Reverse route entry in global table for internet access to a VRF over PPPoE

Unanswered Question
Sep 27th, 2011
User Badges:

Dear people I m trying to configure VRF+Internet access for a DSL/PPPoE user.

Normaly internet access to a VRF is simple:

1. in the VRF there should be a default route to a global IP; this is done by useing the key word "global" in the vrf route statement:

"ip route vrf CUST global".

2. For the reverse path, a global route entry for an IP inside the VRF pointing back to a interface within the VRF:

"ip route Fa0/0"

The problem with the PPPoE is that when the reverse route entry is passed to the NAS via a RADIUS server it gets ignored.

There is no issue with the NAS or RADIUS config or syntax becouse the same command is affective if the "ip vrf forwarding" command is not issued for the PPPoE session.

I would apreciate if some one has some idea or hint for that.

PLS forgive me if this is not the aproperiate platform for such a question.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
saeedkhalid Mon, 10/03/2011 - 00:27
User Badges:

Unforunately I couldnt get an straight solution even from CISCO. Opened a TAC case and got the reply that its simply not supported as yet on PPPoE.

Well I had a work around: It involves three modems instead of one at the customer end.

use the primary ADSL modem as a L2 bridge b/w ATM and Ethernet. then I used two seperate broadband routers with ethernet WAN port to dial the PPPoE connections to the NAS. Configured one account in the VRF and the other in the normal global routing instance.

So in fact had two PPPoE connections over the same ADSL line.

1.     Configure the primary ADSL modem in bridge mode

2.     Connect two secondary broadband routers (ones that have ethernet WAN) to the LAN of the ADSL router.(No IPs required)

3.     On both secondary routers configure dial out useing respective accounts to the NAS/RAS

4.     On the radiuse configure one account as a normal broadband(use this for the Internet) and the other as part of a vrf.

alanssie Tue, 10/04/2011 - 01:05
User Badges:
  • Cisco Employee,

Hi Saeed

To me the above is a pretty expensive workaround 3 modems instead of one can hardly be called a workaround, but

rather a very expensive redesign and I doubt anybody in the TAC would even dare recommend this.

I wonder how many customer  you have but in total I guess  you increased the cost 3times and added additional

points of failures in your network, not sure if this is something your Boss would agree with.

I wonder if it would not be more easy for you to order a CPE with 2 ADSL2+ card and one connecting to internet

via pppoe1 and another to private via ppppoe2.

On the routing I suppose that you have only a few static routes

Another solution using ONE CPE with ONE ADSL is to open a l2tp tunnel on CPE via Virtual-PPP on LNS moving

this incoming L2TP session received via the VRF in global, this would mean that the traffic hitting the vitual-ppp at the CPE would end up in the global routing via L2tp and  "private traffic" would stay in the vrf

Anyway I see that you opened a TAC case for your "redesign" so another lesson might be that TAC do not do design of network but that we have specialized department for this. After all you do not ask the garage owner to redesign your car either.


saeedkhalid Tue, 10/04/2011 - 05:30
User Badges:

Yes dear Alain u r right in that the cost has  increased but the limitation is the single physical line. the other solution is good but the current CPE is not supporting L2 tunnel.

And I think u missunderstood me on the design; What I meant was a feed back for the need of this feature to your design team not TAC. (dont you have any internal communication channel or doesnt the design team takes feed back from TAC ? there always is).

and on the lighter side of things:

It depends on the ability and capacity of the garage ...............

alanssie Tue, 10/04/2011 - 06:31
User Badges:
  • Cisco Employee,

Hi Saeed

In the case you do not have the possibility of opening l2tp on a router, you can still try form the applicaiton

(os like win or linux) can ope a l2tp directly, it adds on the header, but you can reduce the mss

I think it will still be cheaper than having 3 modems

On the point of the design, you are completely right, I was just saying the same to one of the manager



This Discussion