Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
681
Views
0
Helpful
1
Replies

Metro Ethernet VPN via MPLS VRF's

sherwinang
Level 1
Level 1

‎05-04-2006 11:51 PM - edited ‎02-21-2020 12:52 AM

Hello All,

We have deployed VPN's via ethernet and we integrate that via dot1q VLAN's on a subinterface on a GigEthernet. We then make those a member of a specific vrf forwarding VPN for example.

interface GigabitEthernet0/1.101

description VPN-CUST1

encapsulation dot1Q 101

ip vrf forwarding VPN-CUST1

ip address 192.168.125.1 255.255.255.252

ip address 192.168.126.1 255.255.255.252 secondary

no cdp enable

end

The client only wants the Head Office to see the branches, but not branch to branch for commercial and technical reasons eg. viruses/snooping etc. In our ATM subinterfaces, each branch has one subif so each has a different VRF and RD, we then just import the RD to the head office. But with VLAN based branches, we can't do it like this. I hope I had made it clear somehow. The question is, is there any other option to achieve this on a VLAN based subif VPN's? We are thinking of creating a subif VLAN for each branch but what if there are thousand branches, our VLANs will be exhausted easily. Hoping for your insights regarding this.

Thanks!

0 Helpful
1 Reply 1

irisrios
Level 6
Level 6

‎05-11-2006 01:51 PM

The VRF Selection feature removes the association between a VPN and an interface. Before the VRF Selection feature was introduced, the following implementation was used to route outgoing MPLS VPN packets to different destinations:

A policy-based router (PBR) is attached to the customer edge (CE) router.

The egress side of the PBR router side has VLANs connected to a PE.

The PBR router uses a policy-based route map to select the correct output (VLAN) interface and each VLAN is under a specific VRF

http://www.cisco.com/en/US/products/ps6604/products_white_paper09186a00804fbfac.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card