Communicate between Globally Connected Network and VRF !!!on Same Device!!!

ngriffin · ‎10-20-2008

This seems to be a very common question and I can relate it to this. You have a layer 3 switch with 2 vlans, one vlan in VRFA and the other Vlan in the Global table. You want the to to be able to communicate, but to me from reading all the posts this seems difficult. You can not get the route into the VRF when the route to the Global destination is the device your are attempting to add the route on. This works just fine if I use the global keyword and an adjacent router, but what happens if this isn't practical? Say for example in a closet switch, or across a MAN, why would I want to have to bounce inter-vlan traffic upstream only to be sent back down? Can you add a route into a VRF for a global prefix that terminates on the same device????? Every single example I see shows the route to a point to point interface, this is not a vlan interface, can someone provide any recommendations? I realize, this is a hack, and it is a temporary, backwards compatible requirement.

Harold Ritter · ‎10-27-2008

Nick,

It is certainly possible to provide IP connectivity between two devices, one in the GRT and the other one in a VRF, both connected to a L3 switch.

The only restriction is that you can't just configure an outbound interface for a VRF specific route. You also need to configure the next hop address. So the config would look something like this on the L3 switch.

ip vrf red

rd 1:1

interface e0/0

ip vrf forwarding red

ip address 192.168.12.1 255.255.255.0

!

interface e1/0

ip address 192.168.13.1 255.255.255.0

!

ip route 192.168.12.0 255.255.255.0 e0/0

ip route vrf red 192.168.13.100 255.255.255.255 e1/0 192.168.13.100

!

This would allow any device in subnet 192.168.12.0/24 to communicate with 192.168.13.100. You would need to add host routes for additional destinations in subnet 192.168.13.0/24

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

ngriffin · ‎10-28-2008

Thanks for your response. I did however find an alternate solution that at this point seems to be a little less involved. "BGP Support for ipv4 Prefix Import". This for me worked well, you just need to make sure that the prefixes you wish bring in from the Global Table exist in the BGP GRT RIB, see example below:

ip vrf VRF1

import ipv4 unicast map GLOBAL->VRF

!

router bgp 1

redistribute connected route-map CONNECTED->BGP metric 5

!

address-family ipv4 vrf VRF1

!

interface vlan X

ip address 1.1.1.1 255.255.255.0

!

ip prefix-list GLOBAL->VRF permit 1.1.1.0/24

!

route-map GLOBAL->VRF

match ip address prefix GLOBAL->VRF

!

route-map CONNECTED->BGP

match interface vlan X

The other gotcha that seemed to irritate me a bit is that when you apply the ipv4 map to the VRF to filter your global routes, this also seems to filter prefixes imported via other RT's as well.

Thanks again!