Mittwoch, 1. Juli 2009

EN - dynamic routleaking or Inter VRF routing

dynamic route leaking or routing protcols between global routing table (GRT) and VRFs

Hey Everybody,

last time I showed some exampel config for static roue leaking and thought that dynamic routing between GRT and VRF can't be that hard ... how green.
After some hard trys and help from other people I will now show you, how to exchange routes between GRT and VRF-RT dynamicly.
There is no chance to do a normal redistrubution between routing processes if one is the global one.
If you try so, you'll get some cryptic message like
VRF -> GRT [code]%OSPF process 1 is attached to Default-IP-Routing-Table[/code]
GRT -> VRF [code]OSPF process 22 already exists and is attached to Default-IP-Routing-Table[/code]

How ever, now we need to get this tricked. Therefor we use tunnel interfaces and some loopbacks.

This is my tiny topology:


The global Client and the VRF_Client are again just some as host missused routers with one IP address and a default route pointing on the outgoing IF.
grt_host
[code]interface FastEthernet0/0
ip address 10.10.10.10 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.10.10.1 FastEthernet0/0[/code]

vrf_host
[code]interface FastEthernet0/1
ip address 20.20.20.20 255.255.255.0
ip route 0.0.0.0 0.0.0.0 20.20.20.1 FastEthernet0/1[/code]

Now are some basic config for the vrf_router needed:

Create a vrf:
ip vrf zif
rd 1:1
route-target both 1:1


Link to grt_host:
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.0
speed 100
full-duplex


Link to vrf_host:
interface FastEthernet0/1
ip vrf forwarding zif
ip address 20.20.20.1 255.255.255.0
speed 100
full-duplex


This all was no rocket science yet, until now ;)

First thing to figure out: how to outsmart the limitations of design?

One credential are "Tunnel-Interfaces", an other one "loopbacks".

In sum we need one tunnel-IF per VRF and GRT plus one loopback for each.

Both loopbacks are left in GRT:
VRF Router
interface Loopback111
ip address 111.111.111.111 255.255.255.255

interface Loopback222
ip address 222.222.222.222 255.255.255.255


Now we need the correspondent tunnel IFs.
The global one:
interface Tunnel102
ip address 100.100.100.1 255.255.255.0
tunnel source 111.111.111.111
tunnel destination 222.222.222.222

And the VRF one:
interface Tunnel201
ip vrf forwarding RED
ip address 100.100.100.2 255.255.255.0
tunnel source 222.222.222.222
tunnel destination 111.111.111.111


What this is doing: pointing with the tunnel 201 to a GRT loopback with a source in GRT putting itself in a VRF. It sounds, strange, it looks strange, it feels strange, BUT it works ;)

Now you have sweet networks which you can add to routing processes like OSPF.

The global routing process:
router ospf 1
router-id 10.10.10.10
log-adjacency-changes
network 100.100.100.1 0.0.0.0 area 0
network 10.10.10.0 0.0.0.255 area 0


The VRF routing process:
router ospf 2 vrf zif
router-id 20.20.20.20
log-adjacency-changes
network 20.20.20.0 0.0.0.255 area 0
network 102.102.102.2 0.0.0.0 area 0


The routintg tables looks like this:
global

VRF_Router#sh ip route
[...snip...]

Gateway of last resort is not set

102.0.0.0/24 is subnetted, 1 subnets
C 102.102.102.0 is directly connected, Tunnel102
200.200.200.0/32 is subnetted, 1 subnets
C 200.200.200.200 is directly connected, Loopback200
100.0.0.0/32 is subnetted, 1 subnets
C 100.100.100.100 is directly connected, Loopback100
20.0.0.0/24 is subnetted, 1 subnets
O 20.20.20.0 [110/11112] via 102.102.102.2, 00:24:29, Tunnel102
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0

vrf

Router#sh ip route vrf zif

Routing Table: zif
[...snip...]

Gateway of last resort is not set

102.0.0.0/24 is subnetted, 1 subnets
C 102.102.102.0 is directly connected, Tunnel201
20.0.0.0/24 is subnetted, 1 subnets
C 20.20.20.0 is directly connected, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
O 10.10.10.0 [110/11112] via 102.102.102.1, 00:26:19, Tunnel201



And thats it! Now you are able to ping from you grt_host straight through the vrf_host.

For questions just use the comments.

so long,
Zif

3 Kommentare:

  1. just remember to watch out with mtu with the tunnel...

    AntwortenLöschen
  2. compare the result with the config - that did't match.

    AntwortenLöschen
  3. Thanks for sharing this. Overall the solution is to establish a Tunnel between VRF's and GRT.

    It worked for me and no need to buy the Enterprise IOS to configure Route Leaking for VRF.

    Oscar / MEXICO

    AntwortenLöschen