[c-nsp] routing between VRF and global
Jeff Bacon
bacon at walleyesoftware.com
Fri Jul 16 09:17:20 EDT 2010
I have a mesh of 6500s connected via various gig fiber links. The 6500s
have multiple VRFs defined, but of course most things interesting live
in the global zone.
I want a host on a VRF on a 6500 to be able to connect to another
destination that is reachable through the global zone. Most likely it
will be on the same 6500, but ideally it would be the same one way or
the other.
Basically, how do you leak routes between VRF and global? Between VRF
and VRF I get. VRF<>global, not so clear; "MPLS fundamentals" provides a
couple of examples but it's aimed more at a "how to connect VRF to
internet so you have one static global route entry... ick.
I can see the possible solution of creating a GRE tunnel within the
switch itself, with one end in the VRF and the other end in the global
and using "tun vrf" to get them to link, but this seems just a shade
ugly (though it also happens to provide a nice fixed point in space for
applying ACLs, etc.)
Or of course there's the "hairpin" solution. I might be able to live
with that, probably better than the GRE answer... but that doesn't mean
I have to like it, does it? :)
Thanks,
-bacon
More information about the cisco-nsp
mailing list