Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VRF Interleaking - Transit ?

Hi All,

1- my problem is to understand if a vrf can be used on a router to learn routes from a second vrf, and propagate them to a 3rd one. Here is an example:

PE1

ip vrf Cust-A

rd 100:1

route-target export 100:1

route-target import 100:1

ip vrf CoreVRF

rd 100:2

route-target export 100:2

route-target import 100:2

route-target import 100:1

ip vrf Cust-B

rd 100:3

route-target export 100:3

route-target import 100:3

route-target import 100:2

interface Loopback1

ip vrf forwarding Cust-A

ip address 1.1.1.1 255.255.255.255

interface Loopback2

ip vrf forwarding CoreVRF

ip address 2.2.2.2 255.255.255.255

interface Loopback3

ip vrf forwarding Cust-B

ip address 3.3.3.3 255.255.255.255

Now, let's start with the statements I believe to be correct:

sh ip route vrf Cust-A should show only 1.1.1.1/32 , right?

sh ip route vrf CoreVRF should show 1.1.1.1/32 (imported from Cust-A), and 2.2.2.2 right?

Now the tricky bit: what should I see on show ip route vrf Cust-B ?

3.3.3.3/32 (surely, as Cust-B vrf owns this route!)

2.2.2.2/32 (surely, as Cust-B vrf imports all routes from Core vrf)

1.1.1.1/32 ??  Some Cisco documentation says NO, because Core vrf has learned that route via leaking (from Cust-A vrf), therefore it will not leak it back out onto Cust-B vrf. But in my network, that is a mix of several Cisco routers on different IOS, I think I observed it happen at times, not in all instances. I am not toally sure, given the complexity of interleaking in my network, and that is why I am asking for help.

2- The second point is: would it make any difference if some of those routes were resident on a different PE (say PE2) and be learned by PE1 via MP-BGP ?

For example if this piece of config was removed from PE1, and added to PE2:

PE2

interface Loopback1

ip vrf forwarding Cust-A

ip address 1.1.1.1 255.255.255.255

Keeping all the remaining config on PE1 as above, would it make any difference to my question's answer?

3- And if this Lo1 network was on PE2 (like just shown in my point 2- ), but the import statement from Cust-A into Core vrf was set on PE2 only (and not on PE1), would I see all the 3 routes on PE1's show ip route vrf Cust-B?

Basically with these changes as compared to the config shown in point 1- :

PE1

no int lo1

ip vrf CoreVRF

rd 100:2

no route-target import 100:1

PE2

ip vrf Cust-A

rd 100:1

route-target export 100:1

route-target import 100:1

ip vrf CoreVRF

rd 100:2

route-target export 100:2

route-target import 100:2

route-target import 100:1

interface Loopback1

ip vrf forwarding Cust-A

ip address 1.1.1.1 255.255.255.255

4- And the last point, which is maybe the crucial one, is: is anyone aware of different default behavior set by Cisco from one router platform (and IOS) to another? I suspect that this "transit behavior" of a vrf is allowed by default on my 2901 -- 15.1(4)M2, while not allowed on my 7206 -- 12.4  (I can be more specific later on this IOS, if it's needed).

I am not in the position to replicate this in a lab, because its results may depend on the platforms used (and IOS), so whichever outcome I'd obtain wouldn't be 100% reliable.

Whoever can give some input, and also develop the topic further, would do me a big favor

Thanks in advance,

Luca

Everyone's tags (6)
331
Views
0
Helpful
0
Replies