Re: Routing between VRF and Global Routing Table

vdadlaney · ‎11-17-2010

Hi All,

Currently have a setup where we have multiple SVI interfaces in a VRF on a Catalyst 6500 Switch. All these SVI belong to the same VRF. In order to achieve connectivity for hosts within the VRF to access hosts outside the VRF (Hosts reachabe via the Global Routing Table (GRT)) I am thinking I need to configure 2 things

1. Creating a summary route for all the subnets within the VRF in the Global Routing table.

Note: 10.10.10.10 is the ip address of loopback 10 and this loopback 10 is in VRF Red

ip route 172.16.0.0 255.255.0.0 loopback10 10.10.10.10

2. Create a couple static routes within the VRF for networks that reside in the Global Routing table but which are not local to this 6K.

Note: 1.1.1.1 is the ip address of loopback 1 and this loopback 1 is in the GRT or not assigned to a VRF

ip route vrf Red 172.32.32.0 255.255.255.0 loopback1 1.1.1.1 global

ip route vrf Red 172.32.40.0 255.255.255.0 loopback1 1.1.1.1 global

ip route vrf Red 172.32.50.0 255.255.255.0 loopback1 1.1.1.1 global

I have read through some posts and it seems to indicate that I cannot point to a loopback interface as it is not a point to point interface. If so than could someone suggest how this solution can be achieved. The reason I was pointing to a loopback was so that I am not tied to a particular physical interface and for the summary route that was created in step 1 really not sure what L3 interface I could point to since I have multiple SVI's that are in the same VRF. Would I also need to create that same summary within the VRF. I don't intend to since I am assuming that once within the VRF the more specific connected interfaces would take affect and forward respectively.

In addition to the above I also need some help in determining the forwarding behavior when there is a ip helper address configured under the SVI's which are in a VRF but the ip address for that helper is not part of the VRF. I would think if a static route is configured under the VRF for that helper address network pointing it to the Global Routing table it should work. The config for that would be

ip route vrf RED 172.32.52.5 255.255.255.255 loopback1 1.1.1.1 global

Thx for your help.

vdadlaney · ‎11-18-2010

Pls help. Thanks

vdadlaney · ‎11-18-2010

Anyone...

Reza Sharifi · ‎11-18-2010

You can create a route map and import IPv4 prefixes from the global routing table into the vrf.

You can also limit the number of prefixes you want to import

Have a look at this document for examples:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_bgivt.html#wp1054457

HTH

Reza

vdadlaney · ‎11-18-2010

Hi Reza,

Thanks for responding however I am trying to avoid running BGP and using the RT. I would prefer to keep it simple and hence am trying to use static routes. I just wanted to know if the static routes would work when pointing to a loopback and if the static routes that I was thinking of would achieve the desired connectivity. Thx

Reza Sharifi · ‎11-18-2010

Hi,

Ok, how about this:

Create a loopback interface and make it part of vrf and global as follows:

vrf name is data in this example

T-1(config-if)#do sh run int lo 130
Building configuration...

Current configuration : 116 bytes
!
interface Loopback130
ip vrf receive data
ip address 130.130.1.1 255.255.255.255
ip policy route-map fake
end

T-1(config-if)#

Now, create route map fake as follows:

route-map fake permit 10
set vrf data

Also add the static:

ip route vrf data 130.130.0.0 255.255.0.0 Loopback0 130.130.0.1

ip route 130.130.0.0 255.255.0.0 Null0

now I can ping 130.130.1.1 from glocal and vrf data as follows:

T-1(config-if)#do pi vrf data 130.130.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 130.130.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
T-1(config-if)#do pi 130.130.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 130.130.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
T-1(config-if)#

HTH

Reza

vdadlaney · ‎11-18-2010

Hi Reza,

Thanks for the response. I am a little confused on why we need the route-map and policy routing. Won't it work just with static routes like I posted initially? My idea was to just configure static routes in the vrf pointing to a global interface and global next hop ip also using the global keyword. For the route back from Global to VRF just create a static route in the Global Table pointing to a VRF interface and next hop. All I was using for the interfaces was a loopback interface (Different loopback interface/ip for global and vrf) Appreciate it if you could explain a bit further on what problems would be faced with the config that I posted initially. Thx

Regards,

Vikram

sfaizul · ‎11-19-2010

Hi ,

I am attaching the Cisco Doc. covering the Route Leaking B/w Global to VRF and Route Leaking b/w Different VRF , hope it will help.

http://www.cisco.com/application/pdf/paws/47807/routeleaking.pdf

Regards

Syed.

vdadlaney · ‎11-19-2010

Hi Syed,

Thanks for that pdf. I had actually read the online version of that doc however the example is very simple. The scenario that I have isn't that much complicated and the static routes should work however since I have never implemented it just wanted some feedback. The VRF's I have are configured under a SVI and I am thinking of pointing the static routes to a loopback. I was looking for feedback on whether that is a supported method as I have read in various other posts that pointing to a loopback is not a valid option and in addition also wanted to find out what if any would be the impact on the switches from a traffic forwarding perspective since the next hop would be a locally configured loopback interface. Thanks

Regards,

Vikram

anthonykahwati · ‎11-22-2017

Hi

Just looking at this thread. I read the cisco .pdf and it looks like it needs you to use a serial interface, or should I say, point to point interface. Is this the case or could a broadcast interface or NBMA work??

Many thanks

Anthony

ermak-ppu1 · ‎03-06-2013

Hi,

I'm not sure that command for GRT

ip route 172.16.0.0 255.255.0.0 loopback10 10.10.10.10

where Lo10 is in VRF will work properly. I suppose if you need 100% working way than you can use that:

1. Make phisycal loop between two ports, for example Gi1/1 and Gi1/2.

2. Set on Gi1/1 ip address, for example 1.1.1.2/31 (It's in GRT)

3. Set Gi1/2 to VRF, in your example is Red.

4. Set on Gi1/2 ip address, for example 1.1.1.3/31 (It's in Red)

5. Make static or dynamic routing using this loop.

Or if you have not less than 2 routers you can use as loop link between them - on the one side link/sub-if/SVI will be in GRT on the other side in VRF.

Good luck