#

Thursday, February 21, 2019

Traffic Source Based Inter VRF Routing using Route Maps

Inter VRF routing can be achieved by several methods. Following are 6 ways you can do it. There can be some more methods but most commonly you will see one of the following methods in your network.

1. Using static routes
2. Using route maps
3. Import - Export Policies plus Multi-Protocol BGP
4. Connecting two interfaces which belongs to two VRFs
5. Pointing traffic to a Firewall
6. Inter VRF Tunneling

Go here to know how to do inter VRF routing using static routes.
Go here to know how to do inter VRF routing using import export policies.
Go here to know how to do inter VRF inter VRF tunneling.

In this post I am doing it using route-maps. It is easy to use this method when you need to leak VRFs based on traffic source..

Diagram and configuration are like the following..








R1 has several interfaces configured to test traffic from several sources.. No VRFs configured..





IP routing table has a default route to R2's e0/0 interface..















R2 has 3 VRFs configured like the following and the ports are assigned like the following..









Routing tables of R2..












R3 has 2 VRFs configured like the following and the ports are assigned like the following..






Routing tables of R3..


As you can notice R2 is the only router which has the VRF ONE configured. So all the traffic is coming from VRF ONE and we leak the VRFs in R2 based on the source address of the traffic.

R3 has only the VRFs TWO and THREE configured. So the routing tables will have default routes back to R2's corresponding sub interfaces in order to reply back to the sources.

Now let's create route-maps to leak the VRFs..


Two route-maps are needed. One to identify traffic coming from R1 and switch VRFs, and another to grab return traffic from R3 and point to VRF ONE's interface.

Both maps are created in R2.




Creating ACLs to capture traffic..









Following route-map is switching traffic to VRFs based on sources..













Applying policy to interface..

R2(config)#int e0/0
R2(config-subif)#ip policy route-map SWITCH-VRF

Creating an ACL to capture all traffic..






Following route-map is switching returning traffic back to VRF ONE..









Applying policy to interfaces..

R2(config)#int e0/1.2
R2(config-subif)#ip policy route-map SWITCH-BACK-TO-ONE

R2(config)#int e0/1.3
R2(config-subif)#ip policy route-map SWITCH-BACK-TO-ONE

Now when you ping loopback 2 of R3 from Loopback 2 of R1, the traffic will go and return successfully and when you ping loopback 3 of R3 sourcing from loopback 3 of R1, the traffic will go and return successfully but same will not true when you change the sources.

No comments:

Post a Comment