VRF leaking - basic setup

Cedric T. · ‎05-12-2020

Hello,

As an attempt to solve a broader problem, I decided to divide it in smaller parts.

One of which is the following: how to setup a basic inter-vrf communications path with statics routes from each VRF to the global routing table and then from the global routing table to the other VRF.

Let say we have a router with:

- port 3 in vlan 3 with IP 192.168.3.1/24 in vrf3

- port 4 in vlan 4 with IP 192.168..4.1/24 in vrf4

We want to allow communications from network 192.168.3.0 to network 192.168.4.0 and vice-versa.

Here is a sample of the configuration:

interface FastEthernet0/0/3
switchport mode access
switchport access vlan 3
interface FastEthernet0/0/4
switchport mode access
switchport access vlan 4
exit

vrf definition vrf3
address-family ipv4
exit-address-family
vrf definition vrf4
address-family ipv4
exit-address-family
!

interface vlan3
vrf forwarding vrf3
ip address 192.168.3.1 255.255.255.0
exit
interface vlan4
vrf forwarding vrf4
ip address 192.168.4.1 255.255.255.0

exit

! static routes in each vrf
ip route vrf vrf3 192.168.4.0 255.255.255.0 192.168.4.1 global
ip route vrf vrf4 192.168.3.0 255.255.255.0 192.168.3.1 global

! routes in the global table
ip route 192.168.3.1 255.255.255.255 vlan3
ip route 192.168.4.1 255.255.255.255 vlan4

I must be missing something because it does not work.

I know you would say it make no sense to use VRF in this case but, I recall, this is a simplified part of a broader problem.

Thanks for your ideas,

Cedric T.

paul driver · ‎05-12-2020

Hello
Why not put them in the same VRF and route-leak to whatever other rib table you wish?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Cedric T. · ‎05-13-2020

Because in the broader problem, there are 2 different VRFs and I cannot change that.

Note that in my original post, I stated: "I know you would say it make no sense to use VRF in this case but, I recall, this is a simplified part of a broader problem".

Best regards,

Cedric T.

paul driver · ‎05-13-2020

Hello
I would say it would work if you specified a next hop address in the vrf x statics but it dont looklike you can due to them being logical SVI's

ip route vrf vrf3 192.168.4.0 255.255.255.0 vlan3 192.168.4.x global
ip route vrf vrf4 192.168.3.0 255.255.255.0 vlan4 192.168.3.x global

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Meheretab Mengistu · ‎05-13-2020

Hi Cedric,

If it is okay to run BGP, you can leak routes between the two VRFs.

Here is a sample config:-

interface FastEthernet0/0/3
switchport mode access
switchport access vlan 3
interface FastEthernet0/0/4
switchport mode access
switchport access vlan 4
exit

!

vrf definition vrf3

rd 3:3
address-family ipv4

route-target both 3:3

route-target import 4:4
exit-address-family
vrf definition vrf4

rd 4:4
address-family ipv4

route-target both 4:4

route-target import 3:3
exit-address-family
!

interface vlan3
vrf forwarding vrf3
ip address 192.168.3.1 255.255.255.0
exit
interface vlan4
vrf forwarding vrf4
ip address 192.168.4.1 255.255.255.0

exit

!

~~! static routes in each vrf~~
~~ip route vrf vrf3 192.168.4.0 255.255.255.0 192.168.4.1 global~~
~~ip route vrf vrf4 192.168.3.0 255.255.255.0 192.168.3.1 global~~

!

~~! routes in the global table~~
~~ip route 192.168.3.1 255.255.255.255 vlan3~~
~~ip route 192.168.4.1 255.255.255.255 vlan4~~

!

router bgp 65001

address-family ipv4 vrf vrf3

redistribute connected

address-family ipv4 vrf vrf4

redistribute connected

!

HTH,
Meheretab