about communication between VRF and global route

Unanswered Question
May 8th, 2007

Hi folks,

normally, when I've to use a global source from a VRF, I could use a static route like this:


The question is: how the upstream traffic from global to VRF works? There's something like a 'magic IOS tunnel' with the 'global' command, or what?

Second question, but correlated: how to use a VRF source from the global route?

Please help me to understand the relationships between VRF and global.

Thanks for your support



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
mohammedmahmoud Tue, 05/08/2007 - 03:35


The global keyword specifies that the next hop address of the static route is resolved within the global routing table, not within the the customer VRF, as for the back traffic you still need another route for the customer IPs in the global routing table pointing back to the customer interface on the PE router (you'll need to Redistribute it into the IGP so that the Internet gateway has that route in its global routing table to be able to forward the traffic back). (its all about leeking routes between the global routing table and the VRF routing table)

NOTE: There is no requirement for a VRF to have a full routing table from the Internet, so a static default route is put in a VRF pointing to the global next hop address of the internet gateway.

NOTE: This method is not recommended when customers have only private addresses in their network.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

ariela Tue, 05/08/2007 - 04:37

Hi Mohammed,

well, is it something like a "loop cable" solution on the PE? one interface in global and one in VRF?

Thanks for your support



mohammedmahmoud Tue, 05/08/2007 - 05:18

Hi Andrea,

It is some kind of route Leaking from the global routing table into a VRF and Route Leaking from a VRF into the global routing table.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

mheick Fri, 01/09/2009 - 22:20

In your comments you mentioned that the approach is not recommended when customers have a private network. I have just that. what other way can you inject a default route from the global table into the customer vrf? Then also leak a private subnet from the customer into the global. I have read countless docs and posts and nothig seeems to work.

What I am trying to do is allow a subnet from the Customer vrf to be accessible to the global so that an IP phone can register to the call manager, and a workstationcan utilize dns/dhcp services.

My questions are:

1) Should the private subnet be leaked on the PE router that is directly connected to CE router containing the private subnet?

2) I would prefer to leak a default route into the customer vrf, that then propagates out to the remotes from the hubsite. How do I accomplish this?


This Discussion