RE: VPN SCENARIO

From: Manu Ohri (mohri) <mohri_at_cisco.com>
Date: Wed, 22 Jul 2009 12:16:41 -0700

Hi Jack,
            With vrf-lite the customer behind the c10 can only speak to
each other through Pe , since they are part of same VRF on Pe , only way
to avoid that is have then directly peer with Pe and in different VRF.
Other way will be to have complex routing policy on C10 and block each
other.

Regards

________________________________

From: jack daniels [mailto:jckdaniels12_at_gmail.com]
Sent: Wednesday, July 22, 2009 12:06 PM
To: Manu Ohri (mohri)
Cc: Cisco certification
Subject: Re: VPN SCENARIO

Hi Manu,

I have querry over -
I know on C10 you configure vrf lite , but on C10 from behind 5 customer
traffic is coming as simple IP.
On C10 they have routes and can speak to each other , ho wto avoid that

Regards
J.daniles

On 7/23/09, Manu Ohri (mohri) <mohri_at_cisco.com> wrote:

        Hi Jack,
              You will need sub interfaces defined on C10. There will be
pair
        of interfaces in each vrf-light on C10.
        The interfaces on PE will have same vrf defined , but on C10
each will
        be different vrf-light.

        CE1---------------- --------------
        CE2---------------- --------------
        CE3----------------CE10 ------------PE ------------MPLS
ENVIRONMENT
        CE4 --------------- -------------
        CE5---------------- --------------

        -----Original Message-----
        From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On
Behalf Of
        jack daniels
        Sent: Wednesday, July 22, 2009 11:07 AM
        To: Cisco certification
        Subject: VPN SCENARIO

        Hi All,

        if we have a scenario like -

        CE1----------------
        CE2----------------
        CE3----------------CE10 ------------PE ------------MPLS
ENVIRONMENT
        CE4 ---------------
        CE5----------------

        CE1,CE2,CE3,CE4,CE5 connect to CE10 router

        now if Want these customers CE1,CE2,CE3,CE4,CE5 traffic to be
sepprate I
        use VRF LITE and configure subinterface and assign appropriate
VRF to
        them.

        But my CE10 link to these customers CE1,CE2,CE3,CE4,CE5 is
normal IP
        ROUTING , NO VRF configured.

        So how to keep them in difrent vpn and these customers
        CE1,CE2,CE3,CE4,CE5 don't sepak to each other.

        Thanks and Regards
        J.Daniels

        Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 22 2009 - 12:16:41 ART

This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:23 ART