[f-nsp] VRF

Fri Mar 28 00:49:03 EDT 2008

Hi All,

Similar to you we have been testing the Foundry MLX switches in a
centralised services model that would allow connection to specific hosts
from one VRF to another. Initially we configured local route
leaking/sharing using the standard route-target import/export
statements. Our expectation was that in a centralised services scenario
the route-targets would be imported/exported locally (as well as
remotely across MPLS). This appears not to be the case with Foundry MLX
switches. I will post our configuration and results seperately.

The software feature in version 3.7 to which you refer is of limited
use. This feature was intended to allow access from one VRF to an
external router connected to another VRF. It was not intended to create
routes to loopbacks or hosts from one VRF to another as you have tried
to do.

Our simple setup:

GW1 (1.2/24)---(1.1/24) VRF1 / VRF2 (2.1/24)---(2.2/24) GW2

ip vrf VRF1
ip route 192.168.2.0/24 next-hop-vrf VRF2 192.168.2.2

(i.e. for VRF1, insert a route to 192.168.2.0/24 for which the
[external] gateway is 192.168.2.2 is located in VRF2.)

ip vrf VRF2
ip route 192.168.1.0/24 next-hop-vrf VRF1 192.168.1.2

int eth 2/1
ip vrf forward VRF1
ip address 192.168.1.1/24

int eth 2/2
ip vrf forward VRF2
ip address 192.168.2.1/24

Our testing resulted in the following findings:
- the gateway must exist and must be external to the switch (no
loopbacks or interfaces on the switch)
- the routes must be a network address (not a host address- /31 is ok!)
- the gateway can be either a host or a router
- routes to network addresses and loopbacks appear in the VRF table (but
routes to loopbacks do not work)
- routes to host addresses do not appear in the VRF table (and do not
work)
- for the gateways to ping each other both routes (as above) need to be
present
- for a vrf ping to one of the gateways only one of the routes need to
be present (what links the VRFs in the return direction??)

Hope that helps..

________________________________

From: foundry-nsp-bounces at puck.nether.net
[mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of comnet
Sent: Tuesday, 25 March 2008 21:14
To: foundry-nsp at puck.nether.net
Subject: [f-nsp] VRF

Hi, all
I have problem with routing betwin VRF, it is not work :(
This is simple config:
===========================
ip vfr local
rd 20.20.20.1:0
int lo1 
ip vrf forward local
ip address 20.20.20.1/24

ip vrf inet
rd 30.30.30.1:0
int lo 2
ip vrf forward inet
ip address 30.30.30.1/24

ip vrf local
ip route 30.30.30.0/24 next-hop-vrf inet 30.30.30.1
ip vrf inet
ip route 20.20.20.0/24 next-hop-vrf local 20.20.20.1

ping vrf local 20.20.20.1
is ok
ping vrf inet 30.30.30.1
is ok
but:
ping vrf local 30.30.30.1
is not ok

any idea about this ?

This e-mail and any attachments may contain confidential information that is intended solely for the use of the intended recipient and may be subject to copyright. If you receive this e-mail in error, please notify the sender immediately and delete the e-mail and its attachments from your system. You must not disclose, copy or use any part of this e-mail if you are not the intended recipient. Any opinion expressed in this e-mail and any attachments is not an opinion of RailCorp unless stated or apparent from its content. RailCorp is not responsible for any unauthorised alterations to this e-mail or any attachments. RailCorp will not incur any liability resulting directly or indirectly as a result of the recipient accessing any of the attached files that may contain a virus.