We have an existing network (4 POPS all 7200s) that run MPLS/iBGP and eBGP to IP transit providers - We have a new client that wants to peer with us so that we can provision a large number of vrf's for them without having to have seperate vlan/dot1q interface per-vrf.
Our existing 7200's peering is all utilising our own AS - What is the preferred(i.e. Most "secure") way to peer with this new client so that they only have visibility into there own vrf's?
Would we setup a "private" AS with this client, and have something similiar to:
ip vrf new_client_a
route-target export 1111:1
route-target import 1111:1
maximum routes 256 75
router bgp 1111
neighbor xxx.xxx.xxx.xxx peer-group NEWCLIENT-MPLS-VPN-PEERS
neighbor NEWCLIENT-MPLS-VPN-PEERS send-community extended
neighbor xxx.xxx.xxx.xxx activate
address-family ipv4 vrf new_client_a
encapsulation dot1Q 150
ip vrf forwarding new_client_a
ip address 192.168.1.1 255.255.255.0
Thanks in advance.