[c-nsp] Global Route Leaking on same PE
Brett Frankenberger
rbf+cisco-nsp at panix.com
Tue Jun 16 14:21:35 EDT 2009
On Tue, Jun 16, 2009 at 07:23:45PM +0200, Ivan Pepelnjak wrote:
> The last time I've seen discussion on this topic, you had to have an
> external back-to-back connection between a VRF interface and a global
> interface.
Depending on the platform, you can do it with a GRE tunnel with both
ends on the same router. (Should be fine on a software-switched
platform; YMMV on a hardware switched platform.)
> > ip route vrf test 64.193.x.x 255.255.255.248 192.168.222.1 global
int lo888
ip address 10.0.0.1 255.255.255.255
int lo999
ip address 10.0.0.2 255.255.255.255
int tun1
ip address 10.0.0.5 255.255.255.252
tunnel source lo888
tunnel destination 10.0.0.2
int tun2
ip vrf forwarding test
tunnel source lo999
tunnel destination 10.0.0.1
ip route vrf test 64.193.x.x 255.255.255.248 tunnel2 10.0.0.5
(Might want to force a larger MTU on the tunnel -- no fragmentation
issues since the tunnel-encapsulated packets never leave the router.)
-- Brett
More information about the cisco-nsp
mailing list