RE: static global routes (internet access from a VPN)

From: Koen Zeilstra (koen@koenzeilstra.com)
Date: Fri Mar 23 2007 - 03:52:17 ART

• Next message: Jerome Dolphin: "Re: new subscriber to the list"
• Previous message: Ben Zheng: "monitor the buffer usage"
• Maybe in reply to: Koen Zeilstra: "static global routes (internet access from a VPN)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

And where exactly should the return traffic go back into the VRF? On this
central internet PE or at all the PE's that have CE's connected. In the
latter case on each PE you need a global route for the customer subnet
pointing toward a VRF enabled interface.

What if the question states, only use 1 static route?

-----------------------
Van Roy's Law:
        An unbreakable toy is useful for breaking other toys.

On Thu, 22 Mar 2007 laidlaw@consecro.com wrote:

| you need a route in the global routing table for the CE subnet so the
| traffic can go into the vrf.
|
| something like
|
| ip route 150.100.1.0 255.255.255.0 int f 0/0
| or
| ip route 150.100.2.0 255.255.255.0 150.100.1.2
|
|
|
| > -------- Original Message --------
| > Subject: static global routes (internet access from a VPN)
| > From: Koen Zeilstra <koen@koenzeilstra.com>
| > Date: Thu, March 22, 2007 4:30 am
| > To: ccielab@groupstudy.com
| >
| > Hi group,
| >
| > I am having trouble grasping some parts of the global route topic.
| >
| > On a PE which connects to a internet router I have configured the
| > following
| >
| > PE1
| > ip vrf INTERNETACCESS
| > rd 11:1
| > route-target export 11:1
| > route-target import <all other customers>
| > !
| > int f0/0
| > descr *** to internet
| > ip address 150.100.1.1 255.255.255.0
| > !
| > ip route vrf INTERNETACCESS 0.0.0.0 0.0.0.0 150.100.1.254 f0/0 global
| > !
| >
| > The static gets advertised in the BGP ipv4 vrf INTERNETACCESSaddress
| > family and is visble via vpnv4 advertisements in all VPN's that need
| > internet access.
| >
| > My question is: how does the return traffic go back into a VRF?
| >
| > I see the traffic hit the internet host and the traffic is returned on the
| > ethernet link (which is in the global table). However the PE1 device
| > cannot route the traffic back into the VRF. What am I missing here?
| >
| > See also:
| > http://www.cisco.com/warp/public/105/internet_access_mpls_vpn.html#table2
| >
| > thanks in advance for your help!
| >
| > Cheers,
| >
| > Koen
| > -----------------------
| > USER, n.:
| > The word computer professionals use when they mean "idiot."
| > -- Dave Barry, "Claw Your Way to the Top"
| >
| > _______________________________________________________________________
| > Subscription information may be found at:
| > http://www.groupstudy.com/list/CCIELab.html
|
|

• Next message: Jerome Dolphin: "Re: new subscriber to the list"
• Previous message: Ben Zheng: "monitor the buffer usage"
• Maybe in reply to: Koen Zeilstra: "static global routes (internet access from a VPN)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:52 ART