cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
388
Views
4
Helpful
1
Replies

MPLS VPN shared service

mike
Level 1
Level 1

Hello:

I am working a solution with customers with shared services over MPLS VPN, but the problem is that traffic initiated from shared services, and customer could access those shared services as well.

Considering ip address conflict issue, It seems to me that it will be better to translate customer ip addresses.

does anyone have any good ideas?

thx

1 Reply 1

swaroop.potdar
Level 7
Level 7

Generally a transalation service is deployed for such a scenario.

Like you can implement a VRF Aware NAT gateway between the Shared Service and the Customers. Place this gateway close to the source i:e the Hosted or Shared Service location.

And then you can try natting the user IP address to a IANA reserved public range. As these IP's wont be used by your customer ever. And you can have a clear NAT.

ALso you need to implement all your routing control via imports exports on the NAT GW.

Points to be careful about are:

a) scalability of the hardware being used for natting.

b) routing control between shared service and customer only via the NAT GW.

c) Using totally unique IP transaltion for the RFC 1918 range of IP's.

HTH-Cheers,

Swaroop

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: