Yes,

If you run ospf in the Customer environment and BGP on the CE router this will work fine.

Then inter-vpn communication goes through the CE router.

I refer to the design in this document:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/vrf.html

HTH,

Regards

Bjornarsb

Hi:

That was very useful info on VRF-Lite.

Thank you very much.

Sincerely.

Hi mate,

You are very welcome!

Please rate if you find my posts helpfull.

BR,

Bjornarsb

I agree with you. I tested the configuration yesterday and VRF-Lite is able ONLY to make traffic isolation, and it seems not possible to merge two or more vrf together with route-target attributes.If you want to use this tecnique, you must run BGP (that is the try i had).I turned on BGP and MPLS and realized MPLS VPN.It's not necessary to have a neighboor bgp up to make Route-target work.

Configure BGP with vpn4 and vrf, and all works.If you want to merge more than one vrf with VRF-Lite, you have to make them in touch with a physical loop (for example with cross cable connected to both vrf) from one vrf to the other.Also Cisco eng told me to use a firewall to be possible to use shared service with VRF-Lite, configuring every VRF in one interface on the firewall and the shared service on DMZ.

Hi,

Very very nice, i've already tested it my self, i enabled MPLS and MBGP and it works fine. With just VRF-Lite, only traffic isolation can be done but no merge of VPNs can be done, its logical as VRF-Lite wasn't invented for this job, it was only invented for converting a CE router into multiple virtual routers each one with its separated routing table, interfaces and routing protocols.

BR,

Mohammed Mahmoud.

Yes , but you still have to

add a route-target export 65001:300

at vrf red and

a route-target export 65001:100

at vrf server

to give full reachability between the two VPNs

BR,

Bjornarsb

hi,

You are totally right, but the whole idea is that it can't be done with just VRF-Lite, you must have MBGP.

HTH,

Mohammed Mahmoud.

Hi,

You can run vrf-lite with BGP.

As you have posted vrf-lite makes

you get separate routing instances.

Another cause why vrf-lite was developed

was that you do not need to run tag-switching between CE and PE.

So you can run BGP for each vrf.

Agree?

BR,

Bjornarsb

Hi,

Yes i totally agree :) VRF-Lite without MBGP (BGP with VPNv4) won't do it, but by having VRF-Lite with MBGP its doable. VRF-Lite alone is only capable of traffic isolation.

BR,

Mohammed Mahmoud.

Why do you need to add those export route-tag?

In vrf red it exports 65001:200 and vrf server has import 65001:200. So vrf server should have all routes imported from vrf red. Same vrf red should have all routes from vrf server.

Hi,

You need an export to 65001:100

so it can import 65001:200. Thats how it works :)

See this example:

http://www.cisco.com/en/US/products/sw/netmgtsw/ps4748/products_user_guide_chapter09186a008019abb3.html#88319

br,

Bjornarsb