07-22-2008 02:58 AM
07-22-2008 08:18 AM
Do you really mean NTP (Network Time Protocol)? If so, I'm not sure I see how this relates to route leaking.
If you want a CE to be able to get an NTP sync, then you can place an NTP server anywhere in the VPN (behind another CE) and it should be accessible to any device in the VRF. If you're looking to use a public server on the Internet, then you need to provide a path from the VRF to the Internet (and back). The safest way to do this would be through a firewall of some description, with a 'trusted' interface in the VRF and an 'untrusted' interface with access to the Internet. That device could then advertise a default route into the VRF.
07-22-2008 08:32 AM
07-22-2008 08:40 AM
It would seem to me that the PE should treat *all* traffic arriving on a particular interface as though it is intended for the VPN. Equally, the PE should not have access to view the contents of traffic on the VPN. Therefore, it *should not* be able to offer 'services' or 'applications' to the CE. But that's just my view :-)
If all CE in a VRF form a mesh, as long as they all start with a reasonable view of the time, they should converge on a shared view of time.
If you absolutely need this feature, then you would probably be best talking to the SE for your account. He will help you raise an enhancement request.