11-11-2013 09:46 AM - edited 03-04-2019 09:33 PM
Hello
I try to implement a configuration like in the attachment. Is this posible ?
Please give me some points or examples for a configuration like this.
Thank you very much
11-12-2013 04:11 AM
Hi,
You want put all internal VLANs in global routing table, and routes from ISP in a VRF? It is possible. You need physical cables to connect interface in VRF to interface in global table. Dont't have a configure example, but it should look like the following.
ip vrf UNTRUST
rd 1:1
interface x/x
description ISP1
ip vrf forward UNTRUST
ip add x.x.x.x
interface y/y
description ISP2
ip vrf forward UNTRUST
ip add x.x.x.x
interface x/x
description to inside 1
ip vrf forward UNTRUST
ip add x.x.x.x
interface x/x
description to inside 2
ip vrf forward UNTRUST
ip add x.x.x.x
router bgp x
address-family ipv4 vrf UNTRUST
nei x.x.x.x remote-as #
nei x.x.x.x remote-as #
network x.x.x.x
router ospf 1 vrf UNTRUST
net x.x.x.x area 0
redistribute bgp x route-map BGP-TO-OSPF
default-information orginate
----------------------------
in global table
int x/x
description to VRF UNTRUST
ip add x.x.x.x
int x/y
description to VRF UNTRUST
ip add x.x.x.x
router ospf 1
passive-interface default
no pass x/x
no pass x/y
network x.x.x.x area 0
You also need to make sure your sup32 has enough TCAM for the routes.
HTH,
Lei Tian
11-12-2013 12:32 PM
Thank you for your response.
Yes I want to put all internal VLANs in global routing table, and routes from isp in VRF.
Which is the best way to enforce all traffic flow through the bridge when this one is present
and only use the direct link when the bridge is down or removed ?
11-12-2013 12:58 PM
Assume the bridge is layer 2, you will have 2 OSPF neighbors between global and VRF. To prefer the routes from OSPF via bridge, you can just Increase the OSPF cost for the interface of direct link.
HTH,
Lei Tian
11-25-2013 04:06 PM
Hello
I have a test setup with 2 external connections between ports Gi5/1 to Gi5/8 and Gi5/2 to Gi5/9
but the interfaces have no communication. Physical interfaces are up and ok but Icant ping any address
from global to vrf space.
I cant find anything in documentation about this problem only some examples with GRE tunnels
but I need physical connection for external traffic shaper.
--------- In vrf ---------
interface Gi5/1
description to inside 1
ip vrf forward UNTRUST
ip add 192.168.0.1 255.255.255.252
interface Gi5/2
description to inside 2
ip vrf forward UNTRUST
ip add 192.168.0.5 255.255.255.252
-------- In global space --------
interface Gi5/8
description to vrf
ip add 192.168.0.2 255.255.255.252
interface Gi5/9
description to vrf
ip add 192.168.0.6 255.255.255.252
----------------------------------------------
thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide