VRF routing

Ragavi · ‎11-09-2022

Hi All,

We are working on Multidomain routing

I want two different ip of same subnet (int fa0/1 -192.168.10.0/24 - CE end) to communicate with two different VRF (cust1 and Cust3), please help me with the configuration

Path should be:

192.168.10.10 -> 10.0.11.5 (Cust1) -> 192.168.40.10 (Blue line) = Vice versa

192.168.10.11 --> 10.0.13.44 (Cust3) --> 192.168.30.10 (Red line) = Vice versa

Configuration:

hostname CE1

ip vrf Cust1
rd 64903:11
route-target export 64903:11
route-target import 64903:11

ip vrf Cust3
rd 64903:22
route-target export 64903:22
route-target import 64903:22

interface Loopback0
ip address 10.0.14.5 255.255.255.255
!
interface Loopback1
ip vrf forwarding Cust1
ip address 10.0.12.6 255.255.255.255
!
interface Loopback2
ip vrf forwarding Cust3
ip address 10.0.12.8 255.255.255.255

!
interface FastEthernet0/0.1
description Link to PE1 FA0/0
encapsulation dot1Q 100
ip vrf forwarding Cust1
ip address 10.0.11.5 255.255.255.240
standby 1 ip 10.0.11.3
standby 1 timers 1 3
standby 1 priority 110
standby 1 preempt
!
interface FastEthernet0/0.3
description Link to PE5 FA0/0
encapsulation dot1Q 300
ip vrf forwarding Cust3
ip address 10.0.13.41 255.255.255.240
standby 3 ip 10.0.13.43
standby 3 timers 1 3
standby 3 priority 110
standby 3 preempt

!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
speed auto
duplex auto
!

interface FastEthernet3/0
ip address 10.0.69.113 255.255.255.248
duplex full
!

router bgp 64903
bgp router-id 10.0.14.5
bgp log-neighbor-changes
neighbor 10.0.69.114 remote-as 64903
!
address-family ipv4
network 10.0.112.0 mask 255.255.255.248
neighbor 10.0.69.114 activate
neighbor 10.0.69.114 next-hop-self
neighbor 10.0.69.114 soft-reconfiguration inbound
exit-address-family
!
address-family ipv4 vrf Cust1
bgp router-id 10.0.11.3
network 10.0.11.0 mask 255.255.255.248
network 192.168.10.10 mask 255.255.255.255
redistribute connected
neighbor 10.0.11.1 remote-as 4637
neighbor 10.0.11.1 transport connection-mode passive
neighbor 10.0.11.1 timers 1 3
neighbor 10.0.11.1 activate
neighbor 10.0.11.1 next-hop-self
neighbor 10.0.11.1 soft-reconfiguration inbound
exit-address-family
!
address-family ipv4 vrf Cust3
bgp router-id 10.0.13.43
network 10.0.13.40 mask 255.255.255.248
network 192.168.10.11 mask 255.255.255.255
network 192.168.30.0
redistribute connected
neighbor 10.0.13.44 remote-as 64909
neighbor 10.0.13.44 transport connection-mode passive
neighbor 10.0.13.44 timers 1 3
neighbor 10.0.13.44 activate
neighbor 10.0.13.44 next-hop-self
neighbor 10.0.13.44 soft-reconfiguration inbound
exit-address-family

attached topology for your reference:

mlund · ‎11-11-2022

Hi

This can probably be done different ways. First, because the 192.168.10.0 is in global space, you have to do route leaking between customers and global, both ways. It's a little bit tricky, because setting next hop can be hard. Different routers/code behave different. You have to play around with that to see if you can get it to work. Also, in bgp, to announce a route, the exact route has to be in the routing table. In your config is "network 192.168.10.10 mask 255.255.255.255" to announce that route it has to be a route in the vrf that match that. It can not be /24 mask it must be a /32.

Second way is easier. Move the int fa0/1 to a common vrf. In that new vrf import and export both cust1 and cust2. And make an access-list on the interface that only allowed the traffic you want.

/Mikael

MHM Cisco World · ‎11-13-2022

you must use import/export to leak the prefix from one VRF to other.