02-11-2020 11:23 PM
Dears,
I've configured VRF-Lite on RY with BGP Route leaking.
BGP AS number on RX, RY & RZ are same.
I'm trying to advertised routes of RZ to RX.
RY have multiple VRF:
VRF A: towards RZ
VRF B: towards LAN (Firewall)
VRF C: towards RX
Route leak between VRF A to VRF C is fine,
My requirement is VRF A routes should pass first VRF B (Route leak is done and RZ routes are available in VRF B)
then VRF B advertised routes to VRF A (Route leak is done and VRF C has routes of VRF B except RZ).
This requirement is due to involvement of Firewall that all traffic should pass firewall and apply NAT.
Waiting for the support.
Thanks
02-12-2020 01:21 AM - edited 02-12-2020 01:24 AM
Hello
As long as the redistribution is being done then ultizing some import/export maps between the vrf instances may be applicable.
Example:
ip prefix-list rtrA-export permit a.a.a.a/a
ip prefix-list rtrb-import permit b.b.b.b/b
route-map export
match ip address prefix-list rtrA-export
route-map import
match ip address prefix-list rtrb-import
ip vrf A
export ipv4 unicast map export
import ipv4 unicast map import
02-12-2020 03:21 AM
Hi Paul,
Thanks for your suggestions,
VRF leakage between VRFs are fine routes are available, as per requirements.
but my requirement is that VRF A route 10.1.1.1 should be available in VRF B to apply firewall policies and do natting, then it has to be available with natted IP in VRF C.
I can see VRF B routes in VRF C except VRF A routes, if I remove direct VRF leak between A & C.
Although VRF A routes available in VRF B, then why it's not carry all routing table in VRF C including VRF A.
Updated topology attached.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide