Have one question about VRF aware NAT for internet access! If we will enable the VRF aware NAT on local PE to have an internet access via centeral Internet PE then we will not have connectivity to any other VPN site as all local CE prefixes will be translated to the loopback IP address of the local PE.
We can have route map which will match the ACL for specific CE source to specific VPN destination with deny key word and it will prevent the NAT when CE will try to communicate with other CE of same VPN or different VPN. That looks longer configuration in real world right! so is that the only way I have when I will have only one option to configure the locap PE with VRF aware NAT to gain internet access?
I need to know what is the implement in real world? How service provider networks are providing internet access with MPLS VPN option? I know about customer is getting VPN connectivity on one router and service provider will give other internet connectivity link which might be terminating on same router or other router.
We are using the vrf nat where the customer demands the firewall services. For implementing this we are advertising a default route and vrf nat is used per VPN basics.This is the rate services in case of whole sale.
Actual implementation; we are creating a INTERNET VRF which is having a default route; In customer vrf the RT of internet route is imported and vrf is able to get the default route. For reverse traffic a ipv4 route is added at the PE towards customer interface.
So I guess you have the central internet PE where you have the internet routes. and if customer need the internet access with VPN then you are generating default route and importing that default route with the help of RT in that customer VRF! Right! so whe are you performing NAT? at the central internet PE?
There is no requirement for nating. Because INTERNET is vrf and we are simpling leaking the route in global.
Actually internet vrf is having a default route pointing in the global routing table. When ever the rt of INTERNET vrf is being imported by any CE Vrf that vrf gets default route with vpn label pointing towards the PE which is advertising the default route. WHen the traffic reached to that PE the vrf traffic converted to ip traffic and moves out. For reverse path we are announcing customer prefixes in the global routing table pointing towards customer end.
This document is an early notification of a behaviour change that will be introduced in IOS XR release 6.5.
IOS XR configuration principles relevant for this article are:
On router platforms all interfaces must be by defaul...
With XR 4.2.0 the ASR9000 is releasing a new line of hardware models. This amongst others is the RSP440, the next generation RSP with faster switch fabric along with Typhoon based Linecards, the next generation network processor.
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on Application ...