Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1467
Views
0
Helpful
5
Replies

Vrf

Go to solution
SajeshB
Level 1
Level 1

‎09-08-2020 08:30 AM - edited ‎09-08-2020 09:30 AM

Need help to understand route between Vlan and Vrf configured vlan

 

We have 2 L3  vlan created on core switch.

 

Int vlan 26

Ip add 10.18.71.1

Ip ospf 100 area 0

 

Int vlan 413

Ip vrf forwarding Red

Ip add 163.122.136.94

Exit 

 

Ip vrf red

Rd 6453:Red

Route target export 6453:Red

Route target export 6453:Red

 

Router bgp 6453

Address-family ipv4 vrf red

Redistribute connected

Redistribute static

Exit-address-family

 

Ip route vrf red 0.0.0.0 0.0.0.0 163.122.136.91

 

Now i have first firewall connected to vlan 26 and all the traffic from firewall is getting nat to vlan 26 Ip.

 

And from vlan 26 the traffic is flowing to vlan 413 and going to second firewall as vlan 413 is in vrf and default route is pointed toward second firewall Ip

How the traffic is flowing from vlan 26 to vlan 413 as vlan 413 is in vrf ??

Do i need to check anything in Bgp configuration.

Labels:
Preview file
8794 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to SajeshB

‎09-08-2020 09:36 AM

Hello,

you are right the two firewalls are not connected.

In this case route leakage should be configured between VRF and global routing table using static routes.

 

Hope to help

Giuseppe

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-08-2020 09:04 AM

Hello @SajeshB ,

>> How the traffic is flowing from vlan 26 to vlan 413 as vlan 413 is in vrf ??

via the two external firewall devices according to your description.

 

Please note that playing with route targets in MP BGP is a good way to create communication between two different VRFs, but it does not apply to the global routing table GRT because they miss the route target attribute.

Even if you had two different VRFs you should not try to import / export using route targets because you will risk to bypass the external firewalls.

 

Hope to help

Giuseppe

0 Helpful

Go to solution
SajeshB
Level 1
Level 1
In response to Giuseppe Larosa

‎09-08-2020 09:26 AM

Thanks for the reply.

 

Can u pls see the attach simple network digram both the firewall are not connected.

 

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to SajeshB

‎09-08-2020 09:36 AM

Hello,

you are right the two firewalls are not connected.

In this case route leakage should be configured between VRF and global routing table using static routes.

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
SajeshB
Level 1
Level 1
In response to Giuseppe Larosa

‎09-08-2020 09:41 AM

Spoiler
 

Thankyou so much i was also searching the same.

0 Helpful

Go to solution
SajeshB
Level 1
Level 1
In response to SajeshB

‎09-08-2020 09:41 AM

Thankyou so much i was also searching the same.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card