How to Share multiple VRFs Between Two L3 switches

Qais Sherfeed · ‎03-07-2023

Hi Dears

I have two L3 switches in different sites connected to each other using WAN Link from an MPLS provider, the first site L3 switch is connected to ISP using a Private IP address, there is a Public IP subnet leased from the ISP, and the Public IP is routed over the WAN Link to the Site-2 switch, in the second site there is firewall connected to the switch using the leased Public IP address, there is OSPF running between site-1 and site-2 and firewall so all route hubs are defined on the routing table including the default route to the ISP from the Site-1

the firewall forward all traffic to the site-2 L3 Switch and the Site-2 forwards all traffic to Site-1 L3 switch and site-1 L3 switch forwards traffic to the ISP

I want to lease another Public IP range from another ISP in the same L3 switch in site-1 and use it in the same second site firewall in the same pattern but I found that I couldn't do it using the same default VRF while I was planning I found that I could not share multiple VRFs between L3 switches using same routing mechanism that I am using now
The attached topology provides a general view of my network.

I need help with what I can do to make it possible and which technologies I should use.

Thanks

M02@rt37 · ‎03-08-2023

Hello @Qais Sherfeed

One possible solution to your problem is to use a technique called "route leaking," which allows you to selectively import and export routes between VRFs.

To implement route leaking in your scenario, you can create a new VRF on the Site-1 L3 switch and associate it with the new Public IP range that you will lease from the second ISP. You can then configure the necessary routing and redistribution to allow the Site-2 firewall to access the new Public IP range via the Site-1 L3 switch.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.