1. Home
  2. Networking
  3. MPLS and VPN Architectures

Additional Lookup in the Global Routing Table

If full Internet routes are available on the PE-router, then it's also possible to perform an additional lookup in the global routing table if a destination prefix is not available within the local VRF. The consequence of this is that a default route cannot be present within the VRF. However, with this feature, there is not necessarily the need for a default route within the PE configuration or for the association of the global routing table with a VRF. An example of this type of connectivity is shown in Figure 12-31.

Figure 12-31 shows that any traffic sent toward the SuperCom San Jose PE-router will be initially routed based on the content of the VRF that is associated with the attached customer. If this lookup fails, then an additional lookup will be performed within the global routing table of the PE-router.

Warning

Additional lookup can present a security risk in an MPLS/VPN network. For example, the packet sent from the San Jose FastFoods site toward the Lyon FastFoods site might escape into the global Internet if the Lyon FastFoods site is not reachable in the FastFoods VRF (for example, because of link failure between Paris and Lyon). In the worst case, the packets will be propagated beyond the boundaries of the SuperCom network and can be intercepted by an intruder beyond the domain of the SuperCom network. The same issue also exists when using a static global default. This is a general issue that should be fully understood if default routing or additional lookup is to be deployed.


Figure 12-31. Additional Lookup in the Global Routing Table

graphics/12fig31.gif

This feature can be enabled through use of the ip vrf forwarding name [fallback global] configuration command.



    		MPLS and VPN Architectures
    		About the Authors
    		About the Technical Reviewers
    		Acknowledgments
    		Part I: MPLS Technology and Configuration
    		Part 2: MPLS-based Virtual Private Networks
    		Chapter 7. Virtual Private Network (VPN) Implementation Options
    		Chapter 8. MPLS/VPN Architecture Overview
    		Chapter 9. MPLS/VPN Architecture Operation
    		Chapter 10. Provider Edge (PE) to Customer Edge (CE) Connectivity Options
    		Chapter 11. Advanced MPLS/VPN Topologies
    		Chapter 12. Advanced MPLS/VPN Topics
    		MPLS/VPN: Scaling the Solution
    		Routing Convergence Within an MPLS-enabled VPN Network
    		Advertisement of Routes Across the Backbone
    		Introduction of Route Reflector Hierarchy
    		BGP Confederations Deployment
    		PE-router Provisioning and Scaling
    		Additional Connectivity Requirements?Internet Access
    		Internet Connectivity Through Firewalls
    		Internet Access?Static Default Routing
    		Separate BGP Session Between PE- and CE-routers
    		Internet Connectivity Through Dynamic Default Routing
    		Additional Lookup in the Global Routing Table
    		Internet Connectivity Through a Different Service Provider
    		Summary
    		Chapter 13. Guidelines for the Deployment of MPLS/VPN
    		Chapter 14. Carrier's Carrier and Inter-provider VPN Solutions
    		Chapter 15. IP Tunneling to MPLS/VPN Migration Case Study
    		Appendix A. Tag-switching and MPLS Command Reference