[c-nsp] VRF->Global route leaking in multi-VRF CE installation

Ross Vandegrift ross at kallisti.us
Wed Jan 6 10:32:57 EST 2010


On Wed, Jan 06, 2010 at 04:05:15PM +0100, Pavel Skovajsa wrote:
> Hi Ross,
> The VRF route leaking is somehow complex stuff - there appears to be
> scattered documentation about it around CIsco site - see for example
> http://www.cisco.com/en/US/docs/ios/12_2sr/12_2sra/feature/guide/srbgprid.html
> 
> What we do to dynamicly leak routing from one VRF to another is to do
> it with eBGP. Simply make a eBGP session between the VRFs (f.e. create
> a Loopback for each VRF) and send the routes across - see
> http://forum.nil.com/viewtopic.php?f=10&t=59&sid=9c8b6a132bfdbfd0794b69b573b1914c&start=10
> 
> Another alternative is to put the routes into VRF BGP table and leak
> them with "route-target import" - see
> http://www.cisco.com/en/US/tech/tk436/tk832/technologies_configuration_example09186a0080231a3e.shtml

Unfortunately, BGP doesn't work in my case since I'm trying to leak
VRF routes into the global table.  BGP requires that all routes be
leaked between VRFs, since the BGP routes need to be matching types of
NLRIs - a route from a VRF has a different SAFI than an IPv4 route
from the global table.  If there is a way to do this without
duplicating the static routes as in your third link above, I'd love to
know about it!

If I move the global table into a VRF, I then have the problem that I
can't fix the AS path since my platform doesn't support as-override.

> To take somewhat intelligent approach I suggest to read about the
> "Common services VRF" in "MPLS and VPN Architectures" - ~ Ivan
> Pepelnjak, Jim Guichard - a great set of  books not only about
> MPLS.

That's the weird thing about this installation - there is no MPLS or
VPN here.  No interfaces even have MPLS enabled.  I'm strictly using
the multi-VRF CE functionality to provide separate routing tables.
This is installation should really be solved with a virtual router,
but it's stuck on IOS for the time being and the VRFs do the job
nicely.  But I'm finding that it's really hard to get the routes into
BGP.

Ross

-- 
Ross Vandegrift
ross at kallisti.us

"If the fight gets hot, the songs get hotter.  If the going gets tough,
the songs get tougher."
	--Woody Guthrie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20100106/dfda1a3a/attachment.bin>


More information about the cisco-nsp mailing list