[c-nsp] routing between VRF and global

Kenny Sallee kenny.sallee at gmail.com
Fri Jul 16 12:22:02 EDT 2010 

I solved this problem (leaking routes from VRF to global route table) by
creating a 'VRF' that is the 'global' route table.  The cisco solution is
like you mentioned (GRE, Cable loopage, or static routes - none that I
liked).  So it physically looks like this:  MPLS WAN Frame DS3 w/ many PVCs
(for each different customer) -->Cisco ASR w/ VRF's per PVC --> Routes
imported to a VRF called 'global-vrf' --> cabled to a 6500 with global
routes.  I run BGP MP-BGP and peer with our core over the 'global-vrf' so I
can dynamically advertise all my customer routes to our core.  So - the ASR
runs MP-BGP (no label switching) and I route-target import/export between
VRF's with import-maps to control stuff.  I don't have NAT requirements so I
don't have to worry about that.  NAT and WCCP are other features that are
lacking depending on the version of code on whatever platform...

On Fri, Jul 16, 2010 at 6:17 AM, Jeff Bacon <bacon at walleyesoftware.com>wrote:

> I have a mesh of 6500s connected via various gig fiber links. The 6500s
> have multiple VRFs defined, but of course most things interesting live
> in the global zone.
>
> I want a host on a VRF on a 6500 to be able to connect to another
> destination that is reachable through the global zone. Most likely it
> will be on the same 6500, but ideally it would be the same one way or
> the other.
>
> Basically, how do you leak routes between VRF and global? Between VRF
> and VRF I get. VRF<>global, not so clear; "MPLS fundamentals" provides a
> couple of examples but it's aimed more at a "how to connect VRF to
> internet so you have one static global route entry... ick.
>
> I can see the possible solution of creating a GRE tunnel within the
> switch itself, with one end in the VRF and the other end in the global
> and using "tun vrf" to get them to link, but this seems just a shade
> ugly (though it also happens to provide a nice fixed point in space for
> applying ACLs, etc.)
>
> Or of course there's the "hairpin" solution. I might be able to live
> with that, probably better than the GRE answer... but that doesn't mean
> I have to like it, does it? :)
>
> Thanks,
> -bacon
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list