32-59
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter32 Configuring IP Unicast Routing Configuring Multi-VRF CE
Configuring Multi-VRF CE
Virtual Private Networks (VPNs) provide a secure way for customers to share bandwidth over an ISP
backbone network. A VPN is a collection of sites sharing a common routing table. A customer site is
connected to the service-provider network by one or mor e interfa ces, an d the ser vice pro vider associat es
each interface with a VPN routing table, called a VPN routing/forwarding (VRF) table.
The switch supports multiple VPN routing/forwarding (multi-VRF) instances in customer edge (CE)
devices (multi-VRF CE). Multi-VRF CE allows a service provider to support two or more VPNs with
overlapping IP addresses.
Note The switch does not use Multiprotocol Label Switching (MPLS) to support VPNs. For information about
MPLS VRF, refer to the Cisco IOS Switching Services Configuration Guide, Release 12.2.
These sections contain this information:
Understanding Multi-VRF CE, page 32-59
Default Multi-VRF CE Configuration, page 32-61
Multi-VRF CE Configuration Guidelines, page 32-61
Configuring VRFs, page 32-62
Configuring a VPN Routing Session, page 32-63
Configuring BGP PE to CE Routing Sessions, page 32-64
Multi-VRF CE Configuration Example, page 32-64
Displaying Multi-VRF CE Status, page 32-68

Understanding Multi-VRF CE

Multi-VRF CE is a feature that allows a service provider to support two or more VPNs, where IP
addresses can be overlapped among the VPNs. Multi-VRF CE uses input interfa ces to distinguish routes
for different VPNs and forms virtual packet-forwarding tables by assoc iat ing on e or more L aye r 3
interfaces with each VRF. Interfaces in a VRF can be either physical, such as Ethernet ports, or logical,
such as VLAN SVIs, but an interface cannot belong to more than one VRF at any time.
Note Multi-VRF CE interfaces must be Layer 3 interfaces.
Multi-VRF CE includes these devices:
Customer edge (CE) devices provide customers access to the service-provider network over a data
link to one or more provider edge routers. The CE device advertises the site’s local routes to the
router and learns the remote VPN routes from it. The Cisc o ME 3 400 sw itch c an b e a CE.
Provider edge (PE) routers exchange routing information with CE devices by using sta tic routing or
a routing protocol such as BGP, RIPv2, OSPF, or EIGRP. The PE is only required to maintain VPN
routes for those VPNs to which it is directly attached, eliminating the need for the PE to maintain
all of the service-provider VPN routes. Each PE router maintains a VRF for each of its directly
connected sites. Multiple interfaces on a PE router can be associated wi th a sing le VRF if all of these