Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
846
Views
4
Helpful
3
Replies

VRF-Lite routing

raymondjj
Level 1
Level 1

‎01-17-2008 08:29 AM

Hello,

I'll begin by setting the scene:

We have two zones separated by a firewall and implemented in a somewhat complex fashion. The routing for the first zone (call it zone A) is straightforward and runs on a 6500 switch. The routing for the second zone (call it zone B) is implemented as a VRF on this same 6500 switch. An external firewall has a leg in each zone and provides the connectivity between them. So far, so good, and it all works fine.

The issue:

The issue is what happens when the firewall fails or needs to be taken offline, and we still need a method to connect the two zones - connectivity is more important than security in this case, so we've been testing some options (and we will probably merge the two zones at some time in the future).

Options:

1) Use another external device such as a switch or router. (Works ok, but we want a config solution)

2) Use another VRF with a leg in both zones. (Also works, but needs external cables and messing about with mac addresses which is so ugly we'd like to avoid it if possible.)

3) Use something else?

Is there an easier way of doing this? I have a feeling that I'm missing something obvious but can't think what (all routing in both zones is OSPF - no BGP anywhere).

Any ideas gratefully received!

cheers,

Ray.

Labels:
0 Helpful
3 Replies 3

swaroop.potdar
Level 7
Level 7

‎01-17-2008 10:15 AM

it would be a good idea to run standalone bgp and do a import export with route targets using route-maps to slectively leak

the routes between the vrf's. Again this method would not need you to enable MPLS label forwarding and also achieve the

routing you need between the vrf's in a controlled manner.

HTH-Cheers,

Swaroop

pls let me know if you need the config.

raymondjj
Level 1
Level 1
In response to swaroop.potdar

‎01-18-2008 12:09 AM

Hello Swaroop,

If you could provide the config that would be great! I can't get it clear in my head about how this would work as there is only one vrf.

thanks,

Ray.

0 Helpful

raymondjj
Level 1
Level 1
In response to raymondjj

‎01-21-2008 12:49 AM

Hello,

I wonder if anyone could add another pointer to help me out here - I've been trying to get this working as suggested with standalone BGP and route import/export and I can see how this would work between VRF's but how do you do a route import/export with the global table as there is no RD? The route-target command seems to need this as an argument but it doesn't exist for the global table as far as I can see.

Could someone help out with a pointer to some config? much appreciated!

Ray.

0 Helpful
Customers Also Viewed These Support Documents