Internet Access to MPLS VRF
Hello All,
I have a PE router that I have a VRF configured with OSPF to a router CE router. The PE router uses gig1/0.150 to reach the CE router. This PE router also has a conenction via gig0/0 to an ISP. I am trying to allow the vrf internet access. I am not sure how I should be doing this. I have tried using:
ip route vrf PE1toMod1 0.0.0.0 0.0.0.0 gig0/0 <--this produces the following:
% For VPN or topology routes, must specify a next hop IP address if not a point-to-point interface
PE config:
ip vrf PE1toMod1
rd 1:100
route-target export 5:500
route-target import 5:500
!
interface GigabitEthernet1/0.150
encapsulation dot1Q 150
ip vrf forwarding PE1toMod1
ip address 192.168.11.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip ospf 2 area 0
!
router ospf 2 vrf PE1toMod1
redistribute connected subnets
redistribute static subnets
network 172.16.1.1 0.0.0.0 area 0
network 172.16.7.7 0.0.0.0 area 0
network 192.168.11.0 0.0.0.0 area 0
default-information originate always
This is in a home lab and I was just trying to see if I can get this to work. ANy ideas on how to proceed? Thanks.
Comments
is your internet connection in Vrf : PE1toMod1 or the global routing table?
because the natting will be a bit different.
this error you get :
ip route vrf PE1toMod1 0.0.0.0 0.0.0.0 gig0/0
Bit off topic , but i would not normally point a default route to an ethernet/broadcast interface , is bad practise because what will happen is that the router will send arp directly on the interface for all internet destinations , and the router on other side will have to proxy arp -- its very messy
try next hop address instead when you do static route on ethernet , or next-hop-ip and the interface together.
ie ;
ip route vrf PE1toMod1 0.0.0.0 0.0.0.0 194.60.50.2 gig0/0
The internet connection is not part of any vrf and is in the global routing.
I am using IOS c2800nm-adventerprisek9-mz.151-4.M7.bin
When I try to add a ip route vrf statement it gets a bit confusing. I'm not really sure what to use for the " Forwarding router's address", is this the ISP end?
I found a document on Cisco about doing across an MPLS infrastructure and using BGP, but in this case it's the vrf on the Inetrnet conencted router. So I assume it's a static route and NAT issue, no?
the next hop is the ISP end, do you have a public IP direct from them -- or is gi 0/0 connected to some adsl or cable router from isp ?
lets assume you have a public IP on gi 0/0 in global table : 194.30.10.1 /30 and the other side (your isp = 194.30.10.2) , i would do something like this .
int gi 0/0
ip address 194.30.10.1 255.255.255.252
ip nat outside
ip route vrf PE1toMod1 0.0.0.0 0.0.0.0 194.30.10.2 global
* do ip nat inside on gi1/0.150
* do access-list of your inside networks that you want internet access, eg
ip access-list standard INSIDE-NETS
permit 172.16.0.0 0.0.255.255
ip nat inside source list INSIDE-NETS interface gi 0/0 vrf PE1toMod1 overload
Worked like a charm. After your post and reading the VOl 1 MPLS section on this very topic I was able to make it work. Many thanks!
If I could buy you a beer I would.