[c-nsp] MPLS: Route Leaking Between Different VRFs on different
PE's
Per Carlson
ml at carlson.homeunix.net
Thu Aug 11 09:10:58 EDT 2005
On Tue, Aug 09, 2005 at 07:23:34PM +0200, Danielsen.Peter Christian PED wrote:
> I have tre different VRFs VRF-A, VRF-B and VRF-C, VRF-C is my management
> VRF, I need to attach a export map on VRF-A and VRF-B, so I can control
> witch networks will be leaked over in my management VRF-C ..
Hi Peter.
What I usually do, is to build up the management VPN as an hub-and-spoke
network, with the PE-router connected to the management LAN as the Hub.
This means two route-targets are used for the VPN (one for hub to spoke
advertisement, and one for spoke to hub). In that way you can control the
prefixes injected into other VRF's in a simpler way.
At the PE connected to the mgmt LAN:
ip vrf mgmt
rd 1:1
route-target export 1:1 ! hub export rule
route-target import 1:1
route-target import 1:2 ! hub import rule
At another PE:
ip vrf vpn13
rd 1:13
export map mgmt-leaking
route-target export 1:13
route-target import 1:13
route-target import 1:1 ! import hub prefixes
! access-list matching lo0 at the CE-routers
ip access-list standard mgmt-leaking
permit 192.168.1.128 0.0.0.127
! tag the lo0 prefixes with the mgmt-hub-import-rule rt
route-map mgmt-leaking permit 1
match ip address mgmt-leaking
set extcommunity rt 1:1
Note: there is no need for the 'mgmt' VRF on any other PE than the
one connected to the mgmt LAN.
--
Regards, Per Carlson
"Hey! I hate these Microsoft guys! What a rotten compiler! It only accepts
16,384 local variables in a function!"
More information about the cisco-nsp
mailing list