07-24-2010 08:15 AM - edited 03-04-2019 09:10 AM
Hi,
I am running BGP between my service provider PE and my CE. I have a customer which has 2 different VRFs. They wish to purchase a server at the CE end which should be able to talk to both the VRFs. I can only think of setting up the server with 2 different NIC port, each connected to 1 VRF and doing static routes. This is not scalable so I am wondering if there is any other setup that can be done on either the PE or the CE end? The CE on my end is a 3750G.
Regards,
07-24-2010 12:16 PM
Hi,
You don't have to have 2 NICs. You need to leak the VRFs together, so that resource (server) is shared between the 2 VRFs.
For example, on the CE route if you have vrf-a and vrf-b, you can configure vrf-c and add the server to vrf-c. Then you need to do export and import from vrf-a and vrf-b in to vrf-c and also from vrf-c to vrf-a and vrf-b.
Here is an example:
In this example vrf data and voice are imported into the dmz. dmz is the shared vrf and that is where you add the server vlan/subnet.
ip vrf data
rd 3:3
route-target export 3:3
route-target import 3:3
route-target import 5:5
ip vrf dmz
rd 5:5
route-target export 5:5
route-target import 5:5
route-target import 2:2
route-target import 3:3
ip vrf voice
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 5:5
HTH
Reza
07-24-2010 05:49 PM
Hi Reza,
One question, by doing the below:
ip vrf dmz
rd 5:5
route-target export 5:5
route-target import 5:5
route-target import 2:2
route-target import 3:3
Won't I be exporting all the routes that I have imported from RT 2:2 and 3:3 back to them?
07-24-2010 06:02 PM
No, only the vlans you put in the DMZ vrf (in this case) is accessible by data and voice, but data and voice can't communicate with each other. (only with DMZ). Basically vrf DMZ is a shared vrf.
HTH
Reza
07-24-2010 06:25 PM
Hi Reza,
Just to double confirm, the routes imported to vrf DMZ from vrf DATA and vrf VOICE will not be exported by vrf DMZ and re-imported back to vrf DATA and vrf VOICE right?
ip vrf dmz
rd 5:5
route-target export 5:5
route-target import 5:5
route-target import 2:2
route-target import 3:3
ip vrf data
rd 3:3
route-target export 3:3
route-target import 3:3
route-target import 5:5
ip vrf voice
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 5:5
07-27-2010 03:37 AM
Hi
As Reza say's there will be no redistribution back to to the other vrf, I know because I have done this in our environment.
/Mikael
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: