[c-nsp] VRF-lite to do L3 passthru

Jeff Bacon bacon at walleyesoftware.com
Sat Jul 25 23:12:16 EDT 2009 

So, I have this dot1q trunk on which I receive a bunch of vlans, each of
which is its own P-T-P circuit to <somewhere>. It's connected to a
6500/sup720. 

Currently I bring it in as a dot1q trunk on a switchport, map the VLANs,
and then use SVIs to handle layer-3. 

However, I would really like to pass off some of the circuits to other
devices, without the 6500's global RIB being involved. (The 6500 is one
of my edge devices that I use to connect to a bunch of other vendors,
and it along with its twin do lots of stuff. But then there's other
activities - imagine, say, I want to run an internal WAN link over the
trunk. I don't want to have to clutter the 6500's global RIB with my
internal routes just to pass the link through it.) 

This seems like what VRF-lite is meant to do. Only the docs appear all
sort of skewed towards MPLS VPN implementations and BGP, and I'm not
doing MPLS tag switching here, or BGP. I guess I just want mini virtual
router instances running EIGRP to tie <this incoming dot1q VLAN> to
<this other port> so I can spin off some of the incoming VLANs/ckts to
the other devices they're meant for. 

(This is about cost - I can have each ckt be its own port off the
provider's equipment and thus have every ckt go to the device intended,
but that's an additional $150-300/mo xconnect charge from my co-lo
provider plus I get bulk discounts from the provider by bringing
everything in on a gig trunk - they don't have to chew up as many ports
on their equipment.)

I think I get the basic idea - 

vrf fred
  rd 1:2
router eigrp 20
  network 20.0.0.0
  address-family fred
     network 10.0.0.0
     no auto-summary
int g2/1
   desc dot1q trunk from provider
int g2/1.2000
   desc incoming ckt I need to go somewhere else
   encap dot1q 2000 
   ip vrf fred 
   ip address 10.5.5.2 255.255.255.252
int g2/1.3000
   desc incoming ckt that the 6500 should deal with
   encap dot1q 3000
   ip address 20.1.1.1 255.255.255.252
   other normal stuff 
int g4/3
   desc port to some-other-router
   ip vrf fred
   ip address 10.4.4.2 255.255.255.252 

is it really that simple? Will VRF-lite work without actually using BGP
or MPLS? Are there docs somewhere in the Cisco spiderweb which are
clearer on the topic than the ones which are part of the SX doc train?

Thanks,
-bacon

More information about the cisco-nsp mailing list