Classification:Public
Hi Team,
Have a basic question on Traditional Central Services Topology in MPLS VPN
Network in SP.. We want all the traffic between to be filtered by firewall
hooked to HUB PE.
Basically thought to go ahead with below (Basic and standard !) import-export
policy.
* Client sites will reach server sites. Importing routes with Server_RT
into client VRFs will achieve this goal.
* Server sites will reach client sites. All client routes will be
exported with a common route target (let's call it Client_RT) and will be
imported into server VRFs based on this route target.
* Client sites will not communicate. Routes exported with Client_RT
will not be imported into client VRFs.
HUB-PE
| |
| |
SPOKE PE1 SPOKE PE2
Question: Have also seen comments in forum like. The best practice for this
Hub and Spoke is to use TWO VRF in Hub site - "From-Spoke" and "To-Spoke"
Any benefit we can get from this 2 VRF in HUB. Hope the design I proposed also
will not cause the traffic between spoke to be hair pinned from the HUB VRF as
the traffic will be switched using per-prefix label
In last hop of HUB PE (we are not using per-vrf-table label ofcouse !). Running
ASR9K's.
Any thoughts would be great.
Thanks !
This email is classified as Public by Harivishnu Abhilash
Disclaimer: This electronic message and all contents contain information from
Mannai Corporation which may be privileged, confidential or otherwise protected
from discloser. The information is intended to be for the addressee only. If
you are not addressee, any disclosure, copy, distribution or use of the
contents of this message is prohibited. If you have received this electronic
message in error please notify the sender immediately and destroy the original
and all copies.
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
