cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

474
Views
0
Helpful
2
Replies
Highlighted
Beginner

PBR within the same VRF with MPLS

We manage a campus MPLS network comprised of Cisco 76xx routers as my "P" devices.  Attached to the MPLS core are several PE devices (Cisco 6509 VSS pairs).  I have a single VRF named "students" that exists across all my PE devices.  Across this "students" VRF I have some addresses that are public and some that are private.  When any "students" VRF traffic hits my enterprise edge PE device, I need to policy route this traffic to either (A) the firewall for NAT'ing the private addresses or (B) for public addresses just route directly to the Internet (around the firewalls).  My challenge is that this traffic enters the enterprise edge PE via an MPLS interface.  Can I put a policy on an MPLS interface for this?  This is a production environment so I can't just throw it on and see if it works.  I also can't really find any definitive documentation on exactly how to do this. 

I appreciate any help with this matter.

Marc

Everyone's tags (5)
2 REPLIES 2

PBR within the same VRF with MPLS

can you perform the NAT at the Edge 6509 PE instead of the firewall ? if yes,  you can use in this case VRF-aware NAT

below is a simple example

https://sites.google.com/site/amitsciscozone/home/mpls/vrf-aware-nat

you can use ACL/route map to match the source addresses to be NAT ( which is the private in your case )

hope this help

Beginner

PBR within the same VRF with MPLS

Unfortunately NAT is not an option on our Edge-PE devices.  Corp policy dictates the use of the firewalls for NAT in this case.  Besides, we really do not wish to perform NAT on our PE devices.

CreatePlease to create content
Content for Community-Ad