Solved: Re: Routing between VRFs with Overlapping subnets.

Muhammad Khan · ‎03-25-2011

Hi,

I wonder if someone could help me here.

If I have multiple VRFs defined on a switch that extend to respective context on the Firewall. I have following questions regarding this setup

1. How can I access one VRF from another if they have overlapping subnet e.g VRF_A and VRF_B both using 192.168.1.0/24 subnet?

2. If they have diferent subnets then I can use Route target Import/Export?

3. Does Import/Exprot work between VRFs on same switch?

4. Is there is a way to control what services can be accessed between VRF if using RT import/export?

Rgds,

Jon Marshall · ‎03-25-2011

Could you not use a spare interface or use subinterfaces to keep the inter-vrf traffic from going to the outside of the contexts ?

Jon

View solution in original post

Jon Marshall · ‎03-25-2011

Muahmmad

If the firewall is responsible for routing the vrfs which it sounds like it is then i would do all control on the firewalls.

You say you want to limit the services between vrfs, if this is the case then the firewall would be the logical place to do it rather then importing/exporting routes on the switch.

As for the overlapping subnets you can use NAT on your firewall to present the networks as unique to each other.

Jon

Muhammad Khan · ‎03-25-2011

Thanks Jon.

I suppose that would mean going out one FW context and coming back in to the other Context? My only concern would be inter VRF traffic gets exposed to the public side of the FW context?

Rgds

Jon Marshall · ‎03-25-2011

Could you not use a spare interface or use subinterfaces to keep the inter-vrf traffic from going to the outside of the contexts ?

Jon

Muhammad Khan · ‎03-25-2011

Thanks Jon. Very helpful.