Static IP Route VRF

Unanswered Question
Nov 17th, 2009

WEB Servers

|

Firewall (Customer Z VRF)

10.20.20.1 | | 10.10.10.1

| |

Switch

/ \

/ \

(20.2) A B (10.2)

| \ / |

| / \ |

RR-1---Core-2 Core-1----RR-2

| |

ISP-1 ISP-1

There are two redundant links from Dist-A and Dist B,to firewall,and

redundant links from Dist-A and Dist-B to Core-1 and Core-2, firewall want

to prefer Dist-A rather than Dist-B pointing static route with high AD to

B to remote sites located on other end of ISP.Am receiving routes from

another end (behind ISP) from active Core 1 and core-1 is passing routes to

Dist-A and Dist-B,

Customer Z VRF Firewall want the traffic to be from the interface 10.20.20.1

for webservers,when applying static routes for webservers on Dist-A and

Dist-B the static route on B pointing to 10.20.20.1 will it work or traffic

will be blackholed??? give me alternate solution or any link with example

configuration that link between Dist-A and firewall shld be active and the link between Dist-B shld be standby.

Dist-A

ip route vrf customer Z 100.100.100.0 255.255.255.0 10.20.20.1

ip route vrf customer Z 100.100.100.0 255.255.255.0 10.10.10.1 2

Dist-B

ip route vrf customer Z 100.100.100.0 255.255.255.0 10.20.20.1

ip route vrf customer Z 100.100.100.0 255.255.255.0 10.10.10.1 2

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 11/24/2009 - 05:04

Hello Adam,

your question is not totally clear.

I've understood you would like to have a clear hierachy for customer Z routes coming from web servers and going to customerZ remote sites via core routers.

However, it is not clear where VRF segregation terminates: that is are the core routers VRF aware and have a logical interface for VRF customerZ?

you have presented an example of configuration for the two distribution nodes but it is not clear if the IP subnets involved as IP next-hops of these static routes are in VRF customerZ or not.

This because you wonder about possible blackholes.

In addition a dynamic routing protocol has to be preferred for its capability to detect topology failures.

or if static routes are mandatory you should use reliable static routing with object tracking if supported by your devices.

see

http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html

Also knowing what devices are involved and what IOS image they are running would help

Hope to help

Giuseppe

Actions

This Discussion