[c-nsp] GRE tunnels, policy based routing versus VRFs (non-MPLS)

[Sam Stickland]

Hi,

I need to route a small subnet (/27) over to a another router in another 
AS (AS-b). Our AS (AS-a) still needs to provide the IP transit for this 
subnet.

My first thought is to set up a GRE tunnel between a router in AS-a and a 
router in AS-b.  We'd configure an IP address from the /27 as a default 
gateway on the router in AS-b. We 'd statically route the /27 on the 
router in AS-a to the tunnel endpoint in AS-b, and use policy routing to 
send the traffic back from AS-b to AS-a.

So, asumming the subnet is x.y.z.w /27 the configuration would look like 
this:

Router-a (AS-a)
---------------

int tunnel 1
   ip address 192.168.1.1 255.255.255.252
   keepalive 5 4
   tunnel source A.A.A.A
   tunnel destination B.B.B.B
   tunnel path-mtu-discovery

ip route x.y.z.w 255.255.255.224 192.168.1.2


Route-b (AS-b)
--------------

int tunnel 1
   ip address 192.168.1.2 255.255.255.252
   keepalive 5 4
   tunnel source B.B.B.B
   tunnel destination A.A.A.A
   tunnel path-mtu-discovery

interface FastEthernet1/0/0.601
  encapsulation dot1Q 601
  ip address x.y.z.w 255.255.255.224
  ip policy route-map RM-ROUTE
end

route-map RM-ROUTE permit 10
   match ip address ACL-ROUTE
   set ip next-hop 192.168.1.1

ip access-list extended ACL-ROUTE
   permit ip x.y.z.w 0.0.0.31 any
   deny ip any any


Which ought to have the desired effect. But is this the best way to do 
this in a non-MPLS network?

Perhaps I should configure a VRF on Router-B on direct that over the 
tunnel interface, although I am unsure of what configuration this would 
take. What advantages would this have?

Sam