VRF transitive?

Kevin-H · ‎09-22-2017

Does anyone know if VRF is transitive?

vrf Internet

import/export Guests

import/export Creditcards

vrf Guests

import/export Internet

vrf Creditcards

import/export Internet

Would Guests & Creditcards be able to talk to each other, through the Internet vrf?

If so, is ACL or firewall the only way to stop them from talking to each other?

TIA

Julio E. Moisa · ‎09-22-2017

Hi,

I have not applied that before but it could works, other way to allow the communication between VRF is with the following configuration:

vrf Guests

import/export route-target (Guest)

import route-target (Creditcards)

vrf Creditcards

import/export route-target (Creditcards)

import route-target (Guest)

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Kevin-H · ‎09-22-2017

Thank you for the quick reply, but we actually don't want Guests & Creditcards to talk to each other for security reasons.

If Guests & Creditcards don't import/export each other's RT, they should not be able to talk to each other, correct? (which is what we want)

Julio E. Moisa · ‎09-22-2017

That is correct, actually if they don't import the each other VRFs.

Now if you want to allow Internet access for them separately, you can keep the Internet default route on the global table.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<