VRF - Shared Internet Connection

Eric Snijders · ‎07-23-2019

Hi Guys,
I'm pretty new on the VRF thing but i do think i understand the basics of VRF. We just got a new customer, which we place in a seperate VRF. Now the customers machines will need access to the internet. We have 1 internet connection. What is the best practice to make a new VRF able to use our existing internet line. I've read about VRF Route-Leaking, but i didn't really understand and if possible i don't want to mess around to much with routes.

Thanks in advance!

Eric

balaji.bandi · ‎07-24-2019

can you post your configuration to look and suggest best suitable config for your environment.

you need to allow the traffic to global routing table to reach the internet.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Seb Rupik · ‎07-24-2019

Hi there,
VRFs are typically used to provide Layer 3 isolation for security purposes and as such use firewalls as their default gateway. The firewall can then implement the necessary polices to permit inter-VRF communication or just allow the traffic access to the WAN/ internet.

In your topology what is the next hop towards the internet? A firewall? A router? Simply create a Layer3 /30 between the VRF and that next-hop.

It is worth noting that if you wanted to perform inter-VRF communication via a firewall you would have significantly less bandwidth available than if you had just implemented route-leaking between VRFs.

cheers,
Seb.