Hi Lei,

can you give me an idea of how the physical cable would be setup?  I'm not prepared to create the additional vrfs and leak routes between them, but the cable option sounds interesting.  Would it be a matter of connecting one cable to say port eth 1/1 that is in the VRF and eth 1/2 that is in a vlan or l3 mode?  I see I would need to burn two

SFPs per switch too. 

thank you

Hi Bill,

Yes, you got the idea. Just connect one cable to two physical ports, one in VRF and the other port in a vlan or l3 mode in default VRF. You can even form routing protocol between the physical ports, so dynamically leak routes from VRF into default vrf.

HTH,

Lei Tian

Lei, I see I can only place a layer 3 interface in a VRF.  Would I need to assign the L3 interface an IP address in the VRF subnet, or is it good enough to just have the interface belong to the VRF with no IP address? 

thank you

Hi Bill,

Yes, you can only assign L3 interface into VRF. It is layer 3 concept, think each VRF as a seperarte routing table. If the physcial port is access port, you can put the SVI in a VRF.

HTH,

Lei Tian

Hi Lei.  I was planning on putting an SVI in the VRF, but how do I bridge that SVI with the physical port?  Could I simply put it in the same VLAN as the SVI? 

port 1/19 - vlan 255 (Global routing table that has Internet GW in that vlan)   <------->  port 1/20 - vlan 164  (SVI of that vlan in VRF)

thanks again

Hi Bill,

So e1/20 will be

switchport mode access

switch port access vlan 164

interface vlan164

vrf memeber RED

HTH,

Lei Tian

That's what I was imagining, but I now see another vlan, 165, that needs put into the same VRF.  So with that method I'd need to use another pair of interfaces in the same switch wouldn't I? 

thanks

No, you dont need to have another pair of interfaces. Just put the SVI for vlan 165, 164 into the same VRF, and form a routing neighbor between vlan 255 and vlan 164.

HTH,

Lei Tian

Lei, how could I form a neighbor relationship between an SVI in one vlan and an SVI in another VLAN?  They'd need to be on the same network wouldn't they?  And then in order to use the VRF for routing I'd need to filter the routes using a route map on the neighbor between the SVI in vlan 164 and vlan 255 to prevent learning those same routes outside the VRF should they exist there, right?  Sorry this question is dragging on, but I'm still unclear how to implement it. 

thanks

Unfortunately I don't have a lab to test this, but what if I were to create an L3 interface that is on the same subnet as the gateway in the global vlan and assign it to the VRF?

e 1/19 (vlan 255)  < ------------------------>   e 1/20 (VRF L3 192.168.1.2)

gateway 192.168.1.1 (vlan 255)                                                       

Would I then be able to form a routing adjacency with between the global routing table gateway and the VRF?  I would be assigning all 3 networks, 192.168.1.0, 192.168.64.0 and 192.168.65.0 to the same VRF.  But rather than use a routing protocol, could I just enter a default route under the VRF context to point to 192.168.1.1 and then from the global routing table of the Nexus enter an ip route 192.168.64.0/24 vlan 164 command? 

Can you tell me the subnets that are in the VRF, and the subnets that you want leak into default VRF?

HTH,

Lei Tian

I want to put 192.168.64.0/24 and 192.168.65.0/24 in the VRF.  The 192.168.1.0/24 is the vlan used between my core and Internet gateway.  I want to leak only the default 0.0.0.0/0 into that VRF in order to provide Internet access.  I then want to run OSPF in the VRF to communicate the WAN networks and routes inside the VRF along with a few static routes built under the vrf context to take care of all the non-Internet routing.

thanks Lei