[c-nsp] Inserting a default route into a MPLS/VPN pointing out of the VRF

Mon, 19 Oct 2009 14:54:38 -0700

I'm having to rush a MPLS/VPN into service this week. Certain customers will connect into this MPLS/VPN on PEs facing L2 switches with sub-ints in the correct VRF, MLPPP bundles, direct connect to PEs, etc (lots of variety down the road). Simple so far. The majority of the traffic will exit our network out another PE at a peering point across our network, exiting out another interface also assigned to the same VRF. Still simple. I'm doing similar things today to support our data center and some other L3VPNs. Easy stuff.
The problem that I'm faced with is figuring out how to insert a default route into that MPLS/VPN. I do this today with the data center VRFs with the assistance of a FWSM in our core. I insert a default route pointed to the backside of the customer's context on the FWSM; that route is a static in the VRF. The FWSM bridges the gap between my MPLS/VPN and my default VRF quite nicely. However in this situation I can't use the FWSMs. I need to extract traffic from the VRF for the private network and out into the default VRF on my core where I keep my Internet routes. Longest-match will take care of the MPLS/VPN routes to properly route traffic to my peer. Everything else needs to get out of the VRF and to the Internet. 


At my main POP I'm planning on inserting 2 default routes, 1 from each 
core router with different weights.  My daul core routers are homed to 
both of my border routers.  Here's the simplified topology:



BR1   BR2
|  \/  |
|  /\  |
| /  \ |
P1----P2----PE1--Peer
|      |
|      |
PE2     PE3
|      |
CE1    CE2

There are more Ps and PEs but this gets the general idea across.


I've come across route-leaking examples but they all require me to point 
traffic to an outward-facing interface.  Ie, I can't just point the 
default route to a specific upstream-facing interface.  Is there another 
way?  I can't see a solution with importing routes at the route-target 
level.  Can I point it to a loopback outside of the VRF?


http://www.cisco.com/en/US/tech/tk436/tk832/technologies_configuration_example09186a0080231a3e.shtml


This is probably a simple process but I haven't had to do it before 
without the FWSM which made it trivially easy.  What simple solution 
have I overlooked and will kick myself for missing later?


Thanks
 Justin
_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/






















					Reply via email to