I have quite a scenario here that we are working on testing in the lab but wanted to know if anyone has experience in this.
In this scenario there are a few PE routers (ASR9K) connected to each other with a "firewall" connecting to one of the PE routers. Two different PE routers have a customer router connected to them. All the PE routers are talking MPLS, LDP and BGP exchaning labels. The customer is in their own and has a VRF on all the PE routers so the PE routers are VRF aware. We attach an ACE to the ingress interface of the PE that the firewall connects to that matches on some sources and destinations setting a vrf nexthop of an interface hanging off of another PE router in the network. If the packet ends up traversing PE routers that are VRF aware of the customer on it's way to that final PE router will the in between PE routers pop the labels and subject the packet to normal VPNV4 routing table instead of just label switching entirely to the final PE router? The orignating PE router where the firewall is connecting to has a nexthop of the final PE router (not the in between routers). Thanks Curtis _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/