Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3352
Views
6
Helpful
10
Replies

Customer with Overlapping IPs talking to DC

Go to solution
Ahmed Shahzad
Level 1
Level 1

‎12-16-2010 04:49 PM

Hi,

There is a scenario in which MPLS customers with overlapping IP addresses would like to access a shared resource in the Data Center. How this could be possible in MPLS?

Best Regards,
Shahzad.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Atif Awan
Cisco Employee
Cisco Employee
In response to Ahmed Shahzad

‎12-19-2010 05:37 AM 

mshahzad@hotmail.com
Thanks Guys for your responses.
The issue is with the return traffic of customer having overlapping IP addresses.
Does anyone have a reference to design and configuration document which would cover this requirement, may be using NAT?
Cheers,
Ahmed Shahzad 
Think green - keep it on the screen.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

NAT is the usual solution for this. NAT can be done on your PE or on an external device (such as a firewall) that interconnects MPLS domain with the shared services infrastructure. Following white paper on NAT with MPLS will provide you with enough information on how to do VRF-aware NAT:

http://www.cisco.com/en/US/partner/tech/tk648/tk361/technologies_white_paper09186a0080b40929.shtml

Atif

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Mahesh Gohil
Level 7
Level 7

‎12-16-2010 06:22 PM

Hi shahzad,

You can not achieve this because you will have common vrf for all the customer for this kind

of service.

You need separate ip schema for shared service.

Like most of the providers provide their own ip to customer for video conference, managed access, voip service etc.

You can define your own ip scheme of live public ip's (it will be within mpls domain so no need to take ip from registry)

which will ensure that it will not be used by customer and you will ensure uniqueness (like i do 13.0.0.0/16)

Hope this helps

Regards

Mahesh

0 Helpful

Go to solution
Ahmed Shahzad
Level 1
Level 1
In response to Mahesh Gohil

‎12-16-2010 06:34 PM

Hi Mahesh,

Thanks for your response.

I have a public IP address scheme for my shared resources, but I am concerned about the overlapping IPs from the client VPN. When I would important the client VPNs into shared VPN then how the overlapping address would be covered?

Best Regards,
Shahzad.    

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Ahmed Shahzad

‎12-16-2010 08:22 PM

Shahzad,

You can use different VPNs/VRFs for each customer with overlapping IP address. This address is part of the VPN-IPv4 address family, which is a BGP address family added as an extension to the BGP protocol. In VPN-IPv4 addresses, a value that identifies the VPN, called a route distinguisher, is prefixed to the IPv4 address, providing an address that uniquely identifies a IPv4 address.

HTH

Reza

0 Helpful

Go to solution
Ahmed Shahzad
Level 1
Level 1
In response to Reza Sharifi

‎12-16-2010 08:28 PM

Thanks Reza,

My questions is that how do we can allow access to shared services from multiple MPLS VPNs. Please note that multiple MPLS VPNs have the overlapping IP address. For example Customer A has 10.0.0.0/16 and Customer B has 10.0.0.0/16, and they both want to access shared resource on subnet 146.178.210.0/24. This shared resource is hosted by MPLS provider, and is hosting application like NMS.

Best Regards,
Shahzad.

0 Helpful

Go to solution
Luc De Ghein
Cisco Employee
Cisco Employee
In response to Ahmed Shahzad

‎12-16-2010 11:40 PM

Hi Shahzad,


Have you considered NAT?

You could have NAT runnng inside one VRF to make the shared access with overlapping IP addresses possible.

Thanks,

Luc

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Ahmed Shahzad

‎12-17-2010 05:58 AM

Shahzad,

That is one of the benefit of the MPLS/VPM, so you can have overlapping IP address.

So, in your case you need  a VRF for customer A and a VRF for customer B and each have 10.0/16 IP segments. Now, you can create a shared VRF for 146.178.210.0/24 and call it "shared" and then import from customer A and customer B to this "shared" VRF, so they can access the resources they need.

HTH

Reza

0 Helpful

Go to solution
JoeKeegan3
Level 1
Level 1
In response to Reza Sharifi

‎12-17-2010 06:30 AM

Hi Raza,

I think the issue with that approach would be the return traffic. When the return packet is routed back to the customer how would the network know which customer to route back too if both are using the same source addresses?

I agree with Luc, that NAT, while not ideal is the way to solve this issue.

Best,

Joe

Go to solution
Ahmed Shahzad
Level 1
Level 1
In response to JoeKeegan3

‎12-17-2010 09:19 PM

Thanks Guys for your responses.

The issue is with the return traffic of customer having overlapping IP addresses.

Does anyone have a reference to design and configuration document which would cover this requirement, may be using NAT?

Cheers,

Ahmed Shahzad

Think green - keep it on the screen.

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

0 Helpful

Go to solution
Atif Awan
Cisco Employee
Cisco Employee
In response to Ahmed Shahzad

‎12-19-2010 05:37 AM 

mshahzad@hotmail.com
Thanks Guys for your responses.
The issue is with the return traffic of customer having overlapping IP addresses.
Does anyone have a reference to design and configuration document which would cover this requirement, may be using NAT?
Cheers,
Ahmed Shahzad 
Think green - keep it on the screen.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

NAT is the usual solution for this. NAT can be done on your PE or on an external device (such as a firewall) that interconnects MPLS domain with the shared services infrastructure. Following white paper on NAT with MPLS will provide you with enough information on how to do VRF-aware NAT:

http://www.cisco.com/en/US/partner/tech/tk648/tk361/technologies_white_paper09186a0080b40929.shtml

Atif

0 Helpful

Go to solution
Ahmed Shahzad
Level 1
Level 1
In response to Atif Awan

‎12-19-2010 02:59 PM

Thanks guys for your support.

Best Regards,

Ahmed Shahzad.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents