Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
877
Views
0
Helpful
3
Replies

Dynamic Routing between Global routing table and a VRF

jerroldf
Level 1
Level 1

‎11-30-2007 08:29 PM

We are receving internet routes and a few specific /24 routes from a sister company over an MPLS cloud. Our sister company and our CE are members of the same enterprise vrf. We want to do Policy based routing to make decisions based on the source IP address and when we invoke PBR on our CE it removes the Enterprise VRF from that particular interface. Besides using static routes with the global switch is there a way to dynamically exchange routing information between a global routing table and a vrf?

Thanks for taking the time to review this post!

Jerrold

Labels:
0 Helpful
3 Replies 3

swaroop.potdar
Level 7
Level 7

‎12-01-2007 10:14 AM

Connect back to back 2 interfaces on a edge router. (for eg on R1 connect interface gi1/0/0 to gi1/0/1 ) populate one side with a vrf and other side in global routing table form adjacency over that connection between the vrf and the global routing table.

Although I did not get the objective of why you want to do PBR but this is the only way which I can think offhand which would eliminate static routes completely for traffic outgoing or return path.

HTH-Cheers,

Swaroop

0 Helpful

shannong
Level 4
Level 4
In response to swaroop.potdar

‎12-01-2007 10:52 AM

Not all the companies will continue to be considered trusted entities. The link into the MPLS cloud delivers traffic from multiple locations advertised from a single BGP peering session with the PE. Some of those locations will remain internal/trusted sources while others will be considered external/untrusted. Also, the Internet traffic is delivered form this same connection.

The objective is to separate traffic onto different layer 3 links as they exit the edge router. This will allow us to provide firewall services with the traffic landing on different interfaces of a transparent firewall. Since the interfaces are separate, they'll ACLs will be separate as well.

There is support for VRF selection with PBR, but the interface must be removed from the VRF and the "ip vrf receive" used instead. So we cannot learn the routes via BGP in a VRF, and so they land in the global routing table.

We still desire to have the traffic exit the edge router on L3 links that are in separate VRFs. This means we need to dynamically and bidirectionally share routing information from the VRFs that point inside to the firewall with the global routing table.

There is support for importing routes from the global routing table to a VRF using "import ipv4 unicast". However, I cannot find a direct method to dynamically import routes from a VRF to the global routing table.

With a back to back connection, would the traffic flow across the link or would it simply be a method of learning the routes and hext hop?

0 Helpful

swaroop.potdar
Level 7
Level 7
In response to shannong

‎12-03-2007 08:54 AM

Yes the traffic will flow across the back to back connected link btoh ways in and out respectively to reach vrf or global as required.

HTH-Cheers,

Swaroop

0 Helpful
Customers Also Viewed These Support Documents