Solved: VRF Configuration

gkurunthasalam · ‎07-05-2018

Can you please help me with example links for configuring VRF in a router?

i have 2 ISP links terminating on same router on 2 different interafces. we need to configure VRF for each ISP and perform failover. Please help. Both are INternet links and i will configure IPsec over GRE for corporate traffics.

a.alekseev · ‎07-05-2018

http://packetlife.net/blog/2010/mar/29/inter-vrf-routing-vrf-lite/

View solution in original post

Seb Rupik · ‎07-05-2018

If it for the purpose of learning the technology, then configure your router in the manner discussed by the article @a.alekseev mentioned. Use VRF route import-export between them.

Within each VRF configure a static default route to the attached ISP.

Now imagine all of your users are routed within VRF A, you would configure a floating static route that looks similar to this:

!
ip route vrf VRF_A 0.0.0.0 0.0.0.0 <ISP_A>
ip route vrf VRF_A 0.0.0.0 0.0.0.0 <ISP_B> 5
!

The ISP_A address will be present in VRF A routing table as a connected route. ISP_B will also be a connected route in VRF B, but will be advertised into VRF A as a BGP route. Now in the event that the link to ISP_A goes down, the static route will be removed and the floating (higher metric) route will be installed and send traffic via ISP_B.

Extending this further, you could create a static routes that are bonded to IP SLA jobs. In the event that the SLA jobs fails, remove the route. Something like this:

!
ip sla 1
  icmp-echo 8.8.8.8 source-interface <ISP_A_interface>
  timeout 1000
  threshold 2
  frequency 3
!
ip sla schedule 1 life forever start-time now
!
track 1 ip sla 1 reachability
!
ip route vrf VRF_A 0.0.0.0 0.0.0.0 track 1
ip route vrf VRF_A 0.0.0.0 0.0.0.0 5
!

Cheers,

Seb.

View solution in original post

a.alekseev · ‎07-05-2018

http://packetlife.net/blog/2010/mar/29/inter-vrf-routing-vrf-lite/

Seb Rupik · ‎07-05-2018

Hi there,

I don’t think VRF is the technology you want to employ here. Placing each ISP in a separate L3 routing table would necessitate the use of a firewall (or another Layer 3 device) (or BGP route leaking) to make the secondary ISP link reachable.

How are you peering with your ISP? Are you using eBGP? We could assign weight values to direct the traffic via one ISP.

Using static routing to the ISPs? Then we can look at floating routes.

Let us know :)

Cheers

Seb.

gkurunthasalam · ‎07-05-2018

Thank you.
No BGP only static/default routes. How we can deploy VRF for 2 ISP's and failover? If this is a complex soln, I wish to try and deploy for learning. We can use IP sla but I need docs for VRF config for 2 ISP on same router on 2 different interafces.

Seb Rupik · ‎07-05-2018

If it for the purpose of learning the technology, then configure your router in the manner discussed by the article @a.alekseev mentioned. Use VRF route import-export between them.

Within each VRF configure a static default route to the attached ISP.

Now imagine all of your users are routed within VRF A, you would configure a floating static route that looks similar to this:

!
ip route vrf VRF_A 0.0.0.0 0.0.0.0 <ISP_A>
ip route vrf VRF_A 0.0.0.0 0.0.0.0 <ISP_B> 5
!

The ISP_A address will be present in VRF A routing table as a connected route. ISP_B will also be a connected route in VRF B, but will be advertised into VRF A as a BGP route. Now in the event that the link to ISP_A goes down, the static route will be removed and the floating (higher metric) route will be installed and send traffic via ISP_B.

Extending this further, you could create a static routes that are bonded to IP SLA jobs. In the event that the SLA jobs fails, remove the route. Something like this:

!
ip sla 1
  icmp-echo 8.8.8.8 source-interface <ISP_A_interface>
  timeout 1000
  threshold 2
  frequency 3
!
ip sla schedule 1 life forever start-time now
!
track 1 ip sla 1 reachability
!
ip route vrf VRF_A 0.0.0.0 0.0.0.0 track 1
ip route vrf VRF_A 0.0.0.0 0.0.0.0 5
!

Cheers,

Seb.