[c-nsp] Interfacing between VRF and global across interface in one
router
Joe Maimon
jmaimon at ttec.com
Sun Jan 16 15:24:41 EST 2005
Does anybody know of a way to create an interface between two VRF's or a
VRF and the global table inside one router?
I have been trying with tunnels and loopbacks but that keeps throwing up
errors and anyways, since my goal is to increase switching performance
that wont work long term.
The goal is to eliminate the need to configure all other interfaces on
the system as "ip nat outside" simply because a handfull of connected
customers wish you to carry and nat their private space.
I have been thinking of something like this...any idea?
int fa0/0/0
desc inteface that spans nat vrf and global table (crossover into fa0/1/0)
ip vrf forwarding NAT-CUSTOMERS
ip address 66.66.66.1 255.255.255.252
ip nat outside
int fa0/1/0
desc inteface that spans nat vrf and global table (crossover into fa0/0/0)
ip address 66.66.66.2 255.255.255.252
int s1/0/0:1
ip vrf forwarding NAT-CUSTOMERS
ip address 10.255.0.1 255.255.255.252
ip nat inside
int s1/0/0:2
ip address 66.66.66.5 255.255.255.252
int s1/0/0:3
ip address 66.66.66.9 255.255.255.252
int s1/0/0:4
ip address 66.66.66.13 255.255.255.252
..
..
ip route vrf NAT-CUSTOMERS 0.0.0.0 0.0.0.0 fa0/0/0 66.66.66.2
ip route vrf NAT-CUSTOMERS 10.1.1.0 255.255.255.0 s2/0/0:1 10.255.0.2
ip route 10.0.0.0 255.0.0.0 fa0/1/0 66.66.66.1
ip nat inside source list inside-nat interface fa0/0/0 overload vrf
NAT-CUSTOMERS
ip access-list extended inside-nat
deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
permit ip 10.0.0.0 0.255.255.255 any
permit ip any 10.0.0.0 0.255.255.255 any
deny ip any any
Of course, If I could have the router announce routes to itself across
the VRF<->global interface with RIP2 or OSPF that would be even better,
making it easier to mix in non-natted ip addresses with the natted one
in the NAT vrf.
Should I even bother trying?
Joe
More information about the cisco-nsp
mailing list