[c-nsp] routing between VRF and global

[Brett Frankenberger]

On Tue, Jul 20, 2010 at 02:15:37PM -0500, Jeff Bacon wrote:
> 
> Which means the only real option is a "GRE internal hairpin". Except I
> can't see how you would implement a tunnel with both endpoints are on
> the same device - 

    int lo1
     ip address 10.0.0.10/32
    int lo2
     ip address 10.0.0.20/32
    int tun1
     ip address 10.0.0.1/30
     tunnel source lo1
     tunnel destination 10.0.0.20
    int tun2
     ip vrf forwarding vrfX
     ip address 10.0.0.2/30
     tunnel source lo2
     tunnel destination 10.0.0.10
(The above is between gobal and vrfX; works just as well between two
VRFs.)  Then you can configure whatever sort of routing you like
(dynamic protocols, or static routes) across the tunnel.  For example:
    ip route _._._._ _._._._ tun1  (Routes something from Global to vrfX)
    ip route vrf vrfX _._._._ _._._._ tun2 (Routes from vrfX to Global)

> and even if you could, is that the sort of
> configuration you'd want other people to see? 

I'm doing it in production on ASR1Ks and 7206s.  Works fine ...

> Because my devices are in
> pairs, I could GRE from one to the other.... but at that point, why not
> just use a physical hairpin, other than the cost of the physical ports?

The physical ports are points of failure.  The GRE tunnel is up as long
as the router is up; the physical ports are up as long as the router is
up *and* the hardware supporting the physical ports is working.

(Also, depending on how much traffic is flowing and what interfaces are
used, of course, physical ports could be a bottleneck.)

     -- Brett