VRF-Lite, Route Leaking, ACL to control traffic between VRFs
Recently we implemented VRF-Lite I our struture.
In that job we also implemented RouteLeaking Between Coustumer VRFs, and our VRF(where we provide some services as Backup, Monitoring, NFS/iSCSI), etc, etc, etc...
We control those route-leaking with route-maps(there are many examples in this forum).
It is working fine, and does no consume so much resource of our cores as we were expecting.
But what we would like to do is to filter the traffic passing from one VRF to another VRF.
Lets imagine that those VRF would be different phisical routers.
Wolud exist common interface between then.
And wolud be possible to aply ACLs on those Interfaces.
What we want to do is something like that, but inside the same router, between the VRFs.
I tried to search some solution to that(google, cisco, supportforum), but I think that I'm not using the correct terms on the search.
I was looking the possible commands related to that and a found:
This is the VRF of our costumer, and my undestanding of that command is that any traffic leaked via from this VRF via BGP would be sourced from an specific loopback and there we would aply the ACLs that we need. Am I right?
next-hop Next-hop for the routes of a VRF in the backbone
core-siteA(config-vrf)#bgp next-hop ?
Loopback Loopback interface
core-siteA(config-vrf)#bgp next-hop loopback ?
<0-2147483647> Loopback interface number
core-siteA(config-vrf)#bgp next-hop loopback 0 ?
This would be the route-map used on reoute leaking, and the Idea in this case is force the traffic that goes to our-company VRF to pass for an specific Loopback and there we would aply the ACLs that we need. But my doubt is if this SET can be used on a route-leaking route-map !?!
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.