[c-nsp] routing between VRF and global
Christopher Gatlin
gatlin007 at gmail.com
Tue Jul 20 16:27:46 EDT 2010
You can NAT from an interface with VRF membership to an interface in the
global table.
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftnatvpn.html
Chris
On Tue, Jul 20, 2010 at 2:15 PM, Jeff Bacon <bacon at walleyesoftware.com>wrote:
> Unfortunately, I've realized I've missed something fairly fundamental:
>
> All of the tricks for leaking routes between GRT and VRF are just that,
> route leaks. But to have the flow be subject to NAT, you need the packet
> to come through an interface that you can put a "ip nat inside" on.
>
> Which means the only real option is a "GRE internal hairpin". Except I
> can't see how you would implement a tunnel with both endpoints are on
> the same device - and even if you could, is that the sort of
> configuration you'd want other people to see? Because my devices are in
> pairs, I could GRE from one to the other.... but at that point, why not
> just use a physical hairpin, other than the cost of the physical ports?
>
> (Using another device to do the NAT is impractical for a lot of reasons,
> the two largest being:
> - I don't have space or power in every co-lo I'm located in for Yet
> Another Device - one of the points of the 6500s was to combine
> everything I needed into a single pair of devices.
> - it'd require a non-baby ASR to keep up with some of the traffic loads
> due to microbursting, driving the cost through the roof.)
>
> At some point you have to give up and say "you just can't do it that
> way". *sigh*
>
> -bacon
> And yet still, we buy Cisco...
>
>
> > -----Original Message-----
> > From: Orlov, Sergey [mailto:sorlov at amt.ru]
> > Sent: Sunday, July 18, 2010 3:38 PM
> > To: Jeff Bacon
> > Cc: cisco-nsp at puck.nether.net
> > Subject: RE: routing between VRF and global
> >
> > Hi Jeff,
> >
> > Other possible tricks:
> >
> > 1. BGP Support for IP Prefix Import from GRT into a VRF:
> > http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_
> bgivt.html<http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_%0Abgivt.html>
> > 2. (may be useful depending on your particular problem) VRF source
> selection:
> > http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/vrfselec.html
> >
> > --
> >
> > Regadring "internal hairpin" on GRE tunnel: you can run into MTU-
> > related issues. And of course the internal forwarding path could be
> > unsuspected in this case.
> >
> > --
> > Sergey
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list