[c-nsp] Import VRF routes then change next-hop
Ramcharan, Vijay A
vijay.ramcharan at verizonbusiness.com
Tue Dec 1 18:15:34 EST 2009
Hi all,
I have a couple of switches (6509E, Sup 720 3CXL, 12.2.33 SXI1) that are
running VRF lite for a couple of VRFs.
One of the VRFs connects to a pair of external routers and receives a
number of routes via iBGP.
Sandwiched between that external VRF and the other VRF is a firewall.
I needed to import the routes from the external VRF into the other VRF
that sits behind that firewall.
I set the proper import targets in my firewalled VRF and the routes are
imported.
I now need to change the next hop of those imported routes so that the
firewalled VRF uses the firewall as its next-hop for those imported
routes.
The only solution I've found that actually works is the following
route-map used as an "import map" in the firewalled VRF.
route-map import_mpls_to_firewall_vrf permit 10
Match clauses:
extcommunity (extcommunity-list filter):77
Set clauses:
ip vrf firewall_vrf next-hop 10.10.10.1
ip next-hop 10.10.10.1
I tried reading some documentation but I'm not making much headway into
understanding why I need both of those "set" commands.
If I just use the "set ip vrf <blah>" clause the routes are imported but
the next hop is not changed at which point I need to statically point
the next hop at the firewall for the routes to become valid.
If I just use the "set ip next-hop" command, the next hop is changed but
traffic isn't forwarded out of the firewall VRF.
Once I use both commands, the next-hop is changed and traffic is
properly forwarded.
Is my setup above correct or am I doing something wrong?
Thanks much.
Vijay Ramcharan
More information about the cisco-nsp
mailing list