Route Leaking from Multiple VRF's into the Global RT Dynamically

vdadlaney · ‎09-17-2008

I have looked through quite a few posts however am not able to confirm if this is possible or not. I have multiple VRF's configured and I would like to have all the routes from all the vrf's be leaked into the Global RT. Since there are multiple VRF's using static routes is not an option. Is there a way to dynamically exchange the routes. I am using only VRF-Lite and plan to use BGP and RIP as the vrf-aware routing protocols. I did read a post where it was mentioned to connect a back-to-back cable with one end in a VRF and the other in the global RT however am not comfortable doing this as this. The device being used is a 6500. Thanks for your help.

danail-petrov · ‎09-18-2008

In few words - yes, it's possible. I will show you how to achieve this.

Let's say that you have two customers, Customer A and Customer B therefore you need two VRFs for each of them. For instance:

ip vrf CustomerA

rd 65500:10

route-target export 65500:10

route-target import 65500:20

!

ip vrf CustomerB

rd 65500:20

route-target export 65500:20

route-target import 65500:10

!

Are you following me ...

router bgp 200

no synchronization

bgp log-neighbor-changes

no auto-summary

!

address-family ipv4 vrf CustomerA

no synchronization

network 172.16.10.0 mask 255.255.255.0

exit-address-family

!

address-family ipv4 vrf CustomerB

no synchronization

network 172.16.115.0 mask 255.255.255.0

exit-address-family

!

Let's say that we have two vlan interfaces to each of our customers:

interface GigabitEthernet0/0.10

encapsulation dot1q 10

ip vrf forwarding CustomerA

ip address 172.16.10.1 255.255.255.0

interface GigabitEthernet0/0.20

encapsulation dot1q 20

ip vrf forwarding CustomerB

ip address 172.16.115.1 255.255.255.0

That is enough. It works like a charm. Now the CustomerA is able to reach Customer's B network 172.16.115.0/24 (Sometime you must execute the clear ip bgp * in order to get it work)

Here is some output:

Router#show ip bgp vpnv4 all

BGP table version is 7, local router ID is 10.0.0.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 65500:10 (default for vrf CustomerA)

*> 172.16.10.0/24 0.0.0.0 0 32768 i

*> 172.16.115.0/24 0.0.0.0 0 32768 i

Route Distinguisher: 65500:20 (default for vrf CustomerB)

*> 172.16.10.0/24 0.0.0.0 0 32768 i

*> 172.16.115.0/24 0.0.0.0 0 32768 i

Router#show ip route vrf CustomerA 172.16.115.0

Routing entry for 172.16.115.0/24

Known via "bgp 200", distance 20, metric 0 (connected), type external

Routing Descriptor Blocks:

* directly connected, via GigabitEthernet0/0.10

Route metric is 0, traffic share count is 1

AS Hops 0

Router#show ip route vrf CustomerB 172.16.10.0

Routing entry for 172.16.10.0/24

Known via "bgp 200", distance 20, metric 0 (connected), type external

Routing Descriptor Blocks:

* directly connected, via GigabitEthernet0/0.20

Route metric is 0, traffic share count is 1

AS Hops 0

Router#ping vrf CustomerA 172.16.10.1 source Gi0/1.20

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:

Packet sent with a source address of 172.16.115.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Hope it helps ;-)

vdadlaney · ‎09-18-2008

Hi Danail,

Thank you for responding. However I have no problems with talking between VRF's. I would like to know if it is possible to get the various routes in the VRFs into the Global Routing table dynamically. Please note I mean the Global Routing table. Per your config above you are using the RT to import the routes between A and B but how would I get the routes from A and B into the Global Routing table Dynamically. Using static vrf routes with the global keyword is not an option for me due to the number of VRF's that I have and the number of routes in each VRF. Thx

Deniz AYDIN · ‎09-18-2008

Hi,

I have also this kind of problem. I have talked with cisco tac, and as far as Ä± know there is no way to do this dynamically.

Harold Ritter · ‎09-24-2008

Vikram,

There is a feature that allows to dynamically import routes from the GRT into a VRF but not the other way around.

To dynamically advertise routes from the VRF to the GRT, you could configure a hairpin between the VRF and the GRT and run a BGP session between the two.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

amitbatra · ‎10-14-2008

Hi ,

Could you please share the configuration of hairpin.

may be a sample.

regards

ed · ‎10-21-2008

Hi,

Please do share this hairpin info.

I can leak static default routes into my vrf's but this is not very scalable for me as I have 4 dynamic default routes out of my network, which would mean I would have to add 4 static routes per vrf for resilience.

Regards

amitbatra · ‎10-21-2008

Hi ,

i know how to create a GRE tunnel and run routing protocol on the top of it to exchange routes.

I dont know whether they all that Hairpin.

if that is the case i can share that information with you

ed · ‎10-21-2008

Hi,

I do not think this is what I am looking for.

I have two "NAT" PE routers at the edge of our MPLS network. These default route to two firewalls in the global routing table on two separate networks, thus creating four possible routes to the Internet.

I was looking to advertise a default route into my VRF's dynamically instead of having to add 4 statically weighted routes.

Regards,

amitbatra · ‎10-22-2008

Send me ur config and in detail what you wanna achieve. i will see what i can do for u.

regards

amit