02-27-2012 01:50 AM - edited 03-04-2019 03:26 PM
Hi Pros,
I'm looking for a way to separate 2 or more CE's for reaching each other on the same VRF,
For example if I have a customer VRF (MPLS-VPN L3) which configured with default route to the Internet and many branch offices which are connected to, now the customer wants that each branch could reach the Internet but not to talk with other branches.
thanks ahead,
Talm
02-27-2012 02:42 AM
Hi Talm,
you'd better make the needed changes on the PEs (major re-configuration is needed).
I.e. you create a new VRF for the users which should not connect to other branches while you leave the any-to-any sites in the existing vrf.
Then you play with RT's import/export maps to achieve your goal.
Or you can apply ACLs on the CEs, but that it is not a great idea as it goes against the main idea of MPLS VPNs.
Riccardo
02-27-2012 04:04 AM
Hi Riccardo,
thank you for your replay but if i understand you correct, in this scenario, I will need a VRF for each branch.
BR,
talm
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: