[c-nsp] VRF-Lite Question
Jeff Kell
jeff-kell at utc.edu
Mon Feb 12 19:41:00 EST 2007
Ray Burkholder wrote:
> A couple of points:
> A) I used GRE tunnels with the end points in the global routing table and
> the tunnel content in a separate vrf (keeps routing out of core as you
> required) when crossing routed boundaries, say between buildings and such
> where I use routed ports rather than trunked ports
That's the ticket -- GRE tunnel over the global routing table.
For the general case where you have router "X" somewhere that you'd like
to connect directly to ... if telecomm was free, a dedicated T1, but now
you would rather somehow do it over an existing network *transparently*....
You connect the new router/switch to the existing network and establish
L3 connectivity with router "X" (just need a specific route to get there)
Create a local loopback on the new router, and a local loopback on
router "X".
Create a GRE tunnel0 interface on each end, source is one loopback,
destination is the other router loopback. Use any old point-to-point
/30 subnet.
Put your "new" network on another interface, and set your default route
to point over the tunnel.
This "works" but now you have to worry about route leakage, it's messy.
So, create a dummy vrf:
ip vrf hidden-part
rd 100:100
Change the "new" network interface to 'ip vrf forwarding hidden-part'.
Change the tunnel interface to 'ip vrf forwarding hidden-part'.
Add a default route for vrf hidden-part 'ip route vrf hidden-part
0.0.0.0 0.0.0.0 tunnel0'.
Now your "new" network only sees the default route, and the global table
doesn't see the tunnel or the new network. You now have a 'virtual'
point-to-point link to router 'X'.
You now need to add a route to router 'X' to get back to the new
network, or fire up a routing protocol in the new vrf to advertise it.
Jeff
More information about the cisco-nsp
mailing list