1. Using static routes
2. Using route maps
3. Import - Export Policies plus Multi-Protocol BGP
4. Connecting two interfaces which belongs to two VRFs
5. Pointing traffic to a Firewall
6. Inter VRF Tunneling
Go here to know how to do inter VRF routing using static routes.
Go here to know how to do inter VRF routing using route maps.
Go here to know how to do inter VRF routing using import export policies.
In this post I am doing it using GRE Tunnels. Advantages of this method are easiness to achieve global to VRF connectivity even inside a one router, configure dynamic routing between VRFs etc.
First let's configure 2 Loopbacks in global table for underlay routing.. (you can use existing interfaces for this too)
interface Loopback1
ip address 1.1.1.1 255.255.255.255
interface Loopback2
ip address 2.2.2.2 255.255.255.255
Now let's create 2 Tunnel interfaces for overlay routing..
interface Tunnel1
ip vrf forwarding ONE
ip address 10.10.10.1 255.255.255.252
tunnel source Loopback1
tunnel destination 2.2.2.2
interface Tunnel2
ip vrf forwarding TWO
ip address 10.10.10.2 255.255.255.252
tunnel source Loopback2
tunnel destination 1.1.1.1
Now the 3 routing tables (global, ONE, TWO) look like the following..
As you can see, VRF ONE and TWO has the same tunnel as connected interfaces. So you can add static routes or dynamic routing as per your requirement.
In the routing tables you can see there are 2 more Loopback interfaces which only belongs to a specific VRF..
Loopback 100 = 100.1.1.1/24 vrf ONE
Loopback 200 = 200.1.1.1/24 vrf TWO
I added these to test the route-leaking..
As an example, let's say we want to ping Loopback 200 which is in VRF TWO from VRF ONE.
I will add an static route,
ip route vrf ONE 200.1.1.1 255.255.255.255 10.10.10.2
See, It was enough, how about pining sourcing from Loopback 100,
Well it fails, because there is no route for the returning traffic..
Let's fix it by adding anther static route..
ip route vrf TWO 100.1.1.1 255.255.255.255 10.10.10.1
Now let's see how dynamic routing can be configured for this. Le's remove above static routes and use OSPF to leak routes.
Following commands will enable OSPF in interfaces,
interface Loopback100
ip ospf 1 area 0
interface Loopback200
ip ospf 2 area 0
or you can use following format too..
router ospf 1 vrf ONE
network 10.10.10.1 0.0.0.0 area 0
network 100.1.1.1 0.0.0.0 area 0
router ospf 2 vrf TWO
network 10.10.10.2 0.0.0.0 area 0
network 200.1.1.1 0.0.0.0 area 0
You can see the neighbors are up and the routing tables get leaked via OSPF..
ip ospf 1 area 0
interface Loopback200
ip ospf 2 area 0
or you can use following format too..
router ospf 1 vrf ONE
network 10.10.10.1 0.0.0.0 area 0
network 100.1.1.1 0.0.0.0 area 0
router ospf 2 vrf TWO
network 10.10.10.2 0.0.0.0 area 0
network 200.1.1.1 0.0.0.0 area 0
You can see the neighbors are up and the routing tables get leaked via OSPF..
No comments:
Post a Comment