Static route vrf VRF to Global (vrf default)

Stanislav Zaikin · ‎01-23-2013

Hello.

Trying to route traffic from vrf to global (at 7600 this possible).

Trying to route traffic between:

RP/0/RSP1/CPU0:zip#sh run int tenGigE 0/0/0/0.173

Wed Jan 23 18:49:55.235 UTC

interface TenGigE0/0/0/0.173

vrf kappa

ipv4 address 10.0.0.2 255.255.255.252

encapsulation dot1q 173

!

RP/0/RSP1/CPU0:zip#sh run int tenGigE 0/0/0/0.5

Wed Jan 23 18:50:02.285 UTC

interface TenGigE0/0/0/0.5

ipv4 address 8.8.8.1 255.255.255.0

encapsulation dot1q 5

!

Have this loopbacks:

RP/0/RSP1/CPU0:zip#sh run int loopback 0

Wed Jan 23 18:50:38.665 UTC

interface Loopback0

ipv4 address 17.17.191.6 255.255.255.255

!

RP/0/RSP1/CPU0:zip#sh run int loopback 1

Wed Jan 23 18:50:39.795 UTC

interface Loopback1

vrf kappa

ipv4 address 17.17.191.7 255.255.255.255

!

Add static routes:

RP/0/RSP1/CPU0:zip#sh run router static

Wed Jan 23 18:52:36.308 UTC

router static

address-family ipv4 unicast

10.0.0.0/30 vrf kappa Loopback1

!

vrf kappa

address-family ipv4 unicast

0.0.0.0/0 vrf default Loopback0

!

And view routes:

RP/0/RSP1/CPU0:zip#sh route

Wed Jan 23 18:52:26.039 UTC

Codes: C - connected, S - static, R - RIP, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, su - IS-IS summary null, * - candidate default

U - per-user static route, o - ODR, L - local, G - DAGR

A - access/subscriber, - FRR Backup path

Gateway of last resort is not set

L 2.2.2.2/32 is directly connected, 2d00h, Loopback100

C 8.8.8.0/24 is directly connected, 04:03:47, TenGigE0/0/0/0.5

L 8.8.8.1/32 is directly connected, 04:03:47, TenGigE0/0/0/0.5

S 10.0.0.0/30 is directly connected, 00:00:37, Loopback1 (nexthop in vrf kappa)

L 17.17.191.6/32 is directly connected, 04:41:28, Loopback0

RP/0/RSP1/CPU0:zip#sh route vrf kappa

Wed Jan 23 18:52:29.031 UTC

Codes: C - connected, S - static, R - RIP, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, su - IS-IS summary null, * - candidate default

U - per-user static route, o - ODR, L - local, G - DAGR

A - access/subscriber, - FRR Backup path

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S* 0.0.0.0/0 is directly connected, 00:00:05, Loopback0 (nexthop in vrf default)

C 10.0.0.0/30 is directly connected, 04:45:11, TenGigE0/0/0/0.173

L 10.0.0.2/32 is directly connected, 04:45:11, TenGigE0/0/0/0.173

L 17.17.191.7/32 is directly connected, 02:32:56, Loopback1

But this doesn't work:

RP/0/RSP1/CPU0:zip#ping vrf kappa 8.8.8.1

Wed Jan 23 18:54:01.004 UTC

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

dpothier · ‎01-23-2013

hi Stanislav,

Afaik that feature is coming in the 4.3.1 It's called "Interafi import (global import) feature" Release.

Details as follows:

Configuration CLI: The following two new CLIs are defined.

The user can configure following under global VRF config to enable importing default-VRF routes to VRF foo.

import from default-vrf route-policy

Example:

vrf foo

address-family ipv4 unicast

import from default-vrf route-policy mypolicyimport

(ii) The user can configure following under global VRF config to enable exporting VRF foo routes into the default-VRF table.

export to default-vrf route-policy

Example:

vrf foo

address-family ipv4 unicast

export to default-vrf route-policy mypolicyexport

These above configurations are per address-family (ipv4 unicast and ipv6 unicast). The new config coexists with the existing VPN import config based on route-targets and route-policy.

Example: When all import/export configurations are enabled:

vrf foo

address-family ipv4 unicast

import route-policy myvpnimportpolicy

import from default-vrf route-policy passall

import route-target

1:1

2:2

!

export route-policy myvpnexportpolicy

export to default-vrf route-policy passall

export route-target

2:2

4:4

5:1

!

end

regards,

David

tkor · ‎01-29-2013

Hi David,

i've been looking for a similar solution and this appears to be what we've been looking for.

So if i'm to understand correctly what you've said, this way we'll be able to "automate" the import/export of routes

from vrf->global and vice versa, correct?

Could we then apply the same logic to a hub and spoke internet access vpn, where we have the VPN_to_Internet hub vrf that

will eventually leak/export customer VPN routes to default-vrf and import only 0/0 (default route)? This way we can "automate" even more export of customer routes to the global table, and for all customer VPNs with internet access, only use standard import/export or RTs with this hub vrf?

Regards

Themis