Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4806
Views
0
Helpful
4
Replies

VRF to Internet access

Go to solution
network_user
Level 1
Level 1

‎08-08-2012 12:26 PM - edited ‎03-07-2019 08:14 AM

Hello,

I have a VRF implemented on our internet gateway for a customer network. And in order for this VRF to be able to access internet and the VRF subnet get advertised into BGP to ISP router I added two static routes in the configuration as below.

ip route <vrf_subnet> <vrf_interface>  ----so that global routing table has entry for the vrf subnet and get advertised into BGP routes

ip route vrf <vrf_name> 0.0.0.0 0.0.0.0 <ISP interface> <ISP next hop ip address> global   --- so that vrf routing table has a default route to internet

Now my question is if I have multiple customers set like this on the same router then I will end up adding ip route vrf defualt routes to all the VRFs to be able to access internet. But by doing that I am also allowing access from one vrf to another, right? Which would beat the vrf puspose I am applying it for.

Could someone let me know if my approach is right, or is there another way I can do this?

Thank you.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎08-08-2012 12:45 PM

Hi,

You approach is correct.  This is the only way you can provide Internet access to your customers.  Also, by doing that you are not allowing access from one vrf to another. In order for one vrf to access another one you would need to do export/ import between the vrfs or use export map.

HTH

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎08-08-2012 12:45 PM

Hi,

You approach is correct.  This is the only way you can provide Internet access to your customers.  Also, by doing that you are not allowing access from one vrf to another. In order for one vrf to access another one you would need to do export/ import between the vrfs or use export map.

HTH

0 Helpful

Go to solution
network_user
Level 1
Level 1
In response to Reza Sharifi

‎08-08-2012 12:47 PM

Thanks for confirming this Reza!!

0 Helpful

Go to solution
network_user
Level 1
Level 1
In response to Reza Sharifi

‎08-08-2012 12:49 PM

I have another question on the same topic... when would I use address-family ipv4 under BGP process?? Can that be used to redistribute vrf routes into global/BGP routing table?

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to network_user

‎08-08-2012 12:58 PM

Address-family is used to separate one vrf from another and also to separate ipv4 peering from ipv6.  I am not sure if you can use it to redistribute from vrf to global.  I have only seen it using static route. 

HTH

0 Helpful
Customers Also Viewed These Support Documents