Multi-VRF on the CE

Unanswered Question
Jul 24th, 2010

Hi,

I am running BGP between my service provider PE and my CE. I have a customer which has 2 different VRFs. They wish to purchase a server at the CE end which should be able to talk to both the VRFs. I can only think of setting up the server with 2 different NIC port, each connected to 1 VRF and doing static routes. This is not scalable so I am wondering if there is any other setup that can be done on either the PE or the CE end? The CE on my end is a 3750G.

Regards,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Reza Sharifi Sat, 07/24/2010 - 12:16

Hi,

You don't have to have 2 NICs.  You need to leak the VRFs together, so that resource (server) is shared between the 2 VRFs.

For example, on the CE route if you have vrf-a and vrf-b, you can configure vrf-c and add the server to vrf-c.  Then you need to do export and import from vrf-a and vrf-b in to vrf-c and also from vrf-c to vrf-a and vrf-b.

Here is an example:

In this example vrf data and voice are imported into the dmz.  dmz is the shared vrf and that is where you add the server vlan/subnet.

ip vrf data
rd 3:3
route-target export 3:3
route-target import 3:3
route-target import 5:5

ip vrf dmz
rd 5:5
route-target export 5:5
route-target import 5:5
route-target import 2:2
route-target import 3:3

ip vrf voice
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 5:5

HTH

Reza

noobieee7 Sat, 07/24/2010 - 17:49

Hi Reza,

One question, by doing the below:

ip vrf dmz
rd 5:5
route-target export 5:5
route-target import 5:5
route-target import 2:2
route-target import 3:3

Won't I be exporting all the routes that I have imported from RT 2:2 and 3:3 back to them?

Reza Sharifi Sat, 07/24/2010 - 18:02

No, only the vlans you put in the DMZ vrf (in this case) is accessible by data and voice, but data and voice can't communicate with each other. (only with DMZ). Basically vrf DMZ is a shared vrf.

HTH

Reza

noobieee7 Sat, 07/24/2010 - 18:25

Hi Reza,

Just to double confirm, the routes imported to vrf DMZ from vrf DATA and vrf VOICE will not be exported by vrf DMZ and re-imported back to vrf DATA and vrf VOICE right?

ip vrf dmz
rd 5:5
route-target export 5:5
route-target import 5:5
route-target import 2:2
route-target import 3:3


ip vrf data
rd 3:3
route-target export 3:3
route-target import 3:3
route-target import 5:5


ip vrf voice
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 5:5

mlund Tue, 07/27/2010 - 03:37

Hi

As Reza say's there will be no redistribution back to to the other vrf, I know because I have done this in our environment.

/Mikael

Actions

This Discussion