Inter-VRF static routes
Swapnendu was trying to implement inter-VRF route leaking in multi-VRF environment without using route targets. He decided to use inter-VRF static routes, but got concerned after reading the following paragraph from Cisco’s documentation:
You can not configure two static routes to advertise each prefix between the VRFs, because this method is not supported. Packets will not be routed by the router. To achieve route leaking between VRFs, you must use the import functionality of route-target and enable Border Gateway Protocol (BGP) on the router. No BGP neighbor is required
There is no reason why inter-VRF static routes on point-to-point interfaces would not work. However … if Cisco's documentation states something is not supported, that's exactly what it is: not supported. It might work for you, it might not work on specific platforms and it might be broken in a future software release (like MPLS VPN on 1800 routers). You're using it at your own risk and if it stops working you can't even complain to the TAC (because they'll tell you it's unsupported).
- All the details of Multi-VRF design and deployment are covered in the “Virtual router connectivity” chapter of my MPLS and VPN Architectures (Volume II) book.
- You might want to use inter-VRF NAT instead of route leaking. It’s described in the “Add a VPN to an Enterprise Network with Multi-VRF Functionality” IP Corner article.
Posts
5 comments:
thanks for sharing this with everyone..
in summary i can say the following -
Routing between two VRFs on the same router is not allowed officially (though method exists to bypass this) using any static route combination for Ethernet/SVI/other multipoint interface types. MP-BGP must be used to achieve this. MP-BGP can be used without any neighbors, just redistribute connected routes into MP-BGP and set the route-targets correctly.
To bypass this restriction on P2P links :
If VPN1 and VPN2 are connected via a point-to-point interface e.g. serial link, static routes can be used to communicate between the VRFs *WITHOUT* using MPBGP. This doesn’t work for multiaccess interfaces like VLAN or Ethernet interface.
ip route vrf VRF1 destination-other-VRF2-subnet mask other-VRF2-local-interface-P2P
If added on a interfaces like Ethernet or SVI – error
% For VPN routes, must specify a next hop IP address if not a point-to-point interface
cheers
Swapnendu
CCIE#19804 :)
finally the comments worked!
You can also use static routes over multiaccess interfaces, but you have to specify the next-hop address in the other VRF.
Inter-VRF static route pointing to a multiaccess interface has never been allowed (this limitation goes back to 12.0T).
Quick question. When using MP-BGP why must one import yourself in order to perform route leaking?
ip vrf test1
rd 100:1
route-target import 100:1
route-target export 100:1
route-target import 200:1
ip vrf test2
rd 200:1
route-target import 200:1
route-target export 200:1
route-target import 100:1
I haven't tested this for years, but a while ago you had to import your own routes due to a bug (well, implementation detail :) ) in Cisco IOS.
Thanks Ivan. I have tested that it isn't necessary on recent code. Appreciate you response.
This blog is using JS-Kit comments. You have to enable JavaScript if you want to post a comment.