Routing

last person joined: 3 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  L3 VPN Hub and Spoke

    Posted 01-03-2017 11:52

    Hi experts,

     

    I need to set up a L3VPN hub and spoke for a customer. I have previously done this using different RT's for hub and spokes. This time however there will be multiple spoke sites connected to the same PE. All spoke sites are reached via static routing from the PE's. What is best practice in this case? I would prefer not to use multiple VRF's on the PE for the very same VPN if possible. And I would also prefer to restrict spokes form reaching each other via routing, not ACL's. Is there a way to do this? Do I have to use multiple VRF's?

     

    Reccy



  • 2.  RE: L3 VPN Hub and Spoke
    Best Answer

    Posted 01-04-2017 04:36

    Hi ErAc,

     

    you do not need to configure multiple VRFs.

     

    You can go through the below tech pub link which has a better explanation with configuration example.

     

     

    Configuring Hub-and-Spoke VPN Topologies: One Interface

     

    Configuring Hub-and-Spoke VPN Topologies: Two Interfaces

     

    Let me know if you have further questions.



  • 3.  RE: L3 VPN Hub and Spoke

    Posted 01-04-2017 13:06

    Hi adwivedi,

     

    Thanks for the provided links. That was exactly what I was looking for! I will try that out in my lab.

     

    ErAc



  • 4.  RE: L3 VPN Hub and Spoke

    Posted 01-09-2017 11:54

    Hi again,

     

    I have now tried this in the lab but it seems these examples implies you need to use some routing-protocol between the spoke PE-CE. As mentioned in my initial post I need to use static routes on the spoke sites (the hub site/sites will be BGP though). I guess there is no good way to do this then without using ACL if I want to prevent the spoke sites from reaching each other directly?

     

    Erac