Configuring Multi-Vrf Ce; Understanding Multi-Vrf Ce - Cisco Catalyst 3750 Software Configuration Manual

Configuring Multi-VRF CE

Configuring Multi-VRF CE
Virtual Private Networks (VPNs) provide a secure way for customers to share bandwidth over a
service-provider backbone network. A VPN is a collection of sites sharing a common routing table. A
customer site is connected to the service-provider network by one or more interfaces, and the service
provider associates each interface with a VPN routing table, called a VPN routing/forwarding (VRF)
table. In a multiprotocol label switching (MPLS) VPN deployment, all customers have their own
customer-edge (CE) device), and every CE has a dedicated line connected to a provider-edge (PE) router.
With multiple VPN routing/forwarding (multi-VRF), multiple customers can share one CE, and only one
physical link is needed between the CE and the PE. This is accomplished by extending some PE
functionality to the shared CE devices. The shared CE maintains separate VRF tables for each customer
and switches or routes packets for each customer based on the CE routing table. Multi-VRF CE allows
a service provider to support two or more VPNs with overlapping IP addresses.
This section includes these topics:
•
•
•
•
•
•
•
•

Understanding Multi-VRF CE

Multi-VRF CE is a feature that allows a service provider to support two or more VPNs, where IP
addresses can be overlapped among the VPNs. Multi-VRF CE uses input interfaces to distinguish routes
for different VPNs and forms virtual packet-forwarding tables by associating one or more Layer 3
interfaces with each VRF. Interfaces in a VRF can be either physical, such as Ethernet ports, or logical,
such as VLAN SVIs, but an interface cannot belong to more than one VRF at any time.
Note Multi-VRF CE interfaces must be Layer 3 interfaces.
Multi-VRF CE includes these devices:
•
•
Catalyst 3750 Metro Switch Software Configuration Guide
28-76
Understanding Multi-VRF CE, page 28-76
Default Multi-VRF CE Configuration, page 28-78
Multi-VRF CE Configuration Guidelines, page 28-79
Configuring VRFs, page 28-80
Configuring a VPN Routing Session, page 28-80
Configuring BGP PE to CE Routing Sessions, page 28-81
Multi-VRF CE Configuration Example, page 28-82
Displaying Multi-VRF CE Status, page 28-86
CE devices provide customers access to the service-provider network over a data link to one or more
PE routers. The CE device advertises the site's local routes to the router and learns the remote VPN
routes from it. A Catalyst 3750 Metro switch can be a CE.
PE routers exchange routing information with CE devices by using static routing or a routing
protocol such as BGP, RIPv2, OSPF, IS-IS, or EIGRP. The PE is only required to maintain VPN
routes for those VPNs to which it is directly attached, eliminating the need for the PE to maintain
all of the service-provider VPN routes. Each PE router maintains a VRF for each of its directly
connected sites. Multiple interfaces on a PE router can be associated with a single VRF if all of these
sites participate in the same VPN. Each VPN is mapped to a specified VRF. After learning local
VPN routes from CEs, a PE router exchanges VPN routing information with other PE routers by
using internal BGP (IBPG). A Catalyst 3750 Metro switch would typically be used as a PE.
Chapter 28 Configuring IP Unicast Routing
78-15870-01