Cisco Systems OL-4344-01 manual VRF Implementation Considerations, Ip vrf site2 rd

Page 17

Chapter 1 About Cisco IP Solution Center

About MPLS VPNs

Figure 1-9 VRFs for Sites in Multiple VPNs

Site 1

 

 

 

Site 4

VPN A

Site 2

VPN B

Site 3

VPN C

ip vrf site1 rd 100:1

route-target export 100:1 route-target import 100:1

ip vrf site2 rd 100:2

route-target export 100:2 route-target import 100:2 route-target import 100:1 route-target export 100:1

Multihop MP-iBGP

PP

PE1

PE2

ip vrf site3 rd 100:3

route-target export 100:2 route-target import 100:2 route-target import 100:3 route-target export 100:3

ip vrf site4 rd 100:4

route-target export 100:3 route-target import 100:3

VRF

for site 1

(100:1)

Site 1 routes Site 2 routes

Site 1

VRF

for site 2

(100:2)

Site 1 routes Site 2 routes Site 3 routes

Site 2

VRF

for site 3

(100:3)

Site 2 routes Site 3 routes Site 4 routes

Site 3

VRF

for site 4

(100:4)

Site 3 routes Site 4 routes

Site 4

28558

VRF Implementation Considerations

When implementing VPNs and VRFs, Cisco recommends you keep the following considerations in mind:

A local VRF interface on a PE is not considered a directly-connected interface in a traditional sense. When you configure, for example, a Fast Ethernet interface on a PE to participate in a particular VRF/VPN, the interface no longer shows up as a directly-connected interface when you issue a show ip route command. To see that interface in a routing table, you must issue a show ip route

vrf vrf_name command.

The global routing table and the per-VRF routing table are independent entities. Cisco IOS commands apply to IP routing in a global routing table context. For example, show ip route, and other EXEC-level show commands—as well as utilities such as ping, traceroute, and telnet—all invoke the services of the Cisco IOS routines that deal with the global IP routing table.

You can issue a standard Telnet command from a CE router to connect to a PE router. However, from that PE, you must issue the following command to connect from the PE to the CE:

telnet CE_RouterName /vrf vrf_name

Similarly, you can utilize the Traceroute and Ping commands in a VRF context.

Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0

 

OL-4344-01

1-17

 

 

 

Image 17
Contents About Cisco IP Solution Center ISC Network Management Subnet Overview of ISCISC Features Service Provider Network for Vlan ID Management Resource Pools Access Domain AssignedVPN Service Profile-Based Provisioning Features and Functions Provided in Provisioning with ISCRole-Based Access Control Rbac CPE Customer’s View of the Network Customer’s and Provider’s View of the NetworkAbout Multi-VRF CEs About Provider Edge Routers PEsA Multi-VRF CE Providing Layer 3 Aggregation Mapping IPsec Tunnels to Mpls VPNs Using Templates to Customize Configuration FilesUses for the Template Function Auditing Service RequestsVPNs Sharing Sites About Mpls VPNsIntranets and Extranets Characteristics of Mpls VPNsVPN Routing and Forwarding Tables VRFs Ip vrf site2 rd VRF Implementation ConsiderationsRoute Distinguishers and Route Targets Creating a VRF InstanceCE Routing Communities Route Target CommunitiesHub and Spoke Considerations Address Space and Routing Separation Security Requirements for Mpls VPNsAddress Space Separation Routing SeparationHiding the Mpls Core Structure Securing the Routing Protocol Resistance to AttacksLabel Spoofing Securing the Mpls Core Routing AuthenticationTrusted Devices PE-CE InterfaceConnectivity Between VPNs LDP AuthenticationSeparation of CE-PE Links Security Through IP Address Resolution MP-BGP Security FeaturesAPI Functionality Supported North Bound Interface NBIEnsuring VPN Isolation API Approach Distributed Load BalancingNBI Benefits 11 Simple Flat-Based Server Load Balancing Configuration Client tier Four-Tier System ArchitectureControl tier