today I want to give a small guide, how to configure inter-VRF (VRF = VPN Routung and Forwarding) routing.
The Cisco documentation I found for this is more likely rocket science than a working guide.
The task was to implement static routes on one device routing between different VRFs.
I used following network map:
Both routers "VRF_1" and "VRF_2" are only hosts with only an IP and a default route pointing at the outgoin interface:
VRF1
interface FastEthernet0/1
description Link to VRF_Router
ip address 10.0.100.2 255.255.255.0
speed 100
full-duplex
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0VRF2
interface FastEthernet0/1
description Link to VRF_Router
ip address 10.0.200.2 255.255.255.0
speed 100
full-duplex
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
Now to the routing part:
At first you need an basic VRF lite config:
ip vrf vrf1
rd 1:1
route-target export 1:1
route-target import 1:1
!
ip vrf vrf2
rd 2:2
route-target export 2:2
route-target import 2:2
The two commands
route-target export 2:2 and route-target import 2:2 can be summed up with the command "route-target both. In your config this will be automaticaly replaced with to commands shown.In addition to this there is some IF configuration:
interface FastEthernet0/0
ip vrf forwarding vrf1
ip address 10.0.100.1 255.255.255.0
speed 100
full-duplex
!
interface FastEthernet0/1
ip vrf forwarding vrf2
ip address 10.0.200.1 255.255.255.0
speed 100
full-duplex
The command
ip vrf forwarding [vrf_name] associates the IF into a VRF so the traffic is marked up.Now you need to set up the routing. There for you only need a route for each VRF pointing on the IF and Next-Hop-IP of the targeted VRF.
ip route vrf vrf1 10.0.200.0 255.255.255.0 FastEthernet0/1 10.0.200.2
ip route vrf vrf2 10.0.100.0 255.255.255.0 FastEthernet0/0 10.0.100.2
And thats all. If you issue the command
show ip route. VRF_Router#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
VRF_Router#
You'll see an empty global routing table. If you add
show ip route vrf [vrf_name]. As example only the output of one vrf:VRF_Router#show ip route vrf vrf1
Routing Table: vrf1
[... snip ...]
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.0.100.0 is directly connected, FastEthernet0/0
S 10.0.200.0 [1/0] via 10.0.200.2, FastEthernet0/1
VRF_Router#
Note that it says explictly which routing table it's showing you and you have one extra routing table for each VRF.
If there are any open questions left, just use the commenting funtion
Regrads,
Zif
Posts
Hello, good example. My question is:
AntwortenLöschenHow can we get router VRF_1 to ping VRF_2?
Thanks.
Hey,
AntwortenLöschenDue to we injected the VRF_2 subnet into VRF_1 routingtable there is just a simple "ping" necessary.
It should work from CLI of VRF_1:
ping 10.0.200.2
Regards,
zif
How is this route leaking between VRFs ? because its not.
AntwortenLöschenI dont think you understand the concept...
Well, according to Cisco this approach with static routes can be used for route leaking between the global routing table and a vrf only.
AntwortenLöschenFor route leaking between two vrfs the route target option has to be used. Inter-vrf route leaking with static routes is not supported.
http://www.cisco.com/en/US/tech/tk436/tk832/technologies_configuration_example09186a0080231a3e.shtml
For VPN routes, must specify a next hop IP address if not a point-to-point interface
AntwortenLöschen