Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Routing between 2 CEs on same PE

I would like to build a dedicated VPN to manage all CEs on my network. All CEs should be connected only to my NOC CE (where is my all NMS), and conversatins between CEs cannot occour.

I my lab, I test this environment, but allways all CEs connected on same PE can connect.

I need to know if anyone experienced this situation and how to fix it.

Thank's

4 REPLIES
New Member

Re: Routing between 2 CEs on same PE

I guess you are looking at a hub & spoke MPLS-VPN solution where the NOC-hub should communicate with all CEs, but the CEs (spokes) should not communicate with each other.

You may have to manipulate the route targets to achieve this.

Refer to http://www.cisco.com/en/US/products/sw/netmgtsw/ps2327/products_maintenance_guide_chapter09186a0080088092.html#xtocid29

for more details

Cisco Employee

Re: Routing between 2 CEs on same PE

Hi there, The title and the description are not in sync. I am confused as what you are looking for. Route-maps make route manipulation really flexible. Forward your topo and configs if you still want a solution.

best regards,

Gopal

Re: Routing between 2 CEs on same PE

Hello Jose,

In your case, the best topology would be a hub and spoke MPLS VPN, where the spokes cannot see each other. For this route-targets should be manipulated.

Consider central site X, remote CE sites A and B.

On the PE For the 2 sites, A and B, you would be creating two VRFs for each site. say VPN_A and VPN_B.

ip vrf VPN_A

rd 10:1

route-target export 100:1

route-target import 200:1

ip vrf VPN_B

rd 20:1

route-target export 300:1

route-target import 200:1

On the PE For the NOC CE,

ip vrf VPN_NOC

rd 30:1

route-target export 200:1

route-target import 100:1

route-target import 300:1

This should isolate the VPN connection from each CE to NOC CE. Individual CEs wont see each other in this case.

Re: Routing between 2 CEs on same PE

Hi, the best solution would be to setup managed router service (a central service like VPN topology) The idea is: have a separate NMS vrf and import only the loopback IPs from the managed CEs. Mark those routes through a route-map with an additional RT and import it in vrf NMS. mark your NMS networks with another RT and export the routes.

In case you need an example config, let me know.

kind regards

Martin

197
Views
0
Helpful
4
Replies
CreatePlease login to create content