MPLS VPN internet access

Hi,

 

I just wnat to know one thing regarding to the MPLS VPN internet access scenario!!!

Normally we can configure the NAT on the PE where it has directly connected CE or we can configure the NAT on the PE where we have INTERNET BACKBONE router is connected!!!

in first cast of NAT we can have static route for pearticular vrf pointing to the PE loopback with globabl keyword(here i m talking about the PE which is connected to the Internet backbone router)

and in second case of NAT we can have static route configured and pointing to the Internetbackbon router interface with the global keyword (If this router will not have vrf on it then we can configure the vrf to add static route)

 

now in both the case internet backbone router will not be able to reach the CE prefixes as it will not have the route to customer prefixes (specially ping)...right!!!  so in actual lab exam will this implementation works as the correct solution!!!!

regards

Dev

Comments

  • Hi Dev,

    It does work in both cases and you must be able to ping. The "trick" to it all is to create a route-map matching the ACL. (Very important tip I picked up from IE CCIE-SP DVD) Then apply it to your ip nat inside sorce route-map x interface fast 0/0 vrf ??? overload.

    That must be the outside interface within the global table. Also bear in mind you must have the under lying igp/bgp correct so the address you need to ping are in your routing table. They will respond due to your inside CE devices being natted to an interface which is within the global routing table.

    You will also need to ensure your routes are advertised out esp. if you are trying to reach a device (loopback) which is more than 1 hop away as well as import/export any route-targets for that vrf. Then don't forget to share the static/network to the relevant PE devices needing to grant access to the CE sites.

    Hope that helps

    James

    30 days to go before my lab in SJ :-)



    ________________________________________
    From: [email protected] [[email protected]] On Behalf Of dev13 [[email protected]]
    Sent: Tuesday, October 21, 2008 9:38 PM
    To: James Yeo
    Subject: [CCIE SP] MPLS VPN internet access

    Hi,



    I just wnat to know one thing regarding to the MPLS VPN internet access scenario!!!

    Normally we can configure the NAT on the PE where it has directly connected CE or we can configure the NAT on the PE where we have INTERNET BACKBONE router is connected!!!

    in first cast of NAT we can have static route for pearticular vrf pointing to the PE loopback with globabl keyword(here i m talking about the PE which is connected to the Internet backbone router)

    and in second case of NAT we can have static route configured and pointing to the Internetbackbon router interface with the global keyword (If this router will not have vrf on it then we can configure the vrf to add static route)



    now in both the case internet backbone router will not be able to reach the CE prefixes as it will not have the route to customer prefixes (specially ping)...right!!! so in actual lab exam will this implementation works as the correct solution!!!!

    regards

    Dev



    Internetwork Expert - The Industry Leader in CCIE Preparation
    http://www.internetworkexpert.com

    Subscription information may be found at:
    http://www.ieoc.com/forums/ForumSubscriptions.aspx

    DISCLAIMER:
    Everything in this email and its attachments relating to the official business of arivia.kom is proprietary to arivia.kom. It is confidential, legally privileged and protected by law. The person addressed in the email is the sole authorised recipient. Any unauthorized dissemination or copying of this e-mail (or any attachment to this e-mail) or the wrongful disclosure of the information herein contained is prohibited.
Sign In or Register to comment.