1. Ivan - guess this depends on the private network being default-free though - sorry haven't watched the webinar yet so maybe covered elsewhere!
    1. Yes, the private network has to be default-free. Will add to the article. Thank you!
  2. Ivan,
    If the global is default free, what would be the use case for having front vrf. Seems to me that in this case we are splitting the network in separate vrfs just to join those vrfs later with NAT.

    Still this is definitely very useful if you have multiple VRFs on customer side - you can provide direct internet connectivity to all of them.
    1. Hi Pavel, really nice to hear from you after a long while.

      One of the scenarios would be two DMVPN tunnels on two Internet uplinks. If you want to make sure traffic from each tunnel uses its own uplink, two front VRFs are the only solution that work(ed?).

      Also, it seems IWAN uses the same approach (makes things consistent regardless of what you're doing on top of DMVPN).
  3. "While Cisco IOS doesn’t have a global-to-VRF route leaking functionality, PBR seems to be a good alternative."

    Sure it has, Cisco just makes you jump through hoops in order to make it work.

    Darren has an excellent post about this functionality.

Add comment