Isolating routing between to segments

Unanswered Question
Nov 26th, 2008
User Badges:

I have requirements to route between to different subnets but need to isolate the routing from other interfaces on the router. I have a 6509 and need to integrate an old route that is not up to par. I was looking at map-routes to keep the routing on the two interfaces correct, but I am need to also stop the other routed traffic from seeing the two isolated segments and interfaces. When I assign the interface vlan (with an IP Address) an entry is added to the route table (RIP) and could be used by other local traffic.


Can I remove the route entry or use a “private vlan” to stop communication between the two routing environments


Thanks

Dan


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 11/27/2008 - 03:54
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Dan


If you want completely separate routing tables then you need to look at something like vrf-lite. Attached is a link to a doc that explains the concept of vrf-lite -


http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html#wp80419


If you want to configure it just do a search on Cisco site for "4500 vrf-lite". For some reason i can never find the 6500 vrf-lite configuration but it is the same.


Vrf-lite allows you to associate interfaces to specific vrf's and each vrf has it's own independent routing table.


Jon

Giuseppe Larosa Thu, 11/27/2008 - 04:49
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

hello Dan, Jon

I agree with Jon the best tool here is an MPLS VRF: Virtual routing table:


Example:


ip vrf Legacy

rd yourBGPASnumber:100

int vlan X | gi x/y

ip vrf forwarding Legacy

! retype the ip address !!

int vlan Y | gi z/k

ip vrf forwarding Legacy

! retype the ip address !!

This put the two interfaces in a separate routing table.

You can also run routing protocol over it

router rip

version 2

address-family ipv4 vrf Legacy

network x.x.x.x



Hope to help

Giuseppe


glen.grant Thu, 11/27/2008 - 04:01
User Badges:
  • Purple, 4500 points or more

Can't you just use ACL's to regulate whats going in and out of those subnets ?

Actions

This Discussion