Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

MPLS VPN shared service

Hello:

I am working a solution with customers with shared services over MPLS VPN, but the problem is that traffic initiated from shared services, and customer could access those shared services as well.

Considering ip address conflict issue, It seems to me that it will be better to translate customer ip addresses.

does anyone have any good ideas?

thx

1 REPLY

Re: MPLS VPN shared service

Generally a transalation service is deployed for such a scenario.

Like you can implement a VRF Aware NAT gateway between the Shared Service and the Customers. Place this gateway close to the source i:e the Hosted or Shared Service location.

And then you can try natting the user IP address to a IANA reserved public range. As these IP's wont be used by your customer ever. And you can have a clear NAT.

ALso you need to implement all your routing control via imports exports on the NAT GW.

Points to be careful about are:

a) scalability of the hardware being used for natting.

b) routing control between shared service and customer only via the NAT GW.

c) Using totally unique IP transaltion for the RFC 1918 range of IP's.

HTH-Cheers,

Swaroop

116
Views
4
Helpful
1
Replies