[c-nsp] Connecting a VRF between routers

Phil Mayers p.mayers at imperial.ac.uk
Tue Jan 20 09:07:23 EST 2009 

Skeeve Stevens wrote:
> Firstly, YES, I've kind of asked this before, but with the different ways
> people do and understand things all over the world, I've not had a response
> that actually works.
> 
> So.. Simply.
> 
> I have, lets just say 2 (two) routers and or switches (3560, etc with VRF
> support).
> 
> I want to, at a layer 2 level, link a vrf on one router/switch to another.
> 
> What I am meaning here is.  If I type 'show ip arp vrf BLAH' on one device,
> I want to see the ARP for devices connected into the VRF on the other
> router.

You want to see "the ARP"?

What does that mean?

Do you mean:

"""I want a router in location A, with an IP interface inside a VRF. I 
want a switch in location B, with a vlan. I want to connect the VLAN to 
the routed interface."""

Perhaps you could draw a diagram and provide the config fragments you 
want to see in each location?

> 
> I don't particularly want to use tunnels due to MTU issues.
> 
> A VLAN with an SVI on a switch and a sub-e on a router work fine, but only
> if I have a full layer2 switched path all the way.  
> 
> In some cases I do not.  An example would be when we use another carrier to
> link two cities and they have an MPLS cloud in the middle.  I want to link a
> VRF to another VRF on each side of the cloud.
> 
> I am not sure if what I want to do makes sense.. Some people just suggest
> MPLS, but it seems like an over complex solution if we're talking about 2-3
> routers/switches.
> 
> If I am not being clear about something, please feel free to ask me for more
> info.

You seem to want magic.

Your options using Cisco kit, that I know of, are:

  1. End-to-end MPLS transit, and MPLS-capable devices
  2. End-to-end layer2
  3. Tunnels (L2TP, GRE)

All require either jumbo frames, lower "inner" MTU (possibly with TCP 
MSS clamping) or fragmentation (and clearing the "dont frag" bit)

There are of course other esoteric options - you could run 2 linux boxes 
and tunnel PPP over SSH - since you're tunneling packets over TCP, you 
can have over-size packets and TCP segmentation will deal with it, but 
you can suffer massive jitter and buffering problems.

More information about the cisco-nsp mailing list