Question was not about PE-CE communications, everything is fine there.

To be more specific - I dont see any bonuses having two routing tables on CE box, meaning - global and VRF. All customer traffic is inside one VRF or all in global table (all respective interfaces on PE are in VRF in that case).

Question is about PE configuration - how to configure redundant/resilent VRF/global communications on PE boxes?

One option (seems attractive) is to import global prefixes from all customers requiring internet connectivity into one specific VPN (mini-internet :) ), and then run some IGP between interface inside that VPN and global interface on another box (dot1q subinterfaces in all cases). Any pros/cons ?

Hi Andris,

I did not mean to have a VRF on the CE. The CE would have both PVCs in the global routing table - his ONLY routing table in fact. One PVC would be used to announce routes into the customer specific VPN (VRF configured on the PE). The other PVC would allow for internet access through the PE (global IP routing table on the PE).

dot1q will be ok as well.

This way the CE can be a normal BGP peer to the PE, i.e. there is no MPLS VPN involved here. This allows all options of customer-ISP connectivity.

Example:

PE config:

interface Serial0/0

encapsulation frame-relay

interface Serial0/0.1 point-to-point

description customer VPN access

ip vrf customer

ip address 10.1.1.1 255.255.255.252

interface Serial0/0.2 point-to-point

description customer Internet access

ip address 192.168.1.1 255.255.255.252

router rip

address-family ipv4 vrf customer

version 2

network 10.0.0.0

no auto-summary

redistribute bgp 65000 metric 5

router bgp 65000

neighbor 192.168.1.2 remote-as 65001

address-family ipv4 vrf customer

redistribute rip

CE config:

interface Serial0/0

encapsulation frame-relay

interface Serial0.1 point-to-point

description VPN access

ip address 10.1.1.2 255.255.255.252

interface Serial0.2 point-to-point

description Internet access

ip address 192.168.1.2 255.255.255.252

router bgp 65001

neighbor 192.168.1.1 remote-as 65000

router rip

version 2

network 10.0.0.0

no auto-summary

Of course you can replace RIP with whatever is suitable for you. And don´t sue me when you do not apply required BGP filters for internet access... ;-)

The other option ("mini internet") would be feasible as well. Just make sure your BGP filters are NEVER messed up and additionally apply a limit on the numbers of prefixes in your VRF mini-internet.

Regards

Martin

Wondering if this would help. Importing IPv4 prefixes into VRF. Two things

a) only 5 such VRFs supported per Router

b) Not how default route would react.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s25/fs_bgivt.htm.

This feature sounds good, only thing - it works in only one direction - to import global prefixes into VRF, so that solves only smallest half of problem.

Any ideas how to do same thing vice-versa ? Export prefixes from VRF to global ?

I assume you want it for backup floating routes to kick in, in which case you can use object tracking and remove the static routes so that backup routes can kick in and change the global routing table.

Exactly, you got the idea.

About scripts - you mean some non-IOS based stuff? I havent had much experience with object tracking, but as far as I know - tracking itself isnt able to to any actions, just track state of some specified objects and you have to combine it with some kind of process to do some actions based on tracking results. I hope I'm right with that :)

It'd be really nice if you give some more specific info (http links, for example), where I could find addtional details about stuff you are talking about?

This should get you started off for object tracking.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123limit/123x/123xe/dbackupx.htm

I found Cisco document describing that solution. Agree, it's quite intersting and it was something new for me, but it involves quite a lot of pain to implement, and I'm not sure if SAA is compatible with VRF.

I think I'll pass this one :(

Yeah always knew this was a pain. But i have never heard of Vrf to Global routing table which is what you want. And also to add, SAA is compatible with VRF. Just add VRF name in the Probe config

I think there is a simple option.

The global default route that you add, make the next hop to some remote gateway router (not the actual next hop) and let CEF do the NH resolution dynamically.

Hope this helps,let me know if it does,Thanks...

Pushing traffic from VRF to global isnt a problem, task is to dynamically push traffic from global to VRF at several (primary+backup) points.

OK, I guess best I can do is dot1q subinterfaces with some IGP between boxes. That suits my requirements :)