Mittwoch, 29. April 2009

EN - "Route Leaking" or Inter VRF routing

Heyho,

today I want to give a small guide, how to configure inter-VRF (VRF = VPN Routung and Forwarding) routing.
The Cisco documentation I found for this is more likely rocket science than a working guide.

The task was to implement static routes on one device routing between different VRFs.
I used following network map:

Both routers "VRF_1" and "VRF_2" are only hosts with only an IP and a default route pointing at the outgoin interface:
VRF1
interface FastEthernet0/1
description Link to VRF_Router
ip address 10.0.100.2 255.255.255.0
speed 100
full-duplex
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

VRF2
interface FastEthernet0/1
description Link to VRF_Router
ip address 10.0.200.2 255.255.255.0
speed 100
full-duplex
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1


Now to the routing part:
At first you need an basic VRF lite config:
ip vrf vrf1
rd 1:1
route-target export 1:1
route-target import 1:1
!
ip vrf vrf2
rd 2:2
route-target export 2:2
route-target import 2:2

The two commands route-target export 2:2 and route-target import 2:2 can be summed up with the command "route-target both. In your config this will be automaticaly replaced with to commands shown.

In addition to this there is some IF configuration:
interface FastEthernet0/0
ip vrf forwarding vrf1
ip address 10.0.100.1 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
ip vrf forwarding vrf2
ip address 10.0.200.1 255.255.255.0
speed 100
full-duplex


The command ip vrf forwarding [vrf_name] associates the IF into a VRF so the traffic is marked up.

Now you need to set up the routing. There for you only need a route for each VRF pointing on the IF and Next-Hop-IP of the targeted VRF.
ip route vrf vrf1 10.0.200.0 255.255.255.0 FastEthernet0/1 10.0.200.2

ip route vrf vrf2 10.0.100.0 255.255.255.0 FastEthernet0/0 10.0.100.2


And thats all. If you issue the command show ip route.
VRF_Router#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

VRF_Router#

You'll see an empty global routing table. If you add show ip route vrf [vrf_name]. As example only the output of one vrf:
VRF_Router#show ip route vrf vrf1

Routing Table: vrf1

[... snip ...]

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 2 subnets
C 10.0.100.0 is directly connected, FastEthernet0/0
S 10.0.200.0 [1/0] via 10.0.200.2, FastEthernet0/1
VRF_Router#

Note that it says explictly which routing table it's showing you and you have one extra routing table for each VRF.




If there are any open questions left, just use the commenting funtion


Regrads,
Zif

5 Kommentare:

  1. Hello, good example. My question is:

    How can we get router VRF_1 to ping VRF_2?

    Thanks.

    AntwortenLöschen
  2. Hey,
    Due to we injected the VRF_2 subnet into VRF_1 routingtable there is just a simple "ping" necessary.
    It should work from CLI of VRF_1:

    ping 10.0.200.2



    Regards,
    zif

    AntwortenLöschen
  3. How is this route leaking between VRFs ? because its not.
    I dont think you understand the concept...

    AntwortenLöschen
  4. Well, according to Cisco this approach with static routes can be used for route leaking between the global routing table and a vrf only.
    For route leaking between two vrfs the route target option has to be used. Inter-vrf route leaking with static routes is not supported.

    http://www.cisco.com/en/US/tech/tk436/tk832/technologies_configuration_example09186a0080231a3e.shtml

    AntwortenLöschen
  5. For VPN routes, must specify a next hop IP address if not a point-to-point interface

    AntwortenLöschen