[c-nsp] VRF-Lite Question

Mark D. Nagel mnagel at willingminds.com
Mon Feb 12 23:05:00 EST 2007


Shakeel Ahmad wrote:
> It was easy leaking routes from 1 VRF to other due to this doc:
>
> http://www.cisco.com/en/US/tech/tk436/tk832/technologies_configuration_example09186a0080231a3e.shtml
>   

Here's a problem I've yet to solve in this scenario.  The idea is to
split a router into two VRFs, one for personal use and one for work
use.  The public interface is shared and used to build an IPSec tunnel
terminated in the work VRF, and is also used to provide NAT and CBAC for
the personal VRF.  The rub is that you don't know the next hop address
on the public interface since it is dynamic, usually via DHCP or PPPoE. 
I have not found a way to create the default route via the public
interface within each of the VRFs via static routing ("ip route vrf WORK
0.0.0.0 0.0.0.0 DHCP" doesn't do the trick, nor can you reference the
global DHCP gateway apparently); I imagine the only way to do it is via
OSPF or another VRF-aware protocol.  Unless someone here knows a way to
avoid the extra complexity in this case...

Thanks,
Mark

-- 
Mark D. Nagel, CCIE #3177 <mnagel at willingminds.com>
Principal Consultant, Willing Minds LLC (http://www.willingminds.com)
cell: 949-279-5817, desk: 714-630-4772, fax: 949-623-9854




More information about the cisco-nsp mailing list