Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
616
Views
0
Helpful
5
Replies

Multi-VRF on the CE

noobieee7
Level 1
Level 1

‎07-24-2010 08:15 AM - edited ‎03-04-2019 09:10 AM

Hi,

I am running BGP between my service provider PE and my CE. I have a customer which has 2 different VRFs. They wish to purchase a server at the CE end which should be able to talk to both the VRFs. I can only think of setting up the server with 2 different NIC port, each connected to 1 VRF and doing static routes. This is not scalable so I am wondering if there is any other setup that can be done on either the PE or the CE end? The CE on my end is a 3750G.

Regards,

Labels:
0 Helpful
5 Replies 5

Reza Sharifi
Hall of Fame
Hall of Fame

‎07-24-2010 12:16 PM

Hi,

You don't have to have 2 NICs.  You need to leak the VRFs together, so that resource (server) is shared between the 2 VRFs.

For example, on the CE route if you have vrf-a and vrf-b, you can configure vrf-c and add the server to vrf-c.  Then you need to do export and import from vrf-a and vrf-b in to vrf-c and also from vrf-c to vrf-a and vrf-b.

Here is an example:

In this example vrf data and voice are imported into the dmz.  dmz is the shared vrf and that is where you add the server vlan/subnet.

ip vrf data
rd 3:3
route-target export 3:3
route-target import 3:3
route-target import 5:5

ip vrf dmz
rd 5:5
route-target export 5:5
route-target import 5:5
route-target import 2:2
route-target import 3:3

ip vrf voice
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 5:5

HTH

Reza

0 Helpful

noobieee7
Level 1
Level 1
In response to Reza Sharifi

‎07-24-2010 05:49 PM

Hi Reza,

One question, by doing the below:

ip vrf dmz
rd 5:5
route-target export 5:5
route-target import 5:5
route-target import 2:2
route-target import 3:3

Won't I be exporting all the routes that I have imported from RT 2:2 and 3:3 back to them?

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to noobieee7

‎07-24-2010 06:02 PM

No, only the vlans you put in the DMZ vrf (in this case) is accessible by data and voice, but data and voice can't communicate with each other. (only with DMZ). Basically vrf DMZ is a shared vrf.

HTH

Reza

0 Helpful

noobieee7
Level 1
Level 1
In response to Reza Sharifi

‎07-24-2010 06:25 PM

Hi Reza,

Just to double confirm, the routes imported to vrf DMZ from vrf DATA and vrf VOICE will not be exported by vrf DMZ and re-imported back to vrf DATA and vrf VOICE right?

ip vrf dmz
rd 5:5
route-target export 5:5
route-target import 5:5
route-target import 2:2
route-target import 3:3


ip vrf data
rd 3:3
route-target export 3:3
route-target import 3:3
route-target import 5:5


ip vrf voice
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 5:5

0 Helpful

mlund
Level 7
Level 7
In response to noobieee7

‎07-27-2010 03:37 AM

Hi

As Reza say's there will be no redistribution back to to the other vrf, I know because I have done this in our environment.

/Mikael

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card