How can I get VRF's to route to each other?

Steven Williams · ‎05-06-2013

Is this even possible?

I have a few 172.16.x.x addresses in a separate VRF table than my 10.170.x.x route table. The reason was due to an issue I had with my 172.16.x.x traffic routing over my 1 ISP WAN link as oppose to my other ISP WAN link.

But now I need a fax server (not Windows and now option to add a route in the system) that has a 10.170.x.x address to talk to a device in the 172.16.x.x network.

Steven Williams · ‎05-06-2013

Nexus 5k sorry. Using vPC's/vPC Peerlink so routing over the peerlink is frowned upon.

Reza Sharifi · ‎05-06-2013

Is is possible. In order for one vrf to talk to another vrf, you need to leak the vrfs together by using the route-target import command under each vrf. Have a look at this example

ip vrf vpn1

rd 100:1

route-target export 100:1

route-target import 100:1

route-target import 200:1

!

ip vrf vpn2

rd 200:1

route-target export 200:1

route-target import 200:1

route-target import 100:1

HTH

Deepak Ambotkar · ‎05-07-2013

HI Steven,

The commands given by Reza are correct. To add more to it or make it more controlled, you can use IMPORT/EXPORT maps to match specific IP or Subnet. Here you need fax serer reachable so you can import it from another VRF with import-map. Below is the example continuing with Reza's.

ip vrf vpn1

rd 100:1

route-target export 100:1

route-target import 100:1

route-target import 200:1

!

ip vrf vpn2

rd 200:1

route-target export 200:1

route-target import 200:1

route-target import 100:1

import map IMPORT-FAX

!

route-map IMPORT-FAX permit 10

match access-list 100

!
ip access-list 100 permit 10.170.x.x 255.255.255.255

Similarly you can use export map too, where you can select specific routes to announce.

(Please check access-list command, it may change)

HTH

Regards,

Deepak A.

Steven Williams · ‎05-07-2013

I dont see these commands anywhere within my 5k NX-OS?

NEXUS5K001(config)# vrf ?
context Create VRF and enter VRF mode

NEXUS5K001(config)# vrf context ?
WINDSTREAM (no abbrev) Configurable VRF name
WORD VRF name (Max Size 32)
management (no abbrev) Configurable VRF name

NEXUS5K001(config)# vrf context WINDSTREAM

NEXUS5K001(config-vrf)# ?
ip        Configure IP features
ipv6      Configure IPv6 features
no        Negate a command or set its defaults
shutdown Shutdown current VRF
end       Go to exec mode
exit      Exit from command interpreter
pop       Pop mode from stack or restore from name
push      Push current mode to stack or save it under name
where     Shows the cli context you are in

NEXUS5K001(config-vrf)# ip ?
auto-discard Auto 0.0.0.0/0 discard route
domain-list   Add additional domain names
domain-name   Specify default domain name
igmp          IGMP global configuration commands
mroute        Configure multicast RPF static route
name-server   Specify nameserver address
pim           PIM global configuration commands
route         Route information

NEXUS5K001(config-vrf)#

Steven Williams · ‎05-07-2013

No VRF leaking in the 5k. So you have to run an IGP between each Nexus and advertise addresses in each VRF. I still don't know how to do this, but I will figure out eventually.

Deepak Ambotkar · ‎05-07-2013

I think this ->

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/unicast/5_0_3_N1_1/l3_virtual.html#wp1082535

Steven Williams · ‎05-08-2013

I believe my fix for this is not routing over the peer-link, but how do I know for sure?

Deepak Ambotkar · ‎05-08-2013

Hi Steven,

Did actually see this issue properly from the begining. Could you please let me know what exactly are looking to do? Also what is the physical & logical setup including device model/type & NX-OS version?

Steven Williams · ‎05-08-2013

This was the original issue.

https://supportforums.cisco.com/message/3928505#3928505