Internet access with vrf lite

[BicMac080]

Hello,

I would like to find a link which explains how to configure an Internet access on a CE router with a vrf-lite and in which conditions do I have to use a vrf-lite.

Thanks

 

[KiscoKid]

You would deploy VRF-Lite usually on any CE which is required to support multiple VPN's. They are typically deployed in MPLS implementations where more than one VPN routing/forwarding (VRF) tables are required. This allows multiple customers to share the same CE and yet each VRF table is kept isolated from the other one (unless you redistribute) and allows these customers to exist in a secure/private environment and can even use overlapping address for example.

The following link refers to the 4500 but the configuration process is the same for any VRF-Lite capable device.

http://www.cisco.com/en/US/products...figuration_guide_chapter09186a00801f5a1b.html

Just consider each VRF as a seperate routing table (which is exactly what they are) and add routing accordingly. You mention configuring Internet access. In the most basic sense, this could typically be adding a default route to point to, for example, a perimeter firewall.

On a non VRF-Lite CE, you would simply do something like:

ip route 0.0.0.0 0.0.0.0 a.b.c.d

where a.b.c.d is your firewall

On a VRF-Lite box, you can create default routes thus:

ip route 0.0.0.0 0.0.0.0 a.b.c.d
ip route vrf MYVRF 0.0.0.0 0.0.0.0 e.f.g.h

where MYVRF is the VRF instance of your 2nd VRF and e.f.g.h is an appropriate firewall address that exists in this VRF.

VRF-Lite supports more than 2 VRF's thus feasibly you could have multiple entries like the above.

Hope this helps

 

[BicMac080]

Thanks for your explanation (^_^)