VPN/VRF Lite Routing

Unanswered Question
Jul 11th, 2011

Hi All,

I am after some advice as to the best way to confugre VRF Lite with Global RT access. I will be installing a Cisco router soon to terminate new VRF customers via PPP, Ethernet etc.

I have a customer who has a dozen or so sites, each with their own /24 internal network. I have the config working fine for routing within the VRF but I want to offer this customer Internet access via Global Routing Table. I understand I can leak the routes via static or BGP, however, what if I get another customer come along who will be using the same subnet within their VRF. For example CustA- is used at one of the sites, what if CustB wants to use for one of their sites?

Little confused at the moment! Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joseph W. Doherty Mon, 07/11/2011 - 02:22


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.



Loopback99 Tue, 07/12/2011 - 16:09

Thanks marwanshawi.

Am I right in thinking this is a limitation because I am using VRF Lite, and not MPLS L3. If I was running MPLS then I could tag routes and not have to use NAT?


Marwan ALshawi Tue, 07/12/2011 - 21:31

No, MPLS is only a forwarding/switching+labeling mechanism it got nothing to do with NAting and route leaking

the L3VPN (MPBGP) header is used to tag the VRF related routes

in your case you are not using MPGP ( one node ) VRF-Lite is enough

so what you can do is create a BGP in that router and and leake the default route to the VPN VRF tunnels and in the router define a default route to for that VRF to go over the global routing table

this is fo reach VRF

and for each VRF define a NATing with overload to make sure overlapped addresses  can go out to the Internet

good luck

if helpful Rate


This Discussion

Related Content