Cisco Systems OL-4344-01 manual A Multi-VRF CE Providing Layer 3 Aggregation

Page 11

Chapter 1 About Cisco IP Solution Center

The Customer’s and Provider’s View of the Network

A Multi-VRF CE is unlike a CE in that there is no label exchange, no LDP adjacency, and no labeled packet flow between the PE and the CE. Multi-VRF CE routers use VRF interfaces to form a VLAN-like configuration on the customer side. Each VRF on the Multi-VRF CE router is mapped to a VRF on the PE router.

Figure 1-7illustrates one method in which a Multi-VRF CE can be used. The Multi-VRF CE router associates a specific VRF by the CEs connected to its interfaces and exchanges that information with the PE. Routes are installed in the VRF on the Multi-VRF CE. There also needs to be a routing protocol or a static route that propagates routes from a specific VRF on the Multi-VRF CE to the corresponding VRF on the PE.

Figure 1-7 A Multi-VRF CE Providing Layer 3 Aggregation

CE 1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Service

10.1/16

 

 

 

 

 

 

 

 

Provider

Multi-VRF

 

 

 

 

 

Network

 

 

PE 1

 

CE

T1 line

 

 

 

 

 

 

 

 

MPLS

 

 

 

 

 

 

 

 

 

CE 2

 

 

 

 

 

 

 

 

Core

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Network

 

 

 

 

 

 

 

 

11.1/16

 

 

 

 

 

 

 

 

 

 

 

 

 

 

CE 3

VRF Red

VRF Red

 

 

 

 

 

 

 

 

10.1/24

 

 

 

 

 

 

93165

The Multi-VRF CE feature can segment its LAN traffic by placing each CE with its own IP address space. To differentiate each CE, each interface contains its own IP address space.

When receiving an outbound customer data packet from a directly attached interface, the Multi-VRF CE router performs a route lookup in the VRF that is associated with that site. The specific VRF is determined by the interface or subinterface over which the data packet is received. Support for multiple forwarding tables makes it easy for the Multi-VRF CE router to provide segregation of routing information on a per-VPN basis before the routing information is sent to the PE. The use of a T1 line with multiple point-to-point subinterfaces allows traffic from the Multi-VRF CE router to the PE router to be segmented into each corresponding VRF.

With a Multi-VRF CE, the data path is as follows from the CEs to PE 1 (as shown in Figure 1-7):

1.The Multi-VRF CE learns the VPN Red routes to CE 1 from an interface directly attached to the Multi-VRF CE.

2.The Multi-VRF CE then installs these routes into the VRF on the Multi-VRF CE (VRF Red).

3.PE 1 learns the VPN Red routes to CE 1 from the same VRF Red and installs the routes into VRF Red on PE-1.

Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0

 

OL-4344-01

1-11

 

 

 

Image 11
Contents About Cisco IP Solution Center ISC Network Management Subnet Overview of ISCISC Features Service Provider Network for Vlan ID Management Resource Pools Access Domain AssignedVPN Service Profile-Based Provisioning Features and Functions Provided in Provisioning with ISCRole-Based Access Control Rbac CPE Customer’s View of the Network Customer’s and Provider’s View of the NetworkAbout Multi-VRF CEs About Provider Edge Routers PEsA Multi-VRF CE Providing Layer 3 Aggregation Mapping IPsec Tunnels to Mpls VPNs Using Templates to Customize Configuration FilesUses for the Template Function Auditing Service RequestsVPNs Sharing Sites About Mpls VPNsIntranets and Extranets Characteristics of Mpls VPNsVPN Routing and Forwarding Tables VRFs Ip vrf site2 rd VRF Implementation ConsiderationsRoute Distinguishers and Route Targets Creating a VRF InstanceCE Routing Communities Route Target CommunitiesHub and Spoke Considerations Routing Separation Security Requirements for Mpls VPNsAddress Space and Routing Separation Address Space SeparationHiding the Mpls Core Structure Securing the Routing Protocol Resistance to AttacksLabel Spoofing PE-CE Interface Routing AuthenticationSecuring the Mpls Core Trusted DevicesConnectivity Between VPNs LDP AuthenticationSeparation of CE-PE Links Security Through IP Address Resolution MP-BGP Security FeaturesAPI Functionality Supported North Bound Interface NBIEnsuring VPN Isolation API Approach Distributed Load BalancingNBI Benefits 11 Simple Flat-Based Server Load Balancing Configuration Client tier Four-Tier System ArchitectureControl tier