Internet Access to MPLS VRF

jfarandajfaranda
in CCIE Routing & Switching Technical

Hello All,

I have a PE router that I have a VRF configured with OSPF to a router CE router. The PE router uses gig1/0.150 to reach the CE router. This PE router also has a conenction via gig0/0 to an ISP. I am trying to allow the vrf internet access. I am not sure how I should be doing this. I have tried using:

 

ip route vrf PE1toMod1 0.0.0.0 0.0.0.0 gig0/0  <--this produces the following:

 

% For VPN or topology routes, must specify a next hop IP address if not a point-to-point interface

 

PE config:

ip vrf PE1toMod1

 rd 1:100

 route-target export 5:500

 route-target import 5:500


!


interface GigabitEthernet1/0.150

 encapsulation dot1Q 150

 ip vrf forwarding PE1toMod1

 ip address 192.168.11.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

 ip ospf 2 area 0

!


router ospf 2 vrf PE1toMod1

 redistribute connected subnets

 redistribute static subnets

 network 172.16.1.1 0.0.0.0 area 0

 network 172.16.7.7 0.0.0.0 area 0

 network 192.168.11.0 0.0.0.0 area 0

 default-information originate always


This is in a home lab and I was just trying to see if I can get this to work. ANy ideas on how to proceed? Thanks.




Comments

  • sylhet2011sylhet2011

    is your internet connection in Vrf : PE1toMod1  or the global routing table?

     

    because the natting will be a bit different.

     

    this error you get :

    ip route vrf PE1toMod1 0.0.0.0 0.0.0.0 gig0/0

    Bit off topic , but i would not normally point a default route to an ethernet/broadcast interface , is bad practise  because what will happen is that the router will send arp directly on the interface for all internet destinations ,  and the router on other side will have to proxy arp -- its very messy

    try next hop address instead when you do static route on ethernet , or  next-hop-ip and the interface together.

    ie ;

    ip route vrf PE1toMod1 0.0.0.0 0.0.0.0 194.60.50.2 gig0/0

     

  • jfarandajfaranda

    The internet connection is not part of any vrf and is in the global routing.

    I am using IOS c2800nm-adventerprisek9-mz.151-4.M7.bin

    When I try to add a ip route vrf statement it gets a bit confusing. I'm not really sure what to use for the " Forwarding router's address", is this the ISP end?

    I found a document on Cisco about doing across an MPLS infrastructure and using BGP, but in this case it's the vrf on the Inetrnet conencted router. So I assume it's a static route and NAT issue, no?

     

     

  • sylhet2011sylhet2011

    the next hop is the ISP end,  do you have a public IP direct from them -- or is gi 0/0 connected to some adsl or cable router from isp ?

    lets assume you have a  public IP on gi 0/0 in global table : 194.30.10.1 /30 and the other side (your isp = 194.30.10.2) , i would do something like this .

     

    int gi 0/0

    ip address 194.30.10.1  255.255.255.252

    ip nat outside

     

    ip route vrf PE1toMod1  0.0.0.0 0.0.0.0 194.30.10.2 global

     

    * do ip nat inside on gi1/0.150

    * do access-list of your inside networks that you want internet access, eg

    ip access-list standard INSIDE-NETS
    permit 172.16.0.0 0.0.255.255

    ip nat inside source list INSIDE-NETS interface gi 0/0 vrf PE1toMod1 overload

     

  • jfarandajfaranda

    Worked like a charm. After your post and reading the VOl 1 MPLS section on this very topic I was able to make it work. Many thanks!

    If I could buy you a beer I would.

Sign In or Register to comment.