3560X VRF-lite and OSPF Config Question

Answered Question
Sep 17th, 2013
User Badges:

I have 2 - 3560X's running c3560e-universalk9-mz.152-1.E.bin. I want to have three different routing tables, STORE, ENDUSER, SERVER.


My question is how to setup OSPF, do I create 1 OSPF instance with all of my subnets, or do I create an instance for each VRF?


Here is some of my config


ip routing

!

ip vrf ENDUSER

description End User Segment

!

ip vrf SERVER

description Server Segment

!

ip vrf STORE

description Store Connectivity


Under each SVI, I have the VRF forwarding statement


interface Vlan12

description OFFICE-ENDUSER

ip vrf forwarding ENDUSER

ip address 192.168.1.2 255.255.255.0

Correct Answer by Rolf Fischer about 3 years 11 months ago

Hi Robert,


the segregation of the routing-tables with VRFs also includes the routing protocols, so you'll have to setup an OSPF process for each VRF:


(config)# router ospf  [vrf ]


Also keep in mind that you'll need another router (or firewall etc.) to manage the routing between networks of different VRFs, if this is desired.


Hope that helps

Rolf

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
Rolf Fischer Tue, 09/17/2013 - 06:59
User Badges:
  • Blue, 1500 points or more

Hi Robert,


the segregation of the routing-tables with VRFs also includes the routing protocols, so you'll have to setup an OSPF process for each VRF:


(config)# router ospf  [vrf ]


Also keep in mind that you'll need another router (or firewall etc.) to manage the routing between networks of different VRFs, if this is desired.


Hope that helps

Rolf

ROBERT TILLMAN Tue, 09/17/2013 - 07:38
User Badges:

I have a firewall to route between VRF's.

I don't have any overlapping IP's


Thanks guys, I setup individual OSPF instances on the switches. This seems to be working.

Joseph W. Doherty Tue, 09/17/2013 - 07:20
User Badges:
  • Super Bronze, 10000 points or more

Disclaimer


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.


Liability Disclaimer


In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.


Posting


As Rolf noted, you would normally have an OSPF instance per VRF.  Effectively, you then have 3 L3 topologies (much like VLANs do for L2).


You do have the option to leak routes between VRFs.


You also could have 3 OPSF processes, and no VRFs.


"Best" approach depends on what your needs really are.  VRFs are great if you need to support overlapping IP address spaces and/or you have some very stringent security requirements.

Actions

This Discussion

Related Content