Example Overlapping VPN Routing

The figure shows how to implement overlapping VPNs.

For site A-1 and site A-2 (participating only in VPN-A), do the following:

■ Export all networks with RT 123:750

■ Import all networks that carry RT 123:750 (VPN-A)

For site B-1 and site B-2 (participating only in VPN-B), do the following:

■ Export all networks with RT 123:760

■ Import all networks that carry RT 123:760 (VPN-B)

For site A-Central (participating in VPN-A and the overlapping VPN), do the following:

■ Exports all networks with RTs 123:750 and 123:1001

■ Imports all networks that carry RT 123:750 (VPN-A) or 123:1001 (overlapping VPN)

6-16 Implementing Cisco MPLS (MPLS) v2.1 Copyright © 2004, Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

For site B-Central (participating in VPN-B and the overlapping VPN), do the following:

■ Exports all networks with RTs 123:760 and 123:1001

■ Imports all networks that carry RT 123:760 (VPN-B) or 123:1001 (overlapping VPN)

Copyright © 2004, Cisco Systems, Inc. Complex MPLS VPNs 6-17

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Overlapping VPN Data Flow

This topic describes the data flow in an overlapping VPN.

Overlapping VPN Data Flow

Cisco.com

Cisco.com

Pcod Diseases
© 2004 Cisco Systems, Inc. All rights reserved. MPLS v2.1—6-6

Because sites belonging to different VPNs do not share routing information, they cannot talk to each other. The figure shows overlapping VPN data flow, as discussed here:

■ The simple VPN for customer A contains routes that originate from the following:

■ The simple VPN for customer B contains routes that originate from the following:

■ The overlapping VPN contains routes that originate from the following:

■ All of the customer A sites can communicate with each other.

■ All of the customer B sites can communicate with each other.

■ A-Central and B-Central can communicate with each other.

■ The customer A remote site cannot communicate with the customer B remote sites.

Note If a site participating in more than one VPN is propagating a default route to other sites, it can attract traffic from those sites and start acting as a transit site between VPNs, enabling sites that were not supposed to communicate to establish two-way communication.

6-18 Implementing Cisco MPLS (MPLS) v2.1 Copyright © 2004, Cisco Systems, Inc.

The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., for the sole use by Cisco employees for personal study. The files or printed representations may not be used in commercial training, and may not be distributed for purposes other than individual self-study.

Configuring Overlapping VPNs

This topic describes how to configure overlapping VPNs.

Overlapping VPNs—Configuration Tasks

Cisco.com

A-Central B-Central

• Configure one VRF per set of sites with the same VPN membership per PE router.

• For every set of sites with the same VPN membership, use the same RD.

• Configure RTs based on the VPN membership of sites in each VRF.

© 2004 Cisco Systems, Inc. All rights reserved. MPLS v2.1—6-7

You can have a network with four types of sites with different VPN memberships.

+1 0

Post a comment