VRF and Routing Polices for SampleNet VPN Sites

All SampleNet VPN sites will belong to the VPN defined as Snet_Customer. These sites must have access to all other SampleNet sites directly across the TransitNet MPLS backbone (rather than through the central site, as with the currently deployed GRE tunneling solution), and they must also have direct access to Internet customers who attach to the TransitNet backbone. A further requirement is that these sites must be provided with Internet access, but via the central SampleNet network rather than through the external BGP peering point within the TransitNet London POP (although they should be reachable from the Internet via this external BGP peering point). This access will require that the address range used for the SampleNet VPN sites be advertised using BGP-4 from the SampleNet central site toward the Internet.

BGP-4 will not be used across the PE-to-CE link to SampleNet sites. This means that a static route within the VRF will be configured to point to the SampleNet sites' IP address range. This static route must be redistributed from the Snet_Customer VRF into MP-BGP so that the IPv4 addresses can be advertised across the TransitNet MP-iBGP sessions as VPN-IPv4 addresses for import by other PE-routers.

The import and export polices that will be used for this VPN can be seen in Table 15-3.

Table 15-3. SampleNet VRF Import/Export Policies

VRF Snet_Customer


Import and export

1234:16 (Snet_Customer)

Import only

1234:17 (Snet_Internet)

Import only

1234:18 (Internet_Customer)

This table shows that the Snet_Customer VRF will export its local routes using the route target value 1234:16, and these routes will be imported by all other Snet_Customer VPN sites, the Snet_Internet VRF, and Internet_Customer sites. Routes that contain a route target value of 1234:17 (Snet_Internet) or 1234:18 (Internet_Customer) will be imported to allow communication with all other directly attached Internet customers and Internet access via the central SampleNet network.

    Part 2: MPLS-based Virtual Private Networks