Unable ping between 2 vrf in same switch nexus 9000

MedTiti92 · ‎01-25-2023

Hello guys,

I have 2 switch nexus 9000, i configure two interfaces like below :

interface eth1/1
switchport
switchport acess vlan 10
no sh
interface eth1/2
switchport
switchport acess vlan 20
no sh

Now i create and configure the vrf to the interface vlan10 & 20

vrf context A
vrf context B

interface vlan 10
vrf member vrf A
mac-address 8c00.0000.0001
ip address 10.10.10.1/29
no sh

interface vlan 20
vrf member vrf B
mac-address 8c00.0000.0010
ip address 10.10.10.2/29
no sh

Results :

i can ping 10.10.10.1 vrf A ===> ok
i can ping 20.20.20.2 vrf B ===> ok
But i can't ping 10.10.10.1 vrf B and vice-versa (i 'am in switch nexus 9000)

Seb Rupik · ‎01-25-2023

Hi there,

A VRF will create a separate route table. If you want to route between them typical design patterns would go via a security device like a firewall.

You can also do it all on the box via VRF route leaking. You will need to add the prefixes into the a BGP process and the use route-targets between the VRFs.

Take a look here:

Configure VRF Route Leak on Cisco Nexus Switches

cheers,

Seb.

MHM Cisco World · ‎01-25-2023

I will run lab see how we can ping from VRF to other same NSK.