[c-nsp] VRF and STATIC ROUTE to GLOBAL

schilling schilling2006 at gmail.com
Mon Feb 23 13:59:56 EST 2009 

I am not clear about your "route-map match subs, set vrf". If your two
specific subnets are in one campus core, you need to put them in to VRF
ESNET by "ip forwarding vrf ESNET". If these two specific subnets are
distributed in your campus core, you need to use end-to-end vrf-lite or
MPLS, and put them in VRF ESNET.  One in the VRF ESNET, you can then
advertise them to your ESNET eBGP peering. If your have more specific subnet
within the two subnets, "ip route vrf ESNET yourTwoSubnet2ESNET null 0" will
populate a static route in your VRF ESNET, so you can advertise them to your
ESNET eBGP. Existing more specific traffic will be routed in your VRF ESNET,
and non specific are dropped.

Schilling

On Mon, Feb 23, 2009 at 10:55 AM, Jeff Fitzwater <jfitz at princeton.edu>wrote:

> This question was posted earlier, before I opened ticket with CISCO.
>
> Router is 6500 with 720-CXL running SXI code.
>
>
> 1.  I have router "A" which is used to connect to our three ISPs ( two I1s
> and  one I2 connection with full BGP), and also receives all our internal
> campus traffic via RIP default path.    Router "A" announces default to
> campus.
>
> 2. I now need to add a new special ESNET.GOV ISP which cannot be used by
> the majority of our campus except for two subnets.   These two subnets will
> still have access to the other three ISPs for normal path selection but have
> the option of choosing an ESNET route if needed.
>
> 3. So the original thinking was to create the VRF for ESNET which would
> have its own ESNET route table and tell the two special subnets (using
> route-map match subs, set vrf ) to check the ESNET table first and if route
> is not in table then fall thru to global.
>
> 4. I can't just have one route table that includes the ESNET routes,
> because ESNET announces some more specific routes and there may be hosts
> that normally use the I1 path to these DSTs, but now see a more specific
> path and try to use it and fail because it is not allowed by ESNET outbound
> ACL.
>
>
>
> I have BGP peering working in VRF ( can see prefixes from ESNET in VRF
> table), but cannot announce our two subnet prefixes because they do not show
> up in VRF route table.  So getting static back to global would fix this and
> other issue with DEFAULT to global.   When I try to add static routes they
> never show up because the next hop is not present in VRF table or the
> command fails stating that...  "Invalid next-hop address (it's this
> router)".
>
>
>
> I was hoping that just adding a static DEFAULT in VRF pointing to global
> would do everything I needed, but cannot get it to work even after trying
> all permutations of the command.  "ip route vrf vrf-esnet 0.0.0.0 0.0.0.0
> 0.0.0.0 global"
>
>
>
> Also tried "ip route vrf vrf-esnet 0.0.0.0 0.0.0.0 loopback3 10.10.10.10
> global"   Loopback3 was created with RFC-1918 IP and had "vrf forwarding"
> added on this loopback.  This also failed.
>
>
> Creating an internal path between the VRF router and the global router is
> stopping all this from working.
>
> I have a ticket open with CISCO but they are saying I have to add an
> external link with two physical ports on vrf.   This will not work for us.
>
>
> Does anybody know how to get statics working between VRF and global table,
>  if its even possible.
>
>
> Really stuck!
>
>
>
> Jeff Fitzwater
> OIT Network Systems
> Princeton University
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list