MPLS VPN half-duplex VRF works only on virtual template interface

IOS release 12.3(11)T introduced Half-duplex VRF, a great feature for those of us who have to implement hub-and-spoke VPN (the VPN where all traffic has to pass through the central site), but hate the configuration hassle associated with it. Unfortunately, the way this feature is implemented, you can only configure it on virtual access/template interface, making it useless in most access networks. Too bad ...


  1. Ivan,

    At the moment, is there a possible simple solution for point to point serial link to implement hub and spoke?

    thanks in advance.


  2. There are a few variants of the basic hub-and-spoke approach, but more-or-less they all require a VRF per spoke site. The original architecture is described in the MPLS VPN Architectures book and can be simplified if you can use default routing within VPN. Further enhancements are possible with VRF address selection or VRF selection with policy-based routing, but both options are pretty complex.

    I'll write an article on these options in my IP Corner column and post a comment here when it's available.
  3. Dear Ivan,

    Thankss man!!! Appreciated!


Add comment