irisrios Fri, 01/25/2008 - 09:13
User Badges:
  • Silver, 250 points or more

A VRF table stores routing data for each VPN. Each VRF table has a n IP routing table, a derived Cisco Express Forwarding (CEF) table, and guidelines and routing protocol parameters that control the information that is included in the routing table.

keegan.holley Fri, 01/25/2008 - 10:06
User Badges:

what about the global routing table? Is that considered a vrf with no RD or are those routes automatically imported into every vrf?

sarfaraz1981 Fri, 01/25/2008 - 23:43
User Badges:


global routing table works as normal routing table. it will not communicate with vrf vpn routng table not even imported into vrf. to import the global routing table into vrf routing table u need to define static route.networks which is not associated with vrf it will communicate with non vrf networks.

keegan.holley Sat, 01/26/2008 - 09:46
User Badges:

hmm.. My company actually uses Juniper mpls so excuse my lack of clue, here. Say for example you have a PE router with various clients connecting as well as 1 or two upstream links for internet connectivity. Assuming that teh internet routes are placed into the global routing table how would you leak the customer (public) routes into the internet table (and vice-versa) to give them internet access?

yagnesh_tel Sat, 01/26/2008 - 14:19
User Badges:
  • Silver, 250 points or more

The most viable solution used for having internet access in case of MPLS VPN is to place a static default route within the customer VRF (in your case two static default routes pointing to two different global next hop addresses), So the packets that do not match any of the routes contained within customer VRF will be sent to the your internet gateways.

The following is an example of the static route.

ip route vrf customerA global

In Cisco implementation a global keyword is used within the static default route. The global keyword specifies that the next hop address of the static route should resolved within the global routing table, not within the customerA VRF. You need to make sure how juniper implementation does that task.

As mentioned by you, you can inject Internet routes into the VRF but this will create extra complexity besides putting stress on your PE router. Although if you use this approach then you can achieve optimal routing considering two Internet gateways in your case.

Also to route the packets coming back from the Internet and destined to the customer network, configure a static route pointing to the customer facing interface in the global routing table on PE. Redistribute it into your IGP so that the Internet gateway has that route in its global routing table. This allows the Internet gateway to route all packets coming from the Internet to PE, and to the final destination inside your customer's network. But this step is only necessary if customer network has global addresses in their network.


shaharurrizal Sat, 01/26/2008 - 17:50
User Badges:

I think the answer is Route Target (RT) as per defined in RFC 4360 BGP Extended Communities Attribute.

The usage of RT is defined in RFC 4364 BGP/MPLS IP Virtual Private Networks (VPNs).

Took from Cisco Press MPLS Fundamental:


An RT is a BGP extended community that indicates which routes should be imported from MPBGP

into the VRF. Exporting an RT means that the exported vpnv4 route receives an additional

BGP extended community-this is the RT-as configured under ip vrf on the PE router, when the

route is redistributed from the VRF routing table into MP-BGP. Importing an RT means that

the received vpnv4 route from MP-BGP is checked for a matching extended community-this

is the route target-with the ones in the configuration. If the result is a match, the prefix is put into

the VRF routing table as an IPv4 route. If a match does not occur, the prefix is rejected. The

command to configure RTs for a VRF is route-target {import | export | both} route-target-extcommunity.

The keyword both indicates both import and export.


keegan.holley Sat, 01/26/2008 - 18:26
User Badges:

What about the routes in the global BGP table? By default they do not have an RD/RT. Say for example you had the vrf below.

ip vrf vpn17

import 1234:17

export 1234:17

How would you leak routes from vpn17 into the global BGP table where the internet routes from your upstreams are stored. Alternatively, if the customer in vpn17 requested that you advertise the full table to them how woul you leak the internet routes into their table?

yagnesh_tel Sat, 01/26/2008 - 21:18
User Badges:
  • Silver, 250 points or more


If your requirement is limited to giving Internet access to customer as well as advertising few VPN networks/routes to the internet then static/default routes are good enough for that. (As mentioned in my earlier post).

Or else you can do this in dynamic way by using global import export map in your juniper implementation. (See the links below)


keegan.holley Sat, 01/26/2008 - 22:18
User Badges:

Thanks, for replying. I already know how to do this with a Juniper router. The inet.0 table is considered a vrf with no RD. You can use policies or rib groups to accomplish route-leaking. I was just curious how to do the same with a cisco router.

sarfaraz1981 Sun, 01/27/2008 - 00:44
User Badges:


i have a doubt abt Mpls/VPN route leaking.

by configuring static route with global keyword command we can have access from customerA vpn vrf to global routing table, what if we want to leak the routes from global to customer vrf routing table?

or if we confgire static router with global command, is it work both way?

i will appricaite ur response.

yagnesh_tel Sun, 01/27/2008 - 11:47
User Badges:
  • Silver, 250 points or more


Juniper implementation of global import export map is similar to Cisco implementation of route map. So you can import global routes into vrf using route map.(See the link below). Although in Cisco implementation it is always recommended to use static/default route for this purpose.


If I understand correctly then you want to know that by configuring static route with global keyword in vrf, can you access vrf networks from internet side or not? The answer is no. Static default route with global keyword only enabled particular vrf to use global routing table incase it doesn't find route in its own table. So in order to achieve connectivity from internet side to your vrf network you have to configure another static route pointing to the customer facing interface in the global routing table and redistribute it into your IGP so that the Internet gateway has that route in its global routing table. It is worth to note that your vrf network has to be a global address in order to put it into global routing table this way.


This Discussion