I am trying to setup an end-to-end VRF lite implementation, but am constrained by not having access to our Service Provider (SP)-managed PE routers. Our SP does offer us VRF capability (I believe this is as an additional MPLS-VPN rather than via VRF lite), but this comes at an additional cost we cannot currently budget for.
Currently, I've setup two seperate VRF lite domains on two of our MPLS CE routers, and linked these together using a GRE tunnel - the GRE tunnel itself forwards the VRF (ip forward vrf XYZ); but the "tunnel source" and "tunnel destination" are transitted across our default SP-provided VRF.
I've seen plenty of examples online, aimed at SPs, around how to configure the PE-CE router relationship around VRF lite and Multi-CE VRF etcetera - what I'm wondering, is if you are a customer of such a PE-CE VRF setup - as I am - and only have access as far as the MPLS CE router, is it possible to setup a "VRF-over-an-SP-VRF" setup - without needing reconfiguration by your SP?
To clarify, our setup is as follows - with the line below denoting who manages which aspect (Us or the SP):
Switch(es) -[IPv4]-> MPLS CE Router 1 -[IPv4 BGP]-> MPLS -[Dedicated MPLS-VPN/VRF]-> MPLS CE Router 2 -[IPv4]-> Switch(es)
Us Us Service Provider Us Us
So currently, we have:
VLAN Test -[VRF forwarding]-> VRF-lite Test -[GRE transited over default VRF]-> VRF-lite Test [VRF Forwarding]-> VLAN Test
I have tried experimenting to run a "virtual point-to-point BGP" across the default VRF, with the intent of establishing a point-to-point BGP in the "address-family ipv4 vrf TEST" section of the router BGP configuration, but am unsure if this would even work - or if the neighbour lookup in the "address-family" section of the router BGP configuration is done in the VRF it is assigned to, or in the default VRF (router bgp NNNN)?
Would something like this be possible if I used PBR and route-targets/descriptors, to setup the VRF Test to route across the default VRF - or do I need my Service Provider's co-operation to transit a VRF from one point to another?
You Can surely Setup end-to-end VRF-Lite without the intervention of the Service Provider, you ust need to have a VRF sets over a GRE Tunnel for example. Over this VRF, you Can run what ever routing protocol of your choice depending on your requirement.
This is exactly what we have already done - setup a GRE tunnel to interconnect two VRF-lite implementations; with the GRE itself routed over the "default VRF" (Service Provider MPLS-VPN), and then forwarding our localised VRF-lite implementations to each other.
However, what I'm wondering is if we can extend this to be a point-to-multipoint implementation - where three or more sites can all inter-communicate using localised VRF-lite implementations. Is there a way of doing this without the GRE (i.e. a "VRF inside a VRF" - our VRF on top of the SP MPLS-VPN VRF), or of creating a point-to-multipoint GRE?
Introduction: The "external-out enable" command is available for
configuration under the "router ospf process" in case of the IOS-XR
operating system. This command basically enables advertisement of
intra-area routes on the device as external routes in th...
IntroductionIn this article we'll discuss how to troubleshoot packet
loss in the asr9000 and specifically understanding the NP drop counters,
what they mean and what you can do to mitigate them. This document will
be an ongoing effort to improve troublesh...