Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VRF to Internet access

Hello,

I have a VRF implemented on our internet gateway for a customer network. And in order for this VRF to be able to access internet and the VRF subnet get advertised into BGP to ISP router I added two static routes in the configuration as below.

ip route <vrf_subnet> <vrf_interface>  ----so that global routing table has entry for the vrf subnet and get advertised into BGP routes

ip route vrf <vrf_name> 0.0.0.0 0.0.0.0 <ISP interface> <ISP next hop ip address> global   --- so that vrf routing table has a default route to internet

Now my question is if I have multiple customers set like this on the same router then I will end up adding ip route vrf defualt routes to all the VRFs to be able to access internet. But by doing that I am also allowing access from one vrf to another, right? Which would beat the vrf puspose I am applying it for.

Could someone let me know if my approach is right, or is there another way I can do this?

Thank you.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Super Bronze

VRF to Internet access

Hi,

You approach is correct.  This is the only way you can provide Internet access to your customers.  Also, by doing that you are not allowing access from one vrf to another. In order for one vrf to access another one you would need to do export/ import between the vrfs or use export map.

HTH

4 REPLIES
VIP Super Bronze

VRF to Internet access

Hi,

You approach is correct.  This is the only way you can provide Internet access to your customers.  Also, by doing that you are not allowing access from one vrf to another. In order for one vrf to access another one you would need to do export/ import between the vrfs or use export map.

HTH

New Member

VRF to Internet access

Thanks for confirming this Reza!!

New Member

VRF to Internet access

I have another question on the same topic... when would I use address-family ipv4 under BGP process?? Can that be used to redistribute vrf routes into global/BGP routing table?

VIP Super Bronze

VRF to Internet access

Address-family is used to separate one vrf from another and also to separate ipv4 peering from ipv6.  I am not sure if you can use it to redistribute from vrf to global.  I have only seen it using static route. 

HTH

374
Views
0
Helpful
4
Replies
CreatePlease to create content