1. Using static routes
2. Using route maps
3. Import - Export Policies plus Multi-Protocol BGP
4. Connecting two interfaces which belongs to two VRFs
5. Pointing traffic to a Firewall
6. Inter VRF Tunneling
Go here to know how to do inter VRF routing using static routes.
Go here to know how to do inter VRF routing using import export policies.
Go here to know how to do inter VRF inter VRF tunneling.
In this post I am doing it using route-maps. It is easy to use this method when you need to leak VRFs based on traffic source..
Diagram and configuration are like the following..
R1 has several interfaces configured to test traffic from several sources.. No VRFs configured..
IP routing table has a default route to R2's e0/0 interface..
R2 has 3 VRFs configured like the following and the ports are assigned like the following..
Routing tables of R2..
R3 has 2 VRFs configured like the following and the ports are assigned like the following..
As you can notice R2 is the only router which has the VRF ONE configured. So all the traffic is coming from VRF ONE and we leak the VRFs in R2 based on the source address of the traffic.
R3 has only the VRFs TWO and THREE configured. So the routing tables will have default routes back to R2's corresponding sub interfaces in order to reply back to the sources.
Now let's create route-maps to leak the VRFs..
Two route-maps are needed. One to identify traffic coming from R1 and switch VRFs, and another to grab return traffic from R3 and point to VRF ONE's interface.
Both maps are created in R2.
Creating ACLs to capture traffic..
Following route-map is switching traffic to VRFs based on sources..
Applying policy to interface..
R2(config)#int e0/0
R2(config-subif)#ip policy route-map SWITCH-VRF
Creating an ACL to capture all traffic..
Following route-map is switching returning traffic back to VRF ONE..
Applying policy to interfaces..
R2(config)#int e0/1.2
R2(config-subif)#ip policy route-map SWITCH-BACK-TO-ONE
R2(config)#int e0/1.3
R2(config-subif)#ip policy route-map SWITCH-BACK-TO-ONE
Now when you ping loopback 2 of R3 from Loopback 2 of R1, the traffic will go and return successfully and when you ping loopback 3 of R3 sourcing from loopback 3 of R1, the traffic will go and return successfully but same will not true when you change the sources.
Following route-map is switching traffic to VRFs based on sources..
Applying policy to interface..
R2(config)#int e0/0
R2(config-subif)#ip policy route-map SWITCH-VRF
Creating an ACL to capture all traffic..
Following route-map is switching returning traffic back to VRF ONE..
Applying policy to interfaces..
R2(config)#int e0/1.2
R2(config-subif)#ip policy route-map SWITCH-BACK-TO-ONE
R2(config)#int e0/1.3
R2(config-subif)#ip policy route-map SWITCH-BACK-TO-ONE
Now when you ping loopback 2 of R3 from Loopback 2 of R1, the traffic will go and return successfully and when you ping loopback 3 of R3 sourcing from loopback 3 of R1, the traffic will go and return successfully but same will not true when you change the sources.
No comments:
Post a Comment