[c-nsp] VRF & Hairpin Routing?

Joe Maimon jmaimon at ttec.com
Thu Apr 6 20:43:24 EDT 2006 


Lasher, Donn wrote:

> The router tends to get a little peeved seeing itself twice.
>

Nope, the static arp entries as mentioned by others in this thread 
resolves all issues. I believe that this was actualy a ddts and cisco 
has fixed it in a not so long ago revision.


> While you can trick it in some cases, the only way I've found, in a
> reliable fashion,

All my below mentioned ways have proven themselves to be very reliable.

> I've taken a 2811, dual-ethernet'd into a 7200, then dot'1'q and ospf
> into a VRF to come back in and out. That works solidly.

Extra gear.

However, if there is something on the 7200 on vrf X that 2811 vrf Y 
wants to get to, instead of only having an interconnection on the 2811 
to vrf X, also create a connection from 2811 vrf Y to all interesting 
destination on vrf X (another vlan).

Of course, this is generaly the unconventional way to communicate 
between vrf's. Official support is all about import/export and static 
routes that point from global........

> 
> However, the thing you have to consider, any way you do it, is route
> redistribution, leakage, and overall design. Things can start to get
> ugly when all the same networks exist in more than 1 VRF and  you route
> between them.

Yes they certainly do. See above for more ways to complicate things.

Assymetricity is something to watch for, since if you are a managed IP 
shop you may also want to offer nat/fw on these interconnection such as 
when taking a customer vrf and offering them internet access from it as 
well.

> 
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joe Maimon
> Sent: Thursday, April 06, 2006 2:00 PM
> To: Sean Watkins
> Cc: 'cisco-nsp at puck.nether.net'
> Subject: Re: [c-nsp] VRF & Hairpin Routing?
> 
> 
> 
> Sean Watkins wrote:
> 
> 
>>Hi,
>>Vlans 10 & 11 are connected together in an upstream switch  via a 
>>crossover cable.
>>
> 
> 
> Why dont you just dedicate a vlan for each inter-vrf  connection like
> so:
> 
> int fa0/0.10
> encap do 10
> ip addr 10.10.10.1 255.255.255.0
> int fa0/1.10
> encap do 10
> ip vrf fo X
> ip addr 10.10.10.2 255.255.255.0
> 
> Dont need anything "fancy" in the switch.
> 
> You can actually build this with tunnels and loopbacks. You can also use
> a crossover cable between two fastethernets on the router without a
> switch.
> 
> Joe
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
>

More information about the cisco-nsp mailing list