overcome MTU problems if SP cannot provide extended MTU.

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card