Solved: VRF to VRF: static routing with SVI

iores · ‎02-19-2023

Hi,

I am doing some labs, and I have connected three switches:

The link between SW1 and SW2 is in VRF A, and link between SW2 and SW3 is in VRF B. I want to be able to ping SW3 from SW1 and vice-versa but somehow it doesn't work.

What is the problem?

Here are my configs.

SW1:

interface GigabitEthernet0/0
 switchport trunk encapsulation dot1q
 switchport mode trunk
 negotiation auto
!
interface Vlan10
 ip vrf forwarding A
 ip address 10.10.10.10 255.255.255.0
!
ip route vrf A 0.0.0.0 0.0.0.0 10.10.10.11

SW2:

interface GigabitEthernet0/0
 switchport trunk encapsulation dot1q
 switchport mode trunk
 negotiation auto
!
interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 negotiation auto
!
interface Vlan10
 ip vrf forwarding A
 ip address 10.10.10.11 255.255.255.0
!
interface Vlan20
 ip vrf forwarding B
 ip address 20.20.20.21 255.255.255.0
!
ip route 10.10.10.11 255.255.255.255 Vlan10
ip route 20.20.20.21 255.255.255.255 Vlan20
ip route vrf A 20.20.20.0 255.255.255.0 20.20.20.21 global
ip route vrf B 10.10.10.0 255.255.255.0 10.10.10.11 global

SW3:

interface GigabitEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 negotiation auto
!
interface Vlan20
 ip vrf forwarding B
 ip address 20.20.20.20 255.255.255.0
!
ip route vrf B 0.0.0.0 0.0.0.0 20.20.20.21

MHM Cisco World · ‎02-19-2023

ip route 10.10.10.10 255.255.255.255 Vlan10
ip route 20.20.20.20 255.255.255.255 Vlan20
ip route vrf A 20.20.20.0 255.255.255.0 20.20.20.20 global
ip route vrf B 10.10.10.0 255.255.255.0 10.10.10.10 global

I make check and double check, I was thing that SW not support leaking with static route,
but I stop
what is the next-hop we use,
I check and find issue
we use next-hop which is SVI in same SW, that wrong
correct as above and check again
thanks

View solution in original post

Joseph W. Doherty · ‎02-19-2023

Routing leaking, eh? Long, long time since I've touched, and then, very infrequently.

So, possibly (? - i.e. crossed fingers):

ip route 10.10.10.11 255.255.255.255 Vlan10
ip route 20.20.20.21 255.255.255.255 Vlan20
ip route vrf A 20.20.20.0 255.255.255.0 20.20.20.20 global
ip route vrf B 10.10.10.0 255.255.255.0 10.10.10.10 global

View solution in original post

MHM Cisco World · ‎02-19-2023

https://www.ipmechanic.net/2020/06/inter-vrf-routing-using-simple-static.html

this link can help you

iores · ‎02-19-2023

I followed the similar example for VRF-to-VRF with static routing from here http://routeleak.com/route-leaking-global-vrf-routing-table/ but I want to use SVI instead routers.

MHM Cisco World · ‎02-19-2023

check below comment

iores · ‎02-19-2023

But 10.10.10.0 and 20.20.20.0 are in VLAN10 and VLAN20, respectively. What will I achieve with this?

MHM Cisco World · ‎02-19-2023

what we try is add

 static route in show ip route vrf a/b for prefix of VLAN10/20


ip route vrf VRF-B 10.10.10.0 255.255.255.0 VLAN10 


ip route vrf VRF-A 20.20.20.0 255.255.255.0 VLAN20

iores · ‎02-19-2023

I cannot do that because I need to specify next-hop IP address not vlan interface. What is wrong with my configs?

MHM Cisco World · ‎02-19-2023

in SW2


ip route vrf VRF-B 10.10.10.0 255.255.255.0 10.10.10.11  global 


ip route vrf VRF-A 20.20.20.0 255.255.255.0 20.20.20.21 global

interface Vlan10
 ip vrf forwarding A <<- remove this 
 ip address 10.10.10.11 255.255.255.0
!
interface Vlan20
 ip vrf forwarding B <<- remove this 
 ip address 20.20.20.21 255.255.255.0

iores · ‎02-19-2023

I am trying to do VRF-to-VRF leak.

MHM Cisco World · ‎02-19-2023

SW1(VRF-A)-(global)SW2(global)-(VRF-B)SW3

so we do static route in SW2 for leaking from VRF to VRF.
am I right ?

iores · ‎02-19-2023

SW1(VRF-A)-(VRF-A)SW2(VRF-B)-(VRF-B)SW3.

I want to do a route leak on SW2 from VRF to VRF.

MHM Cisco World · ‎02-19-2023

I found issue here

MHM Cisco World · ‎02-19-2023

ip route 10.10.10.10 255.255.255.255 Vlan10
ip route 20.20.20.20 255.255.255.255 Vlan20
ip route vrf A 20.20.20.0 255.255.255.0 20.20.20.20 global
ip route vrf B 10.10.10.0 255.255.255.0 10.10.10.10 global

I make check and double check, I was thing that SW not support leaking with static route,
but I stop
what is the next-hop we use,
I check and find issue
we use next-hop which is SVI in same SW, that wrong
correct as above and check again
thanks

Joseph W. Doherty · ‎02-19-2023

Routing leaking, eh? Long, long time since I've touched, and then, very infrequently.

So, possibly (? - i.e. crossed fingers):

ip route 10.10.10.11 255.255.255.255 Vlan10
ip route 20.20.20.21 255.255.255.255 Vlan20
ip route vrf A 20.20.20.0 255.255.255.0 20.20.20.20 global
ip route vrf B 10.10.10.0 255.255.255.0 10.10.10.10 global