I have gone through a couple of white papers on deploying hub and spoke over MPLS VPN. While the use of two different RTs make sense to me, I am not sure why you would need two different (physical or logical) interfaces to the hub CE.
I have heard it's because of split horizon/whether or not you propagate a default route/automatic route filtering on the VRF. Can anyone elaborate on what the logic behind this is? More specifically, what scenario would itapply to (all spokes connected to different PE... etc etc). Thanks.
What I wanted to know was the reason why two logical (or may be physical) circuits are needed in an MPLS hub and spoke situation. I have listed a couple of reasons that I can think of, but I have not been able to get any definitive answer as to why the two circuits (and VRFs for that matter).
Generally for hub and spoke topologies, the PE needs to act as the hub while the CEs are the spokes defaulting back to the central PE. There are a nos of reasons why this may be so. if you tell us a bit more detail, it may be obvious why this is so. What protocol and network are you running? OSPF? with a hub and spoke i would imagine its a frame relay network, does it have a subinterface, point to point or point to multipoint interface? or is it a non-broadcast network where for every interface, the LSU packet must be replicated for each pvc configured. Tell me a bit more please
You are correct about building the the hub and spoke with different RT's. All the remote locations export with Rt 1:1 and import Rt 1:2 and the central location imports RT 1:1 and export RT 1:2. But now you will get in to a problem when two CEs are on the same PE. For these CEs it is possible to communicate with each other before going to the central location. This is because they are in the same VRF.
You can use different RD per access line, but this can be hard in your administration and can give some long troubleshooting hours.
I think that what you mean is that there is an upstream connection on one interface and a down stream connection on the other interface. Dont ask me how to do this
It is correct that VPN us a kind of split horizon one the import a router they do not export it again. If you want remote locations to be able to reach each other you need to have a default route pointing to the central location. All routing will no go via the default route to the central location. The central location takes care that the remote locations can reach each other. This is not done on the PE.
But Cisco has a nice solution for your problem; this is called half-duplex VRF. It does what you want (as far as I understand your question)