Importing from one VRF to another is actually done by BGP, so BGP will
install the best path to the overlapping subnets.
If the "customers" have overlapping subnets, there are several options:
1. Use public internet addresses in the service VRF, allocating a segment
per customer or letting the customers to use their own public internet
segment. The customers can NAT/proxy or use public addressing in the DMZ
facing the services VRF.
2. The provider do NAT.
3. The provider allocates a DMZ segment per customer from rfc1918, and its
the same as using public internet addresses, but there is still a small
chance of address overlapping.
As a "customer" I would prefer options number 1 or 3, as I get control of
what is happening.
HTH,
Dan #13685 (RS/Sec/SP)
The CCIE troubleshooting blog: http://dans-net.com
Bring order to your Private VLAN network: http://marathon-networks.com
On Mon, Jul 30, 2012 at 2:12 AM, John Neiberger <jneiberger_at_gmail.com>wrote:
> I'm just now getting around to really studying L3VPN. I'm playing around
> with GNS3 while watching some training videos and my latest little lab
> setup involves configuring basic central services. For the sake of
> discussion, imagine three VRFs: A, B and C, as well as a new VRF called
> SERVICES. I have customers in these VRFs spread out across the network, and
> they do use overlapping IP space. When I configured this in my lab with one
> customer, I found (remember, I'm new to this!) that I had to import the
> customer routes into the new SERVICES VRF, which makes sense. Without those
> routes in the VRF, the router can't forward packets to those destinations
> even if the correct routes exist in other VRFs on that router.
>
> But what happens when I import another customer into that table? Let's say
> the VPN associated with VRF A is using 10/8 space, and so it the VPN
> associated with VRF B. If I have already imported the routes for Customer A
> into my Services VRF, how is this going to behave if I then import the
> routes for Customer B using the same space? I realize that VPNv4 routes are
> kept unique with the use of an RD. Does a PE router do something similar
> when importing multiple sets of routes into a VRF? Does it retain the RD to
> keep them unique somehow? If not, how do I handle having to import
> overlapping prefixes to make central services work?
>
> Thanks!
> John
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Best regards, Dan Blogs and organic groups at http://www.ccie.netReceived on Mon Jul 30 2012 - 07:41:06 ART
This archive was generated by hypermail 2.2.0 : Wed Aug 01 2012 - 15:55:23 ART