[c-nsp] Question about VRF
Munroe, James (DSS/MAS)
James.Munroe at gnb.ca
Tue Aug 21 08:51:54 EDT 2007
Hi Dean,
There are a couple of ways to use VRF's to do this. 1.) Multi-VRF CE
2.) MPLS
We do a setup similar to this today using multi-vrf (vrf-lite) on the
Cisco 6509 (SUP720-3B) switch directly connected to the Firewall. Each
VLAN on the switch is assigned to a separate VRF and those VLANs are
permitted on a 10GE 802.1q trunked interface into a Netscreen NS-5200
firewall. This however, would work with any firewall... There is one
caveat with VRF-Lite and that is Multicast VRF support is currently not
present in most Cisco catalyst switches (to date the 6500 series with
PFC3B or PFC3BXL running min. 12.2.18SXE is supported). The ME-3400,
3750ME, 3560, and most likely others (would check with my Cisco SE) will
have mVRF support in 12.2.40SE.
Check out the following link for details on setting up VRF-Lite:
http://www.cisco.com/en/US/products/ps7077/products_configuration_guide_
chapter09186a00808173af.html#wp1320198
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_white_paper0918
6a00801281f1.shtml (shows some configuration but not directly related)
Actually, I think last years there was a Networkers presentation on this
(Enterprise virtualization or something like that).
Hope that helps...
-----Original Message-----
From: Dean Perrine [mailto:deanperrine at gmail.com]
Sent: Monday, August 20, 2007 10:32 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Question about VRF
Hello,
Can anyone advise on this situation?
Topology:
Picture a Firewall at the Top of the network, this has 3 interfaces on
it.
each interface goes to a router (logical) so 2 VRF's and one native
routing domain.
So theres 3 logical routers, each router has a VLAN on it which is
trunked to a switch, that is divided into those 3 vlans...(3 logical
switches)
If you draw this out it's all separate right. Is this a valid setup? It
seems if you dont physically separate each VRF'ed VLAN you get stuck.
The switch tries to send the traffic to its native router and not the
VRF'ed Vlans, or its default gateway. Theres no way to specify i want
traffic to be sent to a different gateway. Although it should send the
traffic within its VLAN.
I need to be able to logically divide my router, then have vlans within
each "router" which are trunked to a switch, which then use each
different path to get out.
Please advise.
Thank you,
===============
Dean Perrine
E-Mail: deanperrine at gmail.com
More information about the cisco-nsp
mailing list