[c-nsp] Simple VRF ( I hope )

Nick Griffin nick.jon.griffin at gmail.com
Wed Aug 20 14:18:18 EDT 2008


I have a scenario that I am trying to accomplish and I'm having some issues
getting my head around it. In the simplest form I have a client on VRF 1 and
a server in the global table and I want to enable communication between the
2 so I do 2 things:

2.2.2.0 is vrf 1 network and 1.1.1.0 is in the global table:

ip route 2.2.2.0 255.255.255.0 Vlan12 2.2.2.2
ip route vrf I1 1.1.1.0 255.255.255.0 1.1.1.2 global

The issue is with the global/next hop ip address on the vrf route. In my
scenario the global subnet is an svi on a layer 3 switch, of which the next
hop would be the switch itself. I cannot reference the switch itself as the
next hop because the IOS won't take the command, if I have 2
routers/switches parallel on the same subnet I can add the route on each
router reference the opposite router and all works well. There are scenarios
where I don't have 2 switches on the global subnet so i can't configure it
this way, and I don't know if this is desirable. It's clearly arp/cef
related, however am I missing something here? How would this normally be
handled?

I am not attempting to use the VRF's for security, hence the leaking between
the Global and the VRF, I am more so looking to control the VRF's egress to
the internet to avoid using policy based routing.

I hope this makes sense, thanks in advance!


More information about the cisco-nsp mailing list