1-14
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter1 Overview
Network Configuration Examples
Multi-VRF CE Application
A VPN is a collection of sites sharing a common routing table. A customer site is connected to the
service-provider network by one or more interfaces, and the service provider associates each interface
with a VPN routing table, called a VPN routing/forwarding (VRF) table. Multiple VPN
routing/forwarding (multi-VRF) instances in customer edge (CE) devices (multi-VRF CE) allows a
service provider to support two or more VPNs with overlapping IP addresses.
Multi-VRF CE includes these devices:
Customer edge (CE) devices provide customers access to the service-provider net work over a da ta
link to one or more provider edge routers. The CE device advertises the site’s local routes to the
router and learns the remote VPN routes from the ro uter. The Cisco ME 3400 sw it ch c an be a CE
device.
Provider edge (PE) routers exchange routing information with CE devices by using static routing or
a routing protocol such as BGP, RIPv2, OSPF, or EIGRP. The PE is only required to maintain VPN
routes for directly attached VPNs. It does not need to maintain all of the service-provider VPN
routes. Each PE router maintains a VRF for each of its directly connected sites.
Provider routers or core routers are any routers in t he service provider network that do not attach to
CE devices.
With multi-VRF CE, multiple customers can share one CE, and only one physical link is used between
the CE and the PE. The shared CE maintains separate VRF tables for each customer and switches or
routes packets for each customer based on its own routing table. Multi-VRF CE extends limited PE
functionality to a CE device, giving it the ability to maintain separate VRF tables to extend the privacy
and security of a VPN to the branch office.
Figure 1-3 shows a configuration using Cisco ME 3400 switches as multiple virtual CEs. This scenario
is suited for customers who have low bandwidth requirements for their VPN service, for example, small
companies. In this case, multi-VRF CE support is required in the Cisco ME switches. Because
multi-VRF CE is a Layer 3 feature, each interface in a VRF must be a Layer 3 interface.
Figure1-3 Multiple Virtual CEs
See the “Configuring Multi-VRF CE” section on page 32-59 for more information about Multi-VRF-CE.
VPN 1
VPN 2
VPN 1
VPN 2
CE2PE1 PE2
Service
provider
CE1
CE = Customer-edge device
PE = Provider-edge device
101385