Catalyst 6500 Routing instances

Unanswered Question
May 20th, 2009
User Badges:

Hi all, I have a Catalyst 6513 switch with supervisot 720-10G.

I need to connect my ISP cable there, and route all the internal network with aproximated 100 VLANS.

What i want to do is to create 2 routing instances (all of them with static routing). One routing instance to route the external networks and other instance to route the internal networks.


How can I do it?


I thought to create a VRF to route the external networks, and route the internal networks with the global routing table instance. For that I've created a vrf and assigned a phisical interface with an IP (where i connect muy ISP cable) to it. I alsa created a loopback interface with it's associated ip into the vrf. Then i create other loopback interface into the Cat6500 in the same network segment, to communicate with the vrf, bot i cannot ping the 2 loopback interfaces.


What i'm doing i correct? Should I use VRF for my problem or is there another solution so solve this?.

Thanks a lot!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Wed, 05/20/2009 - 11:37
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Nicolas,

a VRF is completely isolated from the global routing table.

To build a communication path between the VRF and the GRT you should use two Vlans, two SVI L3 Vlans.

the first Vlan is associated to the VRF.

the second vlan is associated to the GRT.

Both use the same ip subnet.


then you connect with a cable two switch ports.

port 1 is associated to vlanX

port 2 to vlan y


cross-over cable between gx/y and gx1/y1


int gix/y

switchport

switchport mode access

switchport access vlan X


int gix1/y1

switchport

switchport mode access

switchport access vlan X


int vlan X

ip vrf forwarding VRF-name

ip address 10.10.10.1 255.255.255.0

no shut


int vlan X1

mac-address another-mac

ip address 10.10.10.1 255.255.255.0

no shut


the problem with loopbacks is they cannot communicate with external world.


SVI are the right tool here, but it is better to change the MAC address used as a source by one of them (actually by default all SVIs use the same MAC address in a chassis)


to complete the solution you need the correct static routes in VRF and in GRT.


Final note:

if you don't put a transparent firewall or other device between VRF and GRT you can also consider to not use the VRF at all.


Hope to help

Giuseppe


nicolas.delrio Thu, 05/21/2009 - 10:23
User Badges:

Thanks a lot Giuseppe, but the only way to interconnect a VRF with the GRT is patching 2 ports? If i do this y spent 2 ports on muy switch. What i want to do is to create a virtual interface. Doeas virtual interface exists here? (i mean virtual interface, not subinterfaces).


Thanks a lot again

Actions

This Discussion