VPN/VRF Lite Routing

Unanswered Question
Jul 11th, 2011
User Badges:

Hi All,

I am after some advice as to the best way to confugre VRF Lite with Global RT access. I will be installing a Cisco router soon to terminate new VRF customers via PPP, Ethernet etc.

I have a customer who has a dozen or so sites, each with their own /24 internal network. I have the config working fine for routing within the VRF but I want to offer this customer Internet access via Global Routing Table. I understand I can leak the routes via static or BGP, however, what if I get another customer come along who will be using the same subnet within their VRF. For example CustA- is used at one of the sites, what if CustB wants to use for one of their sites?

Little confused at the moment! Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joseph W. Doherty Mon, 07/11/2011 - 02:22
User Badges:
  • Super Bronze, 10000 points or more


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.



Loopback99 Mon, 07/11/2011 - 23:34
User Badges:

Thanks Joseph. Doesnt sound to scalable though right?

Marwan ALshawi Tue, 07/12/2011 - 00:11
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

as stated above nating

using VRF aware NAT

have a look at the bellow article i posted on CSC before which might help you to  understand some concepts


Good luck

if hlepful Rate

Loopback99 Tue, 07/12/2011 - 16:09
User Badges:

Thanks marwanshawi.

Am I right in thinking this is a limitation because I am using VRF Lite, and not MPLS L3. If I was running MPLS then I could tag routes and not have to use NAT?


Marwan ALshawi Tue, 07/12/2011 - 21:31
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

No, MPLS is only a forwarding/switching+labeling mechanism it got nothing to do with NAting and route leaking

the L3VPN (MPBGP) header is used to tag the VRF related routes

in your case you are not using MPGP ( one node ) VRF-Lite is enough

so what you can do is create a BGP in that router and and leake the default route to the VPN VRF tunnels and in the router define a default route to for that VRF to go over the global routing table

this is fo reach VRF

and for each VRF define a NATing with overload to make sure overlapped addresses  can go out to the Internet

good luck

if helpful Rate


This Discussion

Related Content