[c-nsp] MPLS: Route Leaking Between Different VRFs on different PE's

Per Carlson ml at carlson.homeunix.net
Thu Aug 11 09:10:58 EDT 2005


On Tue, Aug 09, 2005 at 07:23:34PM +0200, Danielsen.Peter Christian PED wrote:
> I have tre different VRFs VRF-A, VRF-B and VRF-C, VRF-C is my management
> VRF, I need to attach a export map on VRF-A and VRF-B, so I can control
> witch networks will be leaked over in my management VRF-C .. 

Hi Peter.

What I usually do, is to build up the management VPN as an hub-and-spoke
network, with the PE-router connected to the management LAN as the Hub.

This means two route-targets are used for the VPN (one for hub to spoke
advertisement, and one for spoke to hub). In that way you can control the
prefixes injected into other VRF's in a simpler way.

At the PE connected to the mgmt LAN:

ip vrf mgmt
 rd 1:1
 route-target export 1:1  ! hub export rule
 route-target import 1:1
 route-target import 1:2  ! hub import rule


At another PE:

ip vrf vpn13
 rd 1:13
 export map mgmt-leaking
 route-target export 1:13
 route-target import 1:13
 route-target import 1:1  ! import hub prefixes

! access-list matching lo0 at the CE-routers
ip access-list standard mgmt-leaking
 permit 192.168.1.128 0.0.0.127

! tag the lo0 prefixes with the mgmt-hub-import-rule rt
route-map mgmt-leaking permit 1
 match ip address mgmt-leaking
 set extcommunity rt  1:1


Note: there is no need for the 'mgmt' VRF on any other PE than the
one connected to the mgmt LAN.


-- 

Regards, Per Carlson

"Hey! I hate these Microsoft guys! What a rotten compiler! It only accepts 
16,384 local variables in a function!"


More information about the cisco-nsp mailing list