Solved: tunnel vrf and vrf forwarding commands

carl_townshend · ‎12-06-2017

Hi All

Can anyone tell me what is the difference in the commands below on a tunnel interface?

tunnel vrf

vrf forwarding

Are these the commands how you would make whats called a front door vrf?

please explain how they work?

cheers

Seb Rupik · ‎12-06-2017

Hi there,

On a tunnel interface you use the vrf forwarding command to place the tunnel interface in that particular routing table.

The tunnel vrf instructs the router to use the specified VRFs routing table for the tunnel source and destination IP addresses.

This can be used in secure environments where VRF A has outbound access and VRF B does not. By using the tunnel vrf command VRF B can use VRF A's routing table to establish a GRE tunnel, when strictly it has no route itself to the destination.

Not sure what a front door vrf is ??!

cheers,

Seb.

View solution in original post

Seb Rupik · ‎12-06-2017

Hi there,

On a tunnel interface you use the vrf forwarding command to place the tunnel interface in that particular routing table.

The tunnel vrf instructs the router to use the specified VRFs routing table for the tunnel source and destination IP addresses.

This can be used in secure environments where VRF A has outbound access and VRF B does not. By using the tunnel vrf command VRF B can use VRF A's routing table to establish a GRE tunnel, when strictly it has no route itself to the destination.

Not sure what a front door vrf is ??!

cheers,

Seb.

Harold Ritter · ‎12-06-2017

The following blog post from Denise Fishburn covers the concept of front door VRF and how to implement it.

http://www.networkingwithfish.com/tunnels-and-the-use-of-front-door-vrfs/

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Wilfried · ‎02-07-2020

Thx Harold