Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9884
Views
0
Helpful
2
Replies

Static route vrf VRF to Global (vrf default)

Stanislav Zaikin
Level 1
Level 1

‎01-23-2013 03:00 AM

Hello.

Trying to route traffic from vrf to global (at 7600 this possible).

Trying to route traffic between:

RP/0/RSP1/CPU0:zip#sh run int tenGigE 0/0/0/0.173

Wed Jan 23 18:49:55.235 UTC

interface TenGigE0/0/0/0.173

vrf kappa

ipv4 address 10.0.0.2 255.255.255.252

encapsulation dot1q 173

!

RP/0/RSP1/CPU0:zip#sh run int tenGigE 0/0/0/0.5

Wed Jan 23 18:50:02.285 UTC

interface TenGigE0/0/0/0.5

ipv4 address 8.8.8.1 255.255.255.0

encapsulation dot1q 5

!

Have this loopbacks:

RP/0/RSP1/CPU0:zip#sh run int loopback 0

Wed Jan 23 18:50:38.665 UTC

interface Loopback0

ipv4 address 17.17.191.6 255.255.255.255

!

RP/0/RSP1/CPU0:zip#sh run int loopback 1

Wed Jan 23 18:50:39.795 UTC

interface Loopback1

vrf kappa

ipv4 address 17.17.191.7 255.255.255.255

!

Add static routes:

RP/0/RSP1/CPU0:zip#sh run router static

Wed Jan 23 18:52:36.308 UTC

router static

address-family ipv4 unicast

  10.0.0.0/30 vrf kappa Loopback1

!

vrf kappa

  address-family ipv4 unicast

   0.0.0.0/0 vrf default Loopback0

  !

!

!

And view routes:

RP/0/RSP1/CPU0:zip#sh route

Wed Jan 23 18:52:26.039 UTC

Codes: C - connected, S - static, R - RIP, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, su - IS-IS summary null, * - candidate default

       U - per-user static route, o - ODR, L - local, G  - DAGR

       A - access/subscriber, - FRR Backup path

Gateway of last resort is not set

L    2.2.2.2/32 is directly connected, 2d00h, Loopback100

C    8.8.8.0/24 is directly connected, 04:03:47, TenGigE0/0/0/0.5

L    8.8.8.1/32 is directly connected, 04:03:47, TenGigE0/0/0/0.5

S    10.0.0.0/30 is directly connected, 00:00:37, Loopback1 (nexthop in vrf kappa)

L    17.17.191.6/32 is directly connected, 04:41:28, Loopback0

RP/0/RSP1/CPU0:zip#sh route vrf kappa

Wed Jan 23 18:52:29.031 UTC

Codes: C - connected, S - static, R - RIP, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, su - IS-IS summary null, * - candidate default

       U - per-user static route, o - ODR, L - local, G  - DAGR

       A - access/subscriber, - FRR Backup path

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*   0.0.0.0/0 is directly connected, 00:00:05, Loopback0 (nexthop in vrf default)

C    10.0.0.0/30 is directly connected, 04:45:11, TenGigE0/0/0/0.173

L    10.0.0.2/32 is directly connected, 04:45:11, TenGigE0/0/0/0.173

L    17.17.191.7/32 is directly connected, 02:32:56, Loopback1

But this doesn't work:

RP/0/RSP1/CPU0:zip#ping vrf kappa 8.8.8.1

Wed Jan 23 18:54:01.004 UTC

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

1 person had this problem
Labels:
0 Helpful
2 Replies 2

dpothier
Cisco Employee
Cisco Employee

‎01-23-2013 04:14 AM

hi Stanislav,

Afaik that feature is coming in the 4.3.1 It's called "Interafi import (global import) feature" Release.

Details as follows:

Configuration CLI: The following two new CLIs are defined.

The user can configure following under global VRF config to enable importing default-VRF routes to VRF foo.

          import from default-vrf route-policy

Example:

          vrf foo

           address-family ipv4 unicast

            import from default-vrf route-policy mypolicyimport

(ii) The user can configure following under global VRF config to enable exporting VRF foo routes into the default-VRF table.

          export to default-vrf route-policy

Example:

          vrf foo

           address-family ipv4 unicast

            export to default-vrf route-policy mypolicyexport

These above configurations are per address-family (ipv4 unicast and ipv6 unicast). The new config coexists with the existing VPN import config based on route-targets and route-policy.

Example: When all import/export configurations are enabled:

          vrf foo

           address-family ipv4 unicast

            import route-policy myvpnimportpolicy

            import from default-vrf route-policy passall

            import route-target

             1:1

             2:2

            !

            export route-policy myvpnexportpolicy

            export to default-vrf route-policy passall

            export route-target

             2:2

             4:4

             5:1

            !

           !

          !

          end

regards,

David

0 Helpful

tkor
Level 1
Level 1
In response to dpothier

‎01-29-2013 09:19 AM

Hi David,

i've been looking for a similar solution and this appears to be what we've been looking for.

So if i'm to understand correctly what you've said, this way we'll be able to "automate" the import/export of routes

from vrf->global and vice versa, correct?

Could we then apply the same logic to a hub and spoke internet access vpn, where we have the VPN_to_Internet hub vrf that

will eventually leak/export customer VPN routes to default-vrf and import only 0/0 (default route)? This way we can "automate" even more export of customer routes to the global table, and for all customer VPNs with internet access, only use standard import/export or RTs with this hub vrf?

Regards

Themis

0 Helpful
Customers Also Viewed These Support Documents