[c-nsp] VRF and STATIC ROUTE to GLOBAL

Lynch, Tomas TOMAS.LYNCH at GlobalCrossing.com
Wed Feb 25 08:01:38 EST 2009 

I've been playing around with this command and the short answer with an
example is:

|CPE VRF|(11.0.0.2) ----Se1|PE ROUTER|POS2----(10.0.0.2) [Internet]
 1.1.1.1

PE ROUTER
---------
! whatever you need for VRF, mBGP, etc.
! to propagate your networks
! you may need to add the following:
router bgp $ASN
 address-family ipv4 vrf ESNET
  redistribute static
  default-information originate
!
ip route 1.1.1.1 255.255.255.255 Serial1
ip route vrf ESNET 0.0.0.0 0.0.0.0 POS2 10.0.0.2 global


Disclaimer: Blame me, not my company, if I misread your question.

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Jeff Fitzwater
> Sent: Monday, February 23, 2009 1:56 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] VRF and STATIC ROUTE to GLOBAL
> 
> This question was posted earlier, before I opened ticket with CISCO.
> 
> Router is 6500 with 720-CXL running SXI code.
> 
> 
> 1.  I have router "A" which is used to connect to our three ISPs ( two
> I1s and  one I2 connection with full BGP), and also receives all our
> internal campus traffic via RIP default path.    Router "A" announces
> default to campus.
> 
> 2. I now need to add a new special ESNET.GOV ISP which cannot be used
> by the majority of our campus except for two subnets.   These two
> subnets will still have access to the other three ISPs for normal path
> selection but have the option of choosing an ESNET route if needed.
> 
> 3. So the original thinking was to create the VRF for ESNET which
> would have its own ESNET route table and tell the two special subnets
> (using route-map match subs, set vrf ) to check the ESNET table first
> and if route is not in table then fall thru to global.
> 
> 4. I can't just have one route table that includes the ESNET routes,
> because ESNET announces some more specific routes and there may be
> hosts that normally use the I1 path to these DSTs, but now see a more
> specific path and try to use it and fail because it is not allowed by
> ESNET outbound ACL.
> 
> 
> 
> I have BGP peering working in VRF ( can see prefixes from ESNET in VRF
> table), but cannot announce our two subnet prefixes because they do
> not show up in VRF route table.  So getting static back to global
> would fix this and other issue with DEFAULT to global.   When I try to
> add static routes they never show up because the next hop is not
> present in VRF table or the command fails stating that...  "Invalid
> next-hop address (it's this router)".
> 
> 
> 
> I was hoping that just adding a static DEFAULT in VRF pointing to
> global would do everything I needed, but cannot get it to work even
> after trying all permutations of the command.  "ip route vrf vrf-esnet
> 0.0.0.0 0.0.0.0 0.0.0.0 global"
> 
> 
> 
> Also tried "ip route vrf vrf-esnet 0.0.0.0 0.0.0.0 loopback3
> 10.10.10.10 global"   Loopback3 was created with RFC-1918 IP and had
> "vrf forwarding" added on this loopback.  This also failed.
> 
> 
> Creating an internal path between the VRF router and the global router
> is stopping all this from working.
> 
> I have a ticket open with CISCO but they are saying I have to add an
> external link with two physical ports on vrf.   This will not work for
> us.
> 
> 
> Does anybody know how to get statics working between VRF and global
> table,  if its even possible.
> 
> 
> Really stuck!
> 
> 
> 
> Jeff Fitzwater
> OIT Network Systems
> Princeton University
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list