How about dynamic
> leaking from VRFs to global ( no static routes in global ), is it
> possible ?
Yes, for that we do
I'm sure you can figure out how this works (from an real large ISP backbone router, scales to hundreds of customers per router, ip's changed)
ip vrf abc
rd 9999:100
route-target export 9999:100
route-target import 9999:100
interface Tunnel100
description VRF_ABC_BRIDGE_TO_GLOBAL_ROUTING_TABLE
bandwidth 50000
ip vrf forwarding abc
ip address 172.23.254.254 255.255.255.252
load-interval 30
tunnel source Loopback0
tunnel destination 172.24.1.1
!
interface Tunnel200
description GLOBAL_ROUTING_TABLE_BRIDGE_TO_VRF_ABC
bandwidth 50000
ip address 172.23.254.253 255.255.255.252
ip virtual-reassembly
load-interval 30
tunnel source Loopback100
tunnel destination 96.110.188.105
then...
router ospf 100 vrf abc
router-id 172.24.254.254
log-adjacency-changes
redistribute static subnets route-map static-vrf-abc-redis-to-ospf-100
redistribute bgp 17303 subnets route-map redis-bgp-vrf-abc-to-ospf
network 96.110.188.153 0.0.0.0 area 1
network 96.110.188.185 0.0.0.0 area 1
network 96.110.188.245 0.0.0.0 area 1
default-information originate always
router ospf 1
router-id 172.24.1.1
log-adjacency-changes
passive-interface default
router bgp 9999
address-family ipv4 vrf abc
redistribute static route-map static-to-bgp-vrf-100
redistribute ospf 100 vrf abc route-map ospf-to-bgp-vrf-100
no synchronization
exit-address-family
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Carlos G Mendioroz
Sent: Thursday, January 06, 2011 2:37 PM
To: Damian Higgins
Cc: Marko Milivojevic; Marcin Zgola; Cisco certification
Subject: Re: VRF TO GLOBAL PROBLEM
Does not seem to be doable for the time being.
There are some hacks using tunnels, but nothing clean.
This sure is the reason for your using all VRF and no global :)
-Carlos
Damian Higgins @ 06/01/2011 15:05 -0300 dixit:
> I didn't read the article carefully, I just did a lab ( using
> fastethernet interfaces ) and it does work :). How about dynamic
> leaking from VRFs to global ( no static routes in global ), is it
> possible ?
>
>
> On Thu, Jan 6, 2011 at 5:57 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar> wrote:
>> Damian,
>> I've just changed Marko's sample to leak R2-R4 (192.168.24.0/24, global)
>> into vrf red and R2-R5 (10.0.25.0/24, vrf red) into global and it works.
>>
>> @ R2, just:
>>
>> ip prefix-list R4-Loopback0 seq 20 permit 192.168.24.0/24
>>
>> (should have changed the list name :)
>> and red knows the R2-R4.
>>
>> ip route 10.0.25.0 255.255.255.0 Serial1/0.205
>>
>> and R2 knows R2-R5 at global.
>>
>> BTW, the sample uses point to point, so AFAIK there is no need to set next
>> hops, no need for the global for vrf statics if used.
>>
>> I can ping from R5 to R2's serial w/o going through R4. That's what is being
>> looked for, right ?
>>
>> Marcin,
>> would you post relevant config ?
>> -Carlos
>>
>> Damian Higgins @ 06/01/2011 07:22 -0300 dixit:
>>> Hi Marko,
>>>
>>> That's because in your example you needed reachability only between
>>> the router's loopbacks. Let's say that R2-R6 10.0.26.0/24 is in global
>>> and R2-R5 10.0.25.0/24 is into a VRF and you need to have reachability
>>> between these two subnets. Can you give an example routing between
>>> these two without having to use R4 ?
>>>
>>> Regards.
>>>
>>> On Thu, Jan 6, 2011 at 11:06 AM, Marko Milivojevic <markom_at_ipexpert.com>
>>> wrote:
>>>> Please, re-read the article :-). It shows the example of leaking
>>>> between global table and VRF using BGP - no next hops involved. I had
>>>> to build to that point though.
>>>>
>>>> --
>>>> Marko Milivojevic - CCIE #18427
>>>> Senior Technical Instructor - IPexpert
>>>>
>>>> FREE CCIE training: http://bit.ly/vLecture
>>>>
>>>> Mailto: markom_at_ipexpert.com
>>>> Telephone: +1.810.326.1444
>>>> Web: http://www.ipexpert.com/
>>>>
>>>> On Thu, Jan 6, 2011 at 12:14, Damian Higgins <linnewbye_at_gmail.com> wrote:
>>>>> I don't think your example will help Marcin, you used next-hops, so
>>>>> you depend on the upstream router to route between global and VRFs.
>>>>> You can have bidirectional route leaking without next-hops only
>>>>> between VRFs ( using MP-BGP ) on the same box, but not between global
>>>>> and a VRF. Although in global you can add directly connected routes (
>>>>> using exit interface instead of next-hop ) into a VRF, the other way
>>>>> around doesn't work since you need to specify a next-hop. This is a
>>>>> very annoying limitation :(.
>>>>>
>>>>>
>>>>> @Marcin, to avoid this limitation I'm using only VRFs for routing on
>>>>> my 6500's, and I use the global table only for management in case
>>>>> something goes wrong in the VRFs.
>>>>>
>>>>>
>>>>> Regards.
>>>>>
>>>>>
>>>>> On Thu, Jan 6, 2011 at 7:59 AM, Marko Milivojevic <markom_at_ipexpert.com>
>>>>> wrote:
>>>>>> Marcin,
>>>>>>
>>>>>> I wrote the blog on the subject of the route leaking between VRF and
>>>>>> the main table sometime ago. I think you will find the solution there:
>>>>>>
>>>>>> http://blog.ipexpert.com/2010/12/01/vrf-route-leaking/
>>>>>>
>>>>>> Short answer to your last question: yes :-)
>>>>>>
>>>>>> --
>>>>>> Marko Milivojevic - CCIE #18427
>>>>>> Senior Technical Instructor - IPexpert
>>>>>>
>>>>>> FREE CCIE training: http://bit.ly/vLecture
>>>>>>
>>>>>> Mailto: markom_at_ipexpert.com
>>>>>> Telephone: +1.810.326.1444
>>>>>> Web: http://www.ipexpert.com/
>>>>>>
>>>>>> On Thu, Jan 6, 2011 at 06:03, Marcin Zgola <MZgola_at_netrixllc.com>
>>>>>> wrote:
>>>>>>> Problem, I want to be able to communicate between VRF and global on
>>>>>>> the same router.
>>>>>>>
>>>>>>> I can leak routes but I need to specify next hop to be another router.
>>>>>>>
>>>>>>> Basically packet hits the router on VRF interface, and then it sends
>>>>>>> it to upstream router, and upstream router sends it back.
>>>>>>>
>>>>>>> Can this be avoided?????
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>
>>>>>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>> --
>> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
>>
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Thu Jan 06 2011 - 20:47:17 ART
This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 07:39:17 ART