cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
855
Views
0
Helpful
9
Replies

MPLS: Need to send internal routes to CE router

johnny.schultz
Level 1
Level 1

In our implementation of MPLS, we have a PE-PE connection to our provider (multiple VRFs) and our customers have a CE-PE connection to our same provider. We need to send routes to our CE routers so they can reach an internal server instead of just their other locations. I was told to create another VRF, but wasn't sure of the details to get this accomplished. Any help would be appreciated. Thanks.

2 Accepted Solutions

Accepted Solutions

Laurent Aubert
Cisco Employee
Cisco Employee

Hi,

On the PE connected to your server, you need to create a VRF and import the RT of the routes sent by your CEs.

Also you need to export the server IP address with a RT which needs to be imported by all the PEs connected to your CEs.

HTH

Laurent.

View solution in original post

Thanks Johnny for all these clarification !!

I assume your server must also be reachable from the Internet which is already in the GRT.

What you can do is to use a route-map which will match the traffic to your CEs and use your VRF to forward it:

route-map VRF permit 10

match ip address 101

set vrf

!

access-list 101 permit ip host

!

interface X/Y

ip policy route-map VRF

!

If your server is directly connected to your PE (sharing same subnet), you can use the following command instead of the static route:

interface X/Y

ip vrf receive

!

This command will install the subnet in the VRF RIB in addition to the GRT and will be automatically exported

Follow this link for more details:

http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_vpn_vrf_select_rt.html#wp1059821

Let me know if it helps

Laurent.

View solution in original post

9 Replies 9

Laurent Aubert
Cisco Employee
Cisco Employee

Hi,

On the PE connected to your server, you need to create a VRF and import the RT of the routes sent by your CEs.

Also you need to export the server IP address with a RT which needs to be imported by all the PEs connected to your CEs.

HTH

Laurent.

Besides exporting the RT on the VRF, what else do I need to do in order to get the CE router? If you could point me to some configuration examples, that would be great as well. Thanks.

I have attached the relevant configuration of our PE router connecting to our provider which has a PE router as well. Our provider then provides a T1 to our customers with separate VRFs. I still cannot resolve the routing from our network to their network. I need to import a route from our customer's VRF (GCF01) into our VRF (AND01) and then put some routes into the global routing table so that we have connectivity to their network and vice versa. Any help would be apprecaited. Thanks.

Hi Johnny,

I'm not sure to completely understand.

You have your customer CEs connected to Sprint PEs and you have your own CEs connected to your PEs right ?

Or the resource you want your customer CE to join is on the GRT on your side ?

A drawing of who needs to talk to who and where they belong to (VRF or GRT) would also help.

Thanks

Laurent.

Yes, we have customer CEs connected to Sprint PEs, but we have a PE-PE connection to Sprint (DS3). Yes, the resource we want our customers to join is on the GRT on our side. We can ping our CE router by doing a ping vrf x.x.x.x, but just not by pinging through the GRT.

Here is a basic drawing:

|--Sprint --|--(us)-------------|

CE---PE-------PE--PE---P--P--Internet

|

Servers

(servers are connected to us in case the spaces are missing from the lines)

In the above drawing, CE routers need to receive routes to our servers and we need to be able to reach the CEs internally. GCF01 is our customer's VRF. AND01 is our own VRF which I was trying to use to bring our customer's routes into our network. In our PE-PE connection with Sprint, we do an MP-BGP session and get routes for each customer. I just need to bring those routes into our network. I hope that answers your questions and thanks for helping.

-Johnny

After further troubleshooting, I found that packets are getting to the internal network, but there is no return route on our PE router. The route back to the customer is only on the VRF routing table and not in the GRT so packets can't get back. The part that I'm missing is getting a GRT entry to point to a next hop on the VRF table. I have attached a basic network drawing.

Thanks Johnny for all these clarification !!

I assume your server must also be reachable from the Internet which is already in the GRT.

What you can do is to use a route-map which will match the traffic to your CEs and use your VRF to forward it:

route-map VRF permit 10

match ip address 101

set vrf

!

access-list 101 permit ip host

!

interface X/Y

ip policy route-map VRF

!

If your server is directly connected to your PE (sharing same subnet), you can use the following command instead of the static route:

interface X/Y

ip vrf receive

!

This command will install the subnet in the VRF RIB in addition to the GRT and will be automatically exported

Follow this link for more details:

http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_vpn_vrf_select_rt.html#wp1059821

Let me know if it helps

Laurent.

Excellent, that worked just fine. Thanks for that suggestion. For some reason I am dropping every other ping, but I will follow up with my provider on that one. It looks like I will have to do this for each VRF/customer that we bring on. One follow up question would be is this:

If we provide internet access to our CEs by sending a default route, is the route map still the best design?

Thanks again.

-Johnny

It depends of the return path from the server.

If the return path uses the internet to reach out the CE then you don't need the route-map anymore as you are not using the VRF to join the CE. It means the CEs have an internet access

In this case, it also means you don't need the vrf anymore on your PE (except if you have CE connected to this PE)

HTH

Laurent.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: