VPN/VRF Lite Routing

Unanswered Question
Jul 11th, 2011

Hi All,

I am after some advice as to the best way to confugre VRF Lite with Global RT access. I will be installing a Cisco router soon to terminate new VRF customers via PPP, Ethernet etc.

I have a customer who has a dozen or so sites, each with their own /24 internal network. I have the config working fine for routing within the VRF but I want to offer this customer Internet access via Global Routing Table. I understand I can leak the routes via static or BGP, however, what if I get another customer come along who will be using the same subnet within their VRF. For example CustA- is used at one of the sites, what if CustB wants to use for one of their sites?

Little confused at the moment! Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joseph W. Doherty Mon, 07/11/2011 - 02:22


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.



Loopback99 Mon, 07/11/2011 - 23:34

Thanks Joseph. Doesnt sound to scalable though right?

Marwan ALshawi Tue, 07/12/2011 - 00:11

as stated above nating

using VRF aware NAT

have a look at the bellow article i posted on CSC before which might help you to  understand some concepts


Good luck

if hlepful Rate

Loopback99 Tue, 07/12/2011 - 16:09

Thanks marwanshawi.

Am I right in thinking this is a limitation because I am using VRF Lite, and not MPLS L3. If I was running MPLS then I could tag routes and not have to use NAT?


Marwan ALshawi Tue, 07/12/2011 - 21:31

No, MPLS is only a forwarding/switching+labeling mechanism it got nothing to do with NAting and route leaking

the L3VPN (MPBGP) header is used to tag the VRF related routes

in your case you are not using MPGP ( one node ) VRF-Lite is enough

so what you can do is create a BGP in that router and and leake the default route to the VPN VRF tunnels and in the router define a default route to for that VRF to go over the global routing table

this is fo reach VRF

and for each VRF define a NATing with overload to make sure overlapped addresses  can go out to the Internet

good luck

if helpful Rate


Login or Register to take actions

This Discussion

Posted July 11, 2011 at 12:36 AM
Replies:5 Overall Rating:
Views:1118 Votes:0
Tags: bgp, vrf, lite

Related Content


Discussions Leaderboard

Rank Username Points
Giuseppe Larosa
Paolo Bevilacqua
Richard Burts
Jon Marshall
Peter Paluch
Rank Username Points
Jon Marshall
Peter Paluch
Joseph W. Doherty
Leo Laohoo
Vasilii Mikhail...