Question on VRF-Lite-route leaking from global to vrf routing tables

The scenario is as such: 

There is a single router which is connect to 3 subnets via Fast Ethernet interfaces.

Subnet A: 10.10.10.0/24, VRF VPN_A

Subnet B: 10.10.20.0/24, VRF VPN_B

Subnet C: 10.10.30.0/24, non VRF

 

Both Subnet A & B subnets cannot reach each others network. However, both Subnet A & B needs to be able to reach Subnet C.

How can i create the vrf static route to Subnet C since the interface is not point to point ?

 

Comments

  • Hi,

      This document should be self explanatory, basically you create a normal static route with "global" keyword in the end; note that ons ome platforms it may be required to also specify the exit interface out of the VRF you configure the static route within:

    https://learningnetwork.cisco.com/docs/DOC-4299

    Good luck with your studies!

  • Thanks for the document.

    However, the document is using dynamic routing protocols. In my scenario, there is only one router and no next hops. Hence, I can only have the traffic out the fast ethernet interface without nexthop address. However, when i do that, i got an error

    "% For VPN routes, must specify a next hop IP address if not a point-to-point interface"

  • Hi,

      Do you want to leak traffic from VRF to global on the same box?

    Good luck with your studies!

  • Yes, this is what i would like to achieve....basically routing between VRF and global

  • Hi,

       To leak traffic between VRF's when multiple equipments are involved, it is simpler, details have been given. To leak traffic between VRF's within same box, you need a physical loop between interfaces in VRF/GRT and static or dynamic routing(so for example traffic exists VRF a, enters the physical loop, enters GRT frpm the physical loop and vice-versa).

    Good luck with your studies!

  • Thanks for the quick response.

    I am not too sure if I understood you...

    For traffic from vrf to GRT, do u mean that i need to create a static route and point to a loopback interfaceof the same box?

  • Hi,

       Here you go, you just configure a physical loop between Fa0/0 and Fa0/1 of the router (directly or through a switch); you basically make the traffic go out of the router from GRT and pin it back in the VRF:

    ip vrf VPN_A
     rd 1:1
     route-target export 1:1
     route-target import 1:1
    !
    ip vrf VPN_B
     rd 2:2
     route-target export 2:2
     route-target import 2:2
    !
    interface Loopback0
     ip address 3.3.3.3 255.255.255.255
    !
    interface Loopback1
     ip vrf forwarding VPN_A
     ip address 4.4.4.4 255.255.255.255
    !
    interface Loopback2
     ip vrf forwarding VPN_B
     ip address 5.5.5.5 255.255.255.255
    !
    !
    interface FastEthernet0/0.2
     encapsulation dot1Q 2
     ip address 1.1.1.1 255.255.255.0
    !
    interface FastEthernet0/0.3
     encapsulation dot1Q 3
     ip address 2.2.2.1 255.255.255.0
    !
    !
    interface FastEthernet0/1.2
     encapsulation dot1Q 2
     ip vrf forwarding VPN_A
     ip address 1.1.1.2 255.255.255.0
    !
    interface FastEthernet0/1.3
     encapsulation dot1Q 3
     ip vrf forwarding VPN_B
     ip address 2.2.2.2 255.255.255.0
    !
    !
    ip route 4.4.4.4 255.255.255.255 FastEthernet0/0.2 1.1.1.2
    ip route 5.5.5.5 255.255.255.255 FastEthernet0/0.3 2.2.2.2
    ip route vrf VPN_A 3.3.3.3 255.255.255.255 FastEthernet0/1.2 1.1.1.1
    ip route vrf VPN_B 3.3.3.3 255.255.255.255 FastEthernet0/1.3 2.2.2.1
    !
    !
    !
    !
    R1#ping 4.4.4.4 source loopback 0

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
    Packet sent with a source address of 3.3.3.3
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 20/34/64 ms
    R1#ping 5.5.5.5 source loopback 0

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
    Packet sent with a source address of 3.3.3.3
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 12/23/40 ms

    Good luck with your studies!

  • I see what you mean now.

    Thanks for the help![:)]

  • Cristian,  great example, i have been watching this post, thanks for sharing the knowledge.

  • Hi,

      As always, glad to be of help to anyone.

    Good luck with your studies!

Sign In or Register to comment.