Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static IP Route VRF

WEB Servers

|

Firewall (Customer Z VRF)

10.20.20.1 | | 10.10.10.1

| |

Switch

/ \

/ \

(20.2) A B (10.2)

| \ / |

| / \ |

RR-1---Core-2 Core-1----RR-2

| |

ISP-1 ISP-1

There are two redundant links from Dist-A and Dist B,to firewall,and

redundant links from Dist-A and Dist-B to Core-1 and Core-2, firewall want

to prefer Dist-A rather than Dist-B pointing static route with high AD to

B to remote sites located on other end of ISP.Am receiving routes from

another end (behind ISP) from active Core 1 and core-1 is passing routes to

Dist-A and Dist-B,

Customer Z VRF Firewall want the traffic to be from the interface 10.20.20.1

for webservers,when applying static routes for webservers on Dist-A and

Dist-B the static route on B pointing to 10.20.20.1 will it work or traffic

will be blackholed??? give me alternate solution or any link with example

configuration that link between Dist-A and firewall shld be active and the link between Dist-B shld be standby.

Dist-A

ip route vrf customer Z 100.100.100.0 255.255.255.0 10.20.20.1

ip route vrf customer Z 100.100.100.0 255.255.255.0 10.10.10.1 2

Dist-B

ip route vrf customer Z 100.100.100.0 255.255.255.0 10.20.20.1

ip route vrf customer Z 100.100.100.0 255.255.255.0 10.10.10.1 2

1 REPLY
Hall of Fame Super Silver

Re: Static IP Route VRF

Hello Adam,

your question is not totally clear.

I've understood you would like to have a clear hierachy for customer Z routes coming from web servers and going to customerZ remote sites via core routers.

However, it is not clear where VRF segregation terminates: that is are the core routers VRF aware and have a logical interface for VRF customerZ?

you have presented an example of configuration for the two distribution nodes but it is not clear if the IP subnets involved as IP next-hops of these static routes are in VRF customerZ or not.

This because you wonder about possible blackholes.

In addition a dynamic routing protocol has to be preferred for its capability to detect topology failures.

or if static routes are mandatory you should use reliable static routing with object tracking if supported by your devices.

see

http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html

Also knowing what devices are involved and what IOS image they are running would help

Hope to help

Giuseppe

3224
Views
0
Helpful
1
Replies