MPLS VPN half-duplex VRF works only on virtual template interface

IOS release 12.3(11)T introduced Half-duplex VRF, a great feature for those of us who have to implement hub-and-spoke VPN (the VPN where all traffic has to pass through the central site), but hate the configuration hassle associated with it. Unfortunately, the way this feature is implemented, you can only configure it on virtual access/template interface, making it useless in most access networks. Too bad ...

3 comments:

  1. Ivan,

    At the moment, is there a possible simple solution for point to point serial link to implement hub and spoke?

    thanks in advance.

    cheers.

    maher

    ReplyDelete
  2. There are a few variants of the basic hub-and-spoke approach, but more-or-less they all require a VRF per spoke site. The original architecture is described in the MPLS VPN Architectures book and can be simplified if you can use default routing within VPN. Further enhancements are possible with VRF address selection or VRF selection with policy-based routing, but both options are pretty complex.

    I'll write an article on these options in my IP Corner column and post a comment here when it's available.

    ReplyDelete
  3. Dear Ivan,

    Thankss man!!! Appreciated!

    cheers.

    maher

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.