I think that this live configuration is from a didactical viewpoint a good
sketch to share.
The sketch,
Two multi-vrf ce routers talk with two pe routers and all layer 3
communication points use HSRP
for redundancy. Between the mls routers and the pe routers trunks are
configured and
subinterfaces are used with encapsulation dot1q vlan. The mls routers which
are functioning as
multi-vrf ce's have also a trunk with two other multi-vrf's mls routers
which purpose is to route
management traffic.
The process goes like this; management traffic which comes from behind a
virtual firewall, which is
also part of the multi-vrf ce's, will go from the multi-vrf ce's at layer 3
over the trunk to the
layer 3 point of the multi-vrf management routers. From the multi-vrf
management routers the traffic
will use the same trunk again to go back through the multi-vrf ce's, but
this time the multi-vrf ce's
will be used as layer 2 devices to switch packets between two subinterfaces
on different trunks both
in the same vlan. The multi-vrf management routers will use the trunk to the
multi-vrf ce's to send
packets to the pe routers. The difference between the first and the second
switch is that in the first
switch the multi-vrf ce's had a layer 3 connection with the multi-vrf
management routers whereas in
the second switch the connection is only at layer 2. During the second
switch the layer 3 connection
is between the multi-vrf management routers and the pe routers. Once on the
pe routers the story remains standard mpls vpn.
Regards,
Lucio Jankok
