Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2273
Views
20
Helpful
2
Replies

VRF default route leak

Go to solution
Tokai20012
Level 1
Level 1

‎12-30-2021 05:15 PM - edited ‎12-30-2021 05:18 PM

Hi,

 

In our core router we have 20 VRFs and it also receives full bgp tables from two ISPs for the Internet.

So far, we have provided Internet to only one VRF, but we are planning to make Internet available to all VRFs in the future.

We do not have enough memory and CPU to leak all routes to the VRFs (20*800000 route ).

BGP default-originate feature could be utilized, but I don't think there is a way to share it between VRFs.


Please let me know if there is another solution.

 

Thanks 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Spotlight
Spotlight

‎12-30-2021 10:48 PM - edited ‎12-31-2021 04:59 AM

Hi @Tokai20012 ,

 

Several things can be done. If you receive the default route from your ISPs, you could leak it from the global to the specific VRFs. You also want to leak in the other direction as well, so that the global knows how to reach prefixes from each VRF.

 

Another solution that I have deployed in the past is to configure two sub interfaces between the PE and the CE. One is for the the L3VPN bound traffic and belongs to the VRF. The other one is for the Internet bound traffic and belongs to the global VRF. I find this approach more flexible and it isolates the Internet and the L3VPN traffic. This solution also simplifies the NAT configuration, as only the Internet sub interfaces is configured as a NAT interface.

 

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

2 Replies 2

Go to solution
Harold Ritter
Spotlight
Spotlight

‎12-30-2021 10:48 PM - edited ‎12-31-2021 04:59 AM

Hi @Tokai20012 ,

 

Several things can be done. If you receive the default route from your ISPs, you could leak it from the global to the specific VRFs. You also want to leak in the other direction as well, so that the global knows how to reach prefixes from each VRF.

 

Another solution that I have deployed in the past is to configure two sub interfaces between the PE and the CE. One is for the the L3VPN bound traffic and belongs to the VRF. The other one is for the Internet bound traffic and belongs to the global VRF. I find this approach more flexible and it isolates the Internet and the L3VPN traffic. This solution also simplifies the NAT configuration, as only the Internet sub interfaces is configured as a NAT interface.

 

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Go to solution
Tokai20012
Level 1
Level 1
In response to Harold Ritter

‎01-04-2022 10:06 AM

Hi Harold,

Thanks for assisting.

 

Consider the second option.

Thank you very much.

 

0 Helpful
Customers Also Viewed These Support Documents