Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

iBGP peering with client

Hi,

We have an existing network (4 POPS all 7200s) that run MPLS/iBGP and eBGP to IP transit providers - We have a new client that wants to peer with us so that we can provision a large number of vrf's for them without having to have seperate vlan/dot1q interface per-vrf.

Our existing 7200's peering is all utilising our own AS - What is the preferred(i.e. Most "secure") way to peer with this new client so that they only have visibility into there own vrf's?

Would we setup a "private" AS with this client, and have something similiar to:

ip vrf new_client_a
rd 1111:1
route-target export 1111:1
route-target import 1111:1
maximum routes 256 75

router bgp 1111
neighbor xxx.xxx.xxx.xxx peer-group NEWCLIENT-MPLS-VPN-PEERS

address-family vpnv4
neighbor NEWCLIENT-MPLS-VPN-PEERS send-community extended
neighbor xxx.xxx.xxx.xxx activate

address-family ipv4 vrf new_client_a
redistribute connected
redistribute static
default-information originate
...

interface Port-channel1.150
description new_client_a_tail
encapsulation dot1Q 150
ip vrf forwarding new_client_a
ip address 192.168.1.1 255.255.255.0

Thanks in advance.

Everyone's tags (4)
308
Views
0
Helpful
0
Replies
CreatePlease to create content