cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
869
Views
0
Helpful
8
Replies

MPLS Internet Access as overlapping VPN

Haris P
Level 4
Level 4

Dears ,

What's the best way of providing internet access to MPLS VPN customer sites using Overlapping VPN .

That's my Internet gateway is connected as a CE router to MPLS VPN and then I want some customer to given their VPN access + Internet access by using overlapping VPN model . Is there is any technotes available

Regards

Haris

8 Replies 8

Mohamed Sobair
Level 7
Level 7

Haris,

Overlapping VPN is a VPN Category not a VPN model as VPN Models are 2 types:

1- Overlay VPN model

2- Peer to peer model.

you can provide Internet for customers using two ways:-

1- classic Inrternet access: (seperate logical interface or subinterface or PVC for intenet access.

2- a dedicated VRF instance for Internet access.

Both have advantages and disadvantages, the advantage of (1) is scalability while its not secured.

the advantage of (2) is does increas security but it doesnt scale enough.

choosing either one that suites with the requirment of the provider.

Regards,

Mohamed

Dear Mohammed ,

Thanks for your reply

1. classical internet access is not feasible with me as It includes some cost with me with my telco

2. I created a dedicated vrf for internet . But my scenario is that I have one vrf for customer VPN and another one for internet access . How can I give both internet + VPN access to customer . I have only one logical interface for the customer .

Regards,

Haris

In this case you can have only single VRF, since you have only one logical interface for that customer.

you can announce a default route to the customer within the same VRF.

In the PE, you could use the (IP route vrf (name) 0.0.0.0 0.0.0.0 next-hop Global) command.

Regards,

Mohamed

Dear Mohammed ,

Thanks one again .

The Problem with this method is that it's not secure .Also in my case my customer is connecting through DSL ( Virtual interface ) and the route-leaking is not working fine with DSL . That's why I want to try with overlapping VPN

Regards

Haris

Dears ,

I designed an alternative way for doing internet access for one of my MPLS VPN customer . Please Suggest on the design .

Regards,

Haris

Hi Haris,

I am not sure it is the best internet access design for your customers.

Mr. Harold could guide you for the ideal one.

Regards,

Dears ,

I fix my Issue of internet access over MPLS VPN . I use the same design as given in the above attached diagram . I did a cross ethernet cable from internet router to PE-router and created vlan sub-interface for each VPN and routed the internet traffic through this

Regards

Haris

Mohamed Sobair
Level 7
Level 7

Haris,

I have one suggestion, since you have only one logical interface for the customer.

The suggestion is (VRF Selection based on Source address).

Once VRF selection on based On Source configured, a lookup is performed to find the destination of the targeted VRF. and once the targeted VRF found, the lookup is performed on CEF vrf table , and another lookup is performed on the global CEF table.

This is the only way you can differenciate between 2 VRFs within the same logical interface.

Pls have alook at the bellow link for more details:

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/vrfselec.html

HTH

Mohamed