07-10-2009 12:07 PM - edited 03-06-2019 06:41 AM
I have a 2811 with 3 ISP's, and am trying to set up equal-cost routes for load-balancing. The ISP interfaces and firewall interface are in a "PUBLIC" vrf. All other interfaces are in the global config. Everything is fine with a single default route. However, when I add a 2nd default route, I lose all connectivity to both public interfaces. I can still access the firewall interface (from a node behind the interface). Are there any restrictions in VRF for multiple default routes? Related config is attached.
07-10-2009 12:28 PM
No restrictions with having multiple default routes in a VRF. The rules of routing within a VRF are the same as with a global routing table.
You may be running into an issue with NAT and the packet trying to exit an interface with a translated address in the wrong block.
Inspect your NAT table and see this behavior.
HTH,
__
Edison.
07-10-2009 01:43 PM
If I were trying to access internal hosts, perhaps, but I'm simply trying to SSH to any of the public interfaces within the VRF from a non-local public ip address. I didn't think NAT played a part there. I have been known to be wrong before, though... :)
07-10-2009 04:00 PM
Can you provide a detailed description as the source and destination of the traffic and ip route table before and after the problem occurs.
In your original message, you stated 'all other interfaces are in the global config' yet on the portion of the config it only shows interfaces within the VRF, no interfaces in the global routing table.
If you want to isolate this to a NAT issue, add the multiple default routes and during a maintenance window, remove the NAT and try to SSH.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide