Solved: vrf routes into global route table

philip moore · ‎03-18-2013

Dear All

I am stuck with a design I am trying to come up with for our EDGE network and looking for ideas from the community.

It is similar to what is described here:

http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/ServEdge.html#wp86450 http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/ServEdge.html#wp86904

In short we have a multi-context FWSM at 2 sites creating an EDGE network, each site operate independently. The sites are linked internally in a single routing domain using OSPF. Each of the outside networks are in seperate VRFs, single-tier model.

I need to find a way to:

1) link the 2 sites (currently is done with a GRE tunnel between the site vrfs, looking at replacing this with mp-bgp and l3vpn encapsulation)

2) redistribute routes from each of the vrf into the common global route table (running ospf)

1 is working nicely with mp-BGP peer between the sites and routes distributed between, however I am stuck on how to achieve 2.

The only way I can see is to change the global route table to a vrf, then use rt import/export. This is commonly described as shared services. When I did that I got stuck with how to do the BGP peering as the loopback I was using for the peering is inside the new vrf.

Basically I want dynamic routing from the global route table to learn routes from each of the sites vrf. Then if a particular site's vrf is unavailable, it can pick up the other site's route.

Am I missing something here? The document linked makes it sound incredibly easy yet I am struggling with how to implement it.

Any advice is much appreciated

blau grana · ‎03-19-2013

Hello philip,

It is really hard to help you, if you do not provide topology where you would like to implement these changes, so just some thoughts to your points:

2) redistribute routes from each of the vrf into the common global route table (running ospf)

You can use PE - CE design. VRFs are terminated on PE with all routes you need in respective VRFs. On PE, MP-BGP routes are redistributed into respective VRF's OSPF process . PE is connected with CE via separate physical interface for each VRF or you can use one physical interface with dedicated sub-interface for each VRF. PE is peering with CE using OSPF. All routes end up in CE global routing table.

Problems with this design ->

- for each VRF you have to create separate OSPF process on PE and CE, also OSPF process ID has to be unique on PE for each VRF. Also OSPF process ID has to match to establish OSPF neighborship between PE-CE, so on CE you will have to redistribute OSPF routes from each process to your main OSPF process.

other workarounds ->

1) instead OSPF you will use as peering protocol BGP between PE-CE, but you still have to redistribute BGP routes to OSPF on CE

2) you will use different PE to redistribute each VRF -> BGP routes will be redistributed from VRF into OSPF (same process ID as your main OSPF ID). Routes will be advertised via OSPF into CE global routing table.

You will use on PE per VRF to redistribute routes into OSPF with same process ID as your main process ID. Thanks to different PEs, you can have same OSPF process ID, all these PEs will peer with same CE via OSPF.

I hope I made my thoughts understandable, cause its quite hard to explain

When I did that I got stuck with how to do the BGP peering as the loopback I was using for the peering is inside the new vrf.

This should not be a problem. You can have same IP on all VRF and also global table, so peering can still be done. After BGP routes are exchanged you can leak prefixes from one vrf to another or into global table as you need.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

View solution in original post

blau grana · ‎03-19-2013