[c-nsp] VRF->Global route leaking in multi-VRF CE installation
Cory Ayers
cayers at ena.com
Wed Jan 6 11:57:39 EST 2010
Hi Ross,
> Hi everyone,
>
> I have a multi-VRF CE setup that is used to provide a different
> forwarding path for two groups of VLANs (one group has a layer 2
> firewall in front of it, the other does not).
>
> Each VRF has a physical interface uplinking to the global table and a
> default pointing out of that interface. The global table uplinks to
> the rest of the network and carries a full BGP view. All three tables
> have an OSPF instance. I'm trying to move these routes out of OSPF
> into iBGP, and IOS seems intent on foiling me.
>
Have you looked at using two interfaces to loop traffic with one interface in the global table and one in the VRF? You could run two different OSPF processes to transport routes between assuming you only need a default inside the VRF. I haven't needed to get this to work with iBGP, but if that is a requirement you will need an IOS capable of per-VRF Router ID to peer on the same router. (http://www.cisco.com/en/US/docs/ios/12_2sr/12_2sra/feature/guide/srbgprid.html)
Off the cuff configuration example. These two interfaces would need to be crossed-over, but I'm assuming you have plenty of port density on a 6500.
interface GigabitEthernet2/15
description Loop entering VRF
mac-address 020x.xxxx.xx0e
ip address 172.23.254.1 255.255.255.252
interface GigabitEthernet2/16
description Loop leaving VRF
mac-address 020x.xxxx.xx0f
ip vrf forwarding VRFname
ip address 172.23.254.2 255.255.255.252
router ospf 215
network 172.23.254.1 0.0.0.0 area 0
default-information originate
router ospf 216 vrf VRFname
network 172.23.254.1 0.0.0.0 area 0
More information about the cisco-nsp
mailing list