[c-nsp] VRF route leaking

Wed May 6 02:07:28 EDT 2015

On 6 May 2015 at 06:43:59, Mike (mike-cisconsplist at tiedyenetworks.com(mailto:mike-cisconsplist at tiedyenetworks.com)) wrote:
> Hi,  
>  
> Now that I set off a very interesting fire storm about Internet in  
> a vrf, I have the next question, which is how do I accomplish it?  
>  
> I envision two vrf for example -  
>  
> internet - contains all my best paths and maybe including a default  
> route  
> subscribers - contains all of my internet subscriber routes, mostly  
> /32's (ipoe/pppoe customers), with a small number of /29's and larger.  
>  
> What would a simple config look like that lets my subscribers route  
> via the internet? Do I have to import the whole internet table into  
> subscribers, or ?  

4 options off the top of my head, short answer, “it depends”.

Do you care about RAM usage on your BNG?
What does the rest of your network look like?
Do you have a separate border router where the Internet comes in?

If you do, you can generate a default on your border(s) in the Internet VRF, and advertise that to a “default route only” RT (with VRF export policy) and import that RT in to your subscribers VRF. Make sure you set per-VRF label mode on your border router. This will get a default in to your subscribers VRF, packets will follow it to your border where they’ll do another route lookup (per-VRF label mode does this) and get sent to whichever peering/transit partner is best.

Instead of having a “default route only” RT, you could use an import filter on the subscribers VRF to only accept a default from the Internet RT, however, that prevents you from getting much gain from using rt-filter on routers where you only want the default. If you use a “default route only” RT, you can turn on rt-filter and only have your full table on routers that actually care about it, which is handy if you’ve got low-RAM or low-CPU boxes in your BGP network.

I’m not sure if you can on Cisco, but on Juniper you can do a static route to another VRF, with the next-table parameter when configuring the route. My understanding is you can only do static routes to or from global on Cisco. If you find you can do this however, you could do a static default route from your subscribers VRF in to your Internet VRF.

Of course, you could just import the whole Internet table in to your subscribers VRF. That’s by far the simplest, just keep an eye on your RAM.

You also need to leak your subscriber routes in to your Internet VRF, so that inbound packets can get to your subs.
What platform are you running? See my recent thread about subscriber redistribution on ASR9000 if that’s what you’re running, and if you’ve got peering/transit/non-BNG stuff on the same box as your BNG.

--  
Nathan Ward  