hmm so your NAT'ing the customer host address to achieve internet
reachability....what if they don't have an internal device doing NAT to
their public ip address then you could have overload on the PE NAT router
if they had many host devices (I know it's just hypothetical)
I have seen in some policies a dedicated internet PE/or internet vrf
(leaking) being used and simply on the PE's a default route for the vrf i.e
ip route vrf cust-a 0.0.0.0 0.0.0.0 x.x.x.x
so that "any non specific" matches can be sent to the internet PE's global
routing table or internet vrf
then redistribute static
ip route 1.1.1.1 0.0.0.0 172.16.10.2
into BGP i.e the customer prefix/subnet is know to the global internet PE
or internet vrf
As I understand if you have multiple customers sharing the internet PE or
internet vrf then their routing domains still remain segmented as the RT
import/export policies are still different...
The only flaw with this method I can think of is if cust-b has
pre-requisite knowledge of cust-a's subnet(s) they could technically have
access to their network
If anyone knows any better, speak now
:)
BR
Tony
On 19 May 2013 15:34, Mohammad Khalil <eng_mssk_at_hotmail.com> wrote:
> http://eng-mssk.blogspot.com/2013/05/mpls-l3vpn-internet-access.html
>
> BR,
> Mohammad
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon May 20 2013 - 05:05:34 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 03 2013 - 06:34:34 ART