I am trying to setup an end-to-end VRF lite implementation, but am constrained by not having access to our Service Provider (SP)-managed PE routers. Our SP does offer us VRF capability (I believe this is as an additional MPLS-VPN rather than via VRF lite), but this comes at an additional cost we cannot currently budget for.
Currently, I've setup two seperate VRF lite domains on two of our MPLS CE routers, and linked these together using a GRE tunnel - the GRE tunnel itself forwards the VRF (ip forward vrf XYZ); but the "tunnel source" and "tunnel destination" are transitted across our default SP-provided VRF.
I've seen plenty of examples online, aimed at SPs, around how to configure the PE-CE router relationship around VRF lite and Multi-CE VRF etcetera - what I'm wondering, is if you are a customer of such a PE-CE VRF setup - as I am - and only have access as far as the MPLS CE router, is it possible to setup a "VRF-over-an-SP-VRF" setup - without needing reconfiguration by your SP?
To clarify, our setup is as follows - with the line below denoting who manages which aspect (Us or the SP):
Switch(es) -[IPv4]-> MPLS CE Router 1 -[IPv4 BGP]-> MPLS -[Dedicated MPLS-VPN/VRF]-> MPLS CE Router 2 -[IPv4]-> Switch(es)
Us Us Service Provider Us Us
So currently, we have:
VLAN Test -[VRF forwarding]-> VRF-lite Test -[GRE transited over default VRF]-> VRF-lite Test [VRF Forwarding]-> VLAN Test
I have tried experimenting to run a "virtual point-to-point BGP" across the default VRF, with the intent of establishing a point-to-point BGP in the "address-family ipv4 vrf TEST" section of the router BGP configuration, but am unsure if this would even work - or if the neighbour lookup in the "address-family" section of the router BGP configuration is done in the VRF it is assigned to, or in the default VRF (router bgp NNNN)?
Would something like this be possible if I used PBR and route-targets/descriptors, to setup the VRF Test to route across the default VRF - or do I need my Service Provider's co-operation to transit a VRF from one point to another?
The Only way I can think of is a GRE-Multipoint implementation using the Cisco (Dynamic Multipoint VPN) - DMVPN.
It should be sufficient for your requirement, use the Search to lookup DMVPN Configuration example and let us know if you have other concern.