Metro Ethernet VPN via MPLS VRF's

sherwinang — Fri, 21 Feb 2020 08:52:46 GMT

Hello All,

We have deployed VPN's via ethernet and we integrate that via dot1q VLAN's on a subinterface on a GigEthernet. We then make those a member of a specific vrf forwarding VPN for example.

interface GigabitEthernet0/1.101

description VPN-CUST1

encapsulation dot1Q 101

ip vrf forwarding VPN-CUST1

ip address 192.168.125.1 255.255.255.252

ip address 192.168.126.1 255.255.255.252 secondary

no cdp enable

end

The client only wants the Head Office to see the branches, but not branch to branch for commercial and technical reasons eg. viruses/snooping etc. In our ATM subinterfaces, each branch has one subif so each has a different VRF and RD, we then just import the RD to the head office. But with VLAN based branches, we can't do it like this. I hope I had made it clear somehow. The question is, is there any other option to achieve this on a VLAN based subif VPN's? We are thinking of creating a subif VLAN for each branch but what if there are thousand branches, our VLANs will be exhausted easily. Hoping for your insights regarding this.

Thanks!

Re: Metro Ethernet VPN via MPLS VRF's

irisrios — Thu, 11 May 2006 20:51:07 GMT

The VRF Selection feature removes the association between a VPN and an interface. Before the VRF Selection feature was introduced, the following implementation was used to route outgoing MPLS VPN packets to different destinations:

A policy-based router (PBR) is attached to the customer edge (CE) router.

The egress side of the PBR router side has VLANs connected to a PE.

The PBR router uses a policy-based route map to select the correct output (VLAN) interface and each VLAN is under a specific VRF

http://www.cisco.com/en/US/products/ps6604/products_white_paper09186a00804fbfac.shtml

topic Re: Metro Ethernet VPN via MPLS VRF's in Network Security

Metro Ethernet VPN via MPLS VRF's

Re: Metro Ethernet VPN via MPLS VRF's