02-11-2020 11:23 PM
Dears,
I've configured VRF-Lite on RY with BGP Route leaking.
BGP AS number on RX, RY & RZ are same.
I'm trying to advertised routes of RZ to RX.
RY have multiple VRF:
VRF A: towards RZ
VRF B: towards LAN (Firewall)
VRF C: towards RX
Route leak between VRF A to VRF C is fine,
My requirement is VRF A routes should pass first VRF B (Route leak is done and RZ routes are available in VRF B)
then VRF B advertised routes to VRF A (Route leak is done and VRF C has routes of VRF B except RZ).
This requirement is due to involvement of Firewall that all traffic should pass firewall and apply NAT.
Waiting for the support.
Thanks
02-12-2020 01:21 AM - edited 02-12-2020 01:24 AM
Hello
As long as the redistribution is being done then ultizing some import/export maps between the vrf instances may be applicable.
Example:
ip prefix-list rtrA-export permit a.a.a.a/a
ip prefix-list rtrb-import permit b.b.b.b/b
route-map export
match ip address prefix-list rtrA-export
route-map import
match ip address prefix-list rtrb-import
ip vrf A
export ipv4 unicast map export
import ipv4 unicast map import
02-12-2020 03:21 AM
Hi Paul,
Thanks for your suggestions,
VRF leakage between VRFs are fine routes are available, as per requirements.
but my requirement is that VRF A route 10.1.1.1 should be available in VRF B to apply firewall policies and do natting, then it has to be available with natted IP in VRF C.
I can see VRF B routes in VRF C except VRF A routes, if I remove direct VRF leak between A & C.
Although VRF A routes available in VRF B, then why it's not carry all routing table in VRF C including VRF A.
Updated topology attached.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: