cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
942
Views
1
Helpful
3
Replies

Bind a Specific TLOC to a Specific Service VRF

venom43212
Level 4
Level 4

We have two TLOCs on a cEdge, with a single service VRF. Bringing in an additional transport and setting up a second service VRF. I want to ensure the new service VRF is using the new TLOC, and only that service VRF. Is there a way to bind a service VRF to a particular TLOC?

1 Accepted Solution

Accepted Solutions

Hi,

there is direct way, like one click "native" configuration.

But there is centralized control policy which can provide you what you want.

In centralized control policy ("Topology") you need OMP route type policy modification. I don't know, how your current policy looks like, but I'll write for clear policy example, you may add with respective sequence number:

Policy should contain:

sequence 1:

match VPN = your VRF
match TLOC = new TLOC
action = accept

sequence 11

match VPN = your VRF
action = reject

sequence 21:

match TLOC List = new TLOC

action = reject

Note: if you don't have policy yet, then don't forget default action, add explicit accept any or change action in default action for rest of routing.

Apply this topology policy in inbound direction for that site (vSmart will receive all routes from site, but will filter in vSmart OMP table and only non-filtered routes will be advertised to rest of sites).

Explanation:
seq1# by this entry OMP routes for respective VRF will be allowed if TLOC is new TLOC. Your VRF will be reachable through new TLOC

seq11# by this entry all routes from site with respective VRF (service VPN) and any other TLOC (other than new TLOC, seq1 is evaluated before and permits routes with new TLOC) will be filtered

seq 21# by this entry any OMP VPN route (for VRF other than your mentioned service VRF) will be filtered over new TLOC

Thus, remote sites will receive any route information about mentioned VRF with only new TLOC. And none of other VRF route information will be available with new TLOC.

 

 

 

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

3 Replies 3

Hi,

there is direct way, like one click "native" configuration.

But there is centralized control policy which can provide you what you want.

In centralized control policy ("Topology") you need OMP route type policy modification. I don't know, how your current policy looks like, but I'll write for clear policy example, you may add with respective sequence number:

Policy should contain:

sequence 1:

match VPN = your VRF
match TLOC = new TLOC
action = accept

sequence 11

match VPN = your VRF
action = reject

sequence 21:

match TLOC List = new TLOC

action = reject

Note: if you don't have policy yet, then don't forget default action, add explicit accept any or change action in default action for rest of routing.

Apply this topology policy in inbound direction for that site (vSmart will receive all routes from site, but will filter in vSmart OMP table and only non-filtered routes will be advertised to rest of sites).

Explanation:
seq1# by this entry OMP routes for respective VRF will be allowed if TLOC is new TLOC. Your VRF will be reachable through new TLOC

seq11# by this entry all routes from site with respective VRF (service VPN) and any other TLOC (other than new TLOC, seq1 is evaluated before and permits routes with new TLOC) will be filtered

seq 21# by this entry any OMP VPN route (for VRF other than your mentioned service VRF) will be filtered over new TLOC

Thus, remote sites will receive any route information about mentioned VRF with only new TLOC. And none of other VRF route information will be available with new TLOC.

 

 

 

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Hi Kanan. Yes, we do have a centralized policy in place currently for topology. I'll give it a spin in the lab and let you know. Thanks for the reply.

venom43212
Level 4
Level 4

Hi Kanan. Tested this morning, and that worked. Thanks again for the reply.