Inter-VRF Route Leaking Configuration
This chapter shows how to configure inter-VRF route leaking.
Overview
Virtual Routing and Forwarding (VRF) provides the ability to have multiple virtual routers on a single physical device. VRFs operate without knowledge of one another unless they are imported or exported into one another using inter-VRF route leaking. Inter-VRF route leaking allows leaking of route prefixes from one VRF instance to another VRF instance on the same physical router which eliminates the need for external routing.This is useful in cases where multiple VRFs share the same path to reach an external domain, while maintaining their internal routing information limited to their own VRF. This feature enables a data center to consolidate multiple VRF services onto a single server.
There are two types of inter-VRF route leaking:
• Static leaking: leaking manually configured static route entries from a source VRF to a global default VRF table.
• Dynamic leaking: leaking connected routes and dynamically learned routes from protocols such as ISIS, OSPF, and BGP from a source VRF to a destination VRF.
Static Leaking
Static route leaking directly between VRFs is not supported. What does work is routing traffic from a VRF to the global default VRF routing table. One advantage of using static route leaking is that you can configure exactly which routes are reachable without configuring BGP.
Topology
Static leaking
Configuration
The following steps describe how to configure static leaking.
RTR1
RTR1#configure terminal | Enter configure mode. |
RTR1(config)#interface xe5 | Enter interface mode |
RTR1(config-if)#ip address 5.5.5.5/24 | Assign IP address 5.5.5.5 to interface xe5 |
RTR1(config-if)#exit | Exit interface mode |
RTR1(config)#interface xe27 | Enter interface mode |
RTR1(config-if)#ip address 1.1.1.1/24 | Assign IP address 1.1.1.1 to interface xe27 |
RTR1(config-if)#exit | Exit interface mode |
RTR2
RTR2#configure terminal | Enter configure mode. |
RTR2(config)#interface xe1/2 | Enter interface mode |
RTR2(config-if)#ip address 1.1.1.2/24 | Assign IP address 1.1.1.2 to interface xe1/2 |
RTR2(config-if)#exit | Exit interface mode |
RTR2(config)#ip vrf vrf1 | Create VRF vrf1 |
RTR2(config-vrf)#exit | Exit VRF mode |
RTR2(config)#interface xe3/1 | Enter interface mode |
RTR2(config-if)#ip vrf forwarding vrf1 | Associate xe3/1 to vrf1 |
RTR2(config-if)#ip address 6.6.6.6/24 | Assign IP address 6.6.6.6 to interface xe3/1 |
RTR2(config-if)#exit | Exit interface mode |
RTR2(config)#ip route vrf vrf1 5.5.5.0/24 1.1.1.1 xe1/2 global | Add static route to reach global default VRF table |
RTR2(config)#exit | Exit configure mode |
Validation
RTR2#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 1.1.1.0/24 is directly connected, xe1/2, 00:00:05
C 127.0.0.0/8 is directly connected, lo, 00:20:38
IP Route Table for VRF "management"
Gateway of last resort is 10.12.29.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.12.29.1, eth0, 00:20:38
C 10.12.29.0/24 is directly connected, eth0, 00:20:38
C 127.0.0.0/8 is directly connected, lo.management, 00:20:38
IP Route Table for VRF "vrf1"
S v5.5.5.0/24 [1/0] via 1.1.1.1, xe1/2, 00:05:20
C 6.6.6.0/24 is directly connected, xe3/1, 00:07:06
C 127.0.0.0/8 is directly connected, lo.vrf1, 00:12:25
RTR2#show ip route vrf all database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
> - selected route, * - FIB route, p - stale info
IP Route Table for VRF "default"
C *> 1.1.1.0/24 is directly connected, xe1/2, 00:00:51
C *> 127.0.0.0/8 is directly connected, lo, 00:21:24
IP Route Table for VRF "management"
S *> 0.0.0.0/0 [1/0] via 10.12.29.1, eth0, 00:21:24
C *> 10.12.29.0/24 is directly connected, eth0, 00:21:24
C *> 127.0.0.0/8 is directly connected, lo.management, 00:21:24
IP Route Table for VRF "vrf1"
S *> v5.5.5.0/24 [1/0] via 1.1.1.1, xe1/2, 00:06:06
C *> 6.6.6.0/24 is directly connected, xe3/1, 00:07:52
C *> 127.0.0.0/8 is directly connected, lo.vrf1, 00:13:11
Dynamic Leaking
Route Leaking enables communication between isolated (virtual) routing domains by segregating and sharing a set of services that are available on one routing domain with other virtual domains. Inter-VRF route leaking enables a VRF to leak or export routes in its router to one or more VRFs. Dynamic route leaking enables a source VRF to share both its connected routes as well as dynamically learned routes from protocols such as ISIS, OSPF, and BGP to destination VRFs.
Topology
Dynamic leaking
Configuration
The following steps describe how to configure dynamic leaking.
RTR1
RTR1#configure terminal | Enter configure mode. |
RTR1(config)#interface xe5 | Enter interface mode |
RTR1(config-if)#ip address 5.5.5.5/24 | Assign IP address 5.5.5.5 to interface xe5 |
RTR1(config-if)#exit | Exit interface mode |
RTR1(config)#interface xe27 | Enter interface mode |
RTR1(config-if)#ip address 1.1.1.1/24 | Assign IP address 1.1.1.1 to interface xe27 |
RTR1(config-if)#exit | Exit interface mode |
RTR1(config)#router ospf 1 | Enter OSPF router mode |
RTR1(config-router)#network 1.1.1.0/24 area 0 | Specify the network type and area 0 |
RTR1(config-router)#redistribute connected | Redistribute connected route inside ospf |
RTR1(config-router)#exit | Exit OSPF router mode |
RTR2
RTR2#configure terminal | Enter configure mode. |
RTR2(config)#ip vrf vrf1 | Create VRF vrf1 |
RTR2(config-vrf)#rd 100:1 | Configure route distinguisher in the VRF |
RTR2(config-vrf)#route-target export 100:1 | Configure export route target |
RTR2(config-vrf)#route-target import 200:1 | Configure import route target |
RTR2(config-vrf)#exit | Exit VRF mode |
RTR2(config)#ip vrf vrf2 | Create VRF vrf2 |
RTR2(config-vrf)#rd 200:1 | Configure route distinguisher in the VRF |
RTR2(config-vrf)#route-target export 200:1 | Configure export route target |
RTR2(config-vrf)#route-target import 100:1 | Configure import route target |
RTR2(config-vrf)#exit | Exit VRF mode |
RTR2(config)#interface xe1/2 | Enter interface mode |
RTR2(config-if)#ip vrf forwarding vrf1 | Associate vrf1 to interface xe1/2 |
RTR2(config-if)#ip address 1.1.1.2/24 | Assign IP address 1.1.1.2 to interface xe1/2 |
RTR2(config-if)#exit | Exit interface mode |
RTR2(config)#interface xe3/3 | Enter interface mode |
RTR2(config-if)#ip vrf forwarding vrf2 | Associate vrf2 to interface xe3/3 |
RTR2(config-if)#ip address 2.2.2.2/24 | Assign IP address 2.2.2.2 to interface xe3/3 |
RTR2(config-if)#exit | Exit interface mode |
RTR2(config)#router ospf 1 vrf1 | Associate the OSPF process with vrf1 |
RTR2(config-router)#network 1.1.1.0/24 area 0 | Specify the network type and area 0 |
RTR2(config-router)#redistribute bgp | Redistribute BGP routes inside OSPF |
RTR2(config-router)#exit | Exit router mode |
RTR2(config)#router ospf 2 vrf2 | Associate the OSPF process with vrf2 |
RTR2(config-router)#network 2.2.2.0/24 area 0 | Specify the network type and area 0 |
RTR2(config-router)#redistribute bgp | Redistribute BGP routes inside OSPF |
RTR2(config-router)#exit | Exit router mode |
RTR2(config)#router bgp 100 | Enter BGP router mode |
RTR2(config-router)#address-family ipv4 vrf vrf1 | Enter address family mode for vrf1 |
RTR2(config-router-af)#redistribute ospf 1 | Redistribute OSPF routes inside BGP |
RTR2(config-router-af)#exit-address-family | Exit address family mode |
RTR2(config-router)#address-family ipv4 vrf vrf2 | Enter address family mode for vrf2 |
RTR2(config-router-af)#redistribute ospf 2 | Redistribute OSPF routes inside BGP |
RTR2(config-router-af)#exit-address-family | Exit address family mode |
RTR2(config-router)#exit | Exit router mode |
RTR3
RTR3#configure terminal | Enter configure mode. |
RTR3(config)#interface xe1 | Enter interface mode |
RTR3(config-if)#ip address 6.6.6.6/24 | Assign IP address 6.6.6.6 to interface xe1 |
RTR3(config-if)#exit | Exit from config mode |
RTR3(config)#interface xe33 | Enter interface mode |
RTR3(config-if)#ip address 2.2.2.3/24 | Assign IP address 2.2.2.3 to interface xe33 |
RTR3(config-if)#exit | Exit interface mode |
RTR3(config)#router ospf 2 | Enter OSPF router mode |
RTR3(config-router)#network 2.2.2.0/24 area 0 | Specify the network type and area 0 |
RTR3(config-router)#redistribute connected | Redistribute connected route inside ospf |
RTR3(config-router)#exit | Exit OSPF router mode |
Validation
RTR1
RTR1#sh ip ospf neighbor
Total number of full neighbors: 1
OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface
Instance ID
1.1.1.2 1 Full/Backup 00:00:39 1.1.1.2 xe27
RTR1#sh ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 1.1.1.0/24 is directly connected, xe27, 01:51:47
O E2 2.2.2.0/24 [110/1] via 1.1.1.2, xe27, 00:22:51
C 5.5.5.0/24 is directly connected, xe5, 02:16:39
O E2 6.6.6.0/24 [110/1] via 1.1.1.2, xe27, 00:22:51
C 127.0.0.0/8 is directly connected, lo, 02:25:23
RTR2
RTR2#sh ip ospf neighbor
Total number of full neighbors: 1
OSPF process 1 VRF(vrf1):
Neighbor ID Pri State Dead Time Address Interface Instance ID
5.5.5.5 1 Full/DR 00:00:34 1.1.1.1 xe1/2 0
Total number of full neighbors: 1
OSPF process 2 VRF(vrf2):
Neighbor ID Pri State Dead Time Address Interface Instance ID
6.6.6.6 1 Full/DR 00:00:36 2.2.2.3 xe3/3 0
RTR2#sh ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 127.0.0.0/8 is directly connected, lo, 02:06:03
IP Route Table for VRF "management"
Gateway of last resort is 10.12.29.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.12.29.1, eth0, 02:06:03
C 10.12.29.0/24 is directly connected, eth0, 02:06:03
C 127.0.0.0/8 is directly connected, lo.management, 02:06:03
IP Route Table for VRF "vrf1"
C 1.1.1.0/24 is directly connected, xe1/2, 01:31:20
B v2.2.2.0/24 [20/1] is directly connected, xe3/3, 00:02:35
O E2 5.5.5.0/24 [110/20] via 1.1.1.1, xe1/2, 00:07:12
B v6.6.6.0/24 [20/20] via 2.2.2.3, xe3/3, 00:02:35
C 127.0.0.0/8 is directly connected, lo.vrf1, 01:40:49
IP Route Table for VRF "vrf2"
B v1.1.1.0/24 [20/1] is directly connected, xe1/2, 00:03:35
C 2.2.2.0/24 is directly connected, xe3/3, 01:31:02
B v5.5.5.0/24 [20/20] via 1.1.1.1, xe1/2, 00:03:35
O E2 6.6.6.0/24 [110/20] via 2.2.2.3, xe3/3, 00:06:52
C 127.0.0.0/8 is directly connected, lo.vrf2, 01:32:22
RTR2#sh ip route vrf all database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
> - selected route, * - FIB route, p - stale info
IP Route Table for VRF "default"
C *> 127.0.0.0/8 is directly connected, lo, 02:07:34
IP Route Table for VRF "management"
S *> 0.0.0.0/0 [1/0] via 10.12.29.1, eth0, 02:07:34
C *> 10.12.29.0/24 is directly connected, eth0, 02:07:34
C *> 127.0.0.0/8 is directly connected, lo.management, 02:07:34
IP Route Table for VRF "vrf1"
C *> 1.1.1.0/24 is directly connected, xe1/2, 01:32:51
O 1.1.1.0/24 [110/1] is directly connected, xe1/2, 00:09:13
B *> v2.2.2.0/24 [20/1] is directly connected, xe3/3, 00:04:06
O E2 *> 5.5.5.0/24 [110/20] via 1.1.1.1, xe1/2, 00:08:43
B *> v6.6.6.0/24 [20/20] via 2.2.2.3, xe3/3, 00:04:06
C *> 127.0.0.0/8 is directly connected, lo.vrf1, 01:42:20
IP Route Table for VRF "vrf2"
B *> v1.1.1.0/24 [20/1] is directly connected, xe1/2, 00:05:06
C *> 2.2.2.0/24 is directly connected, xe3/3, 01:32:33
O 2.2.2.0/24 [110/1] is directly connected, xe3/3, 00:08:42
B *> v5.5.5.0/24 [20/20] via 1.1.1.1, xe1/2, 00:05:06
O E2 *> 6.6.6.0/24 [110/20] via 2.2.2.3, xe3/3, 00:08:23
C *> 127.0.0.0/8 is directly connected, lo.vrf2, 01:33:53
RTR3
RTR3#sh ip ospf neighbor
Total number of full neighbors: 1
OSPF process 2 VRF(default):
Neighbor ID Pri State Dead Time Address Interface Instance ID
2.2.2.2 1 Full/Backup 00:00:37 2.2.2.2 xe33 0
RTR3#sh ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
O E2 1.1.1.0/24 [110/1] via 2.2.2.2, xe33, 00:20:12
C 2.2.2.0/24 is directly connected, xe33, 01:47:45
O E2 5.5.5.0/24 [110/1] via 2.2.2.2, xe33, 00:20:12
C 6.6.6.0/24 is directly connected, xe1, 02:00:13
C 127.0.0.0/8 is directly connected, lo, 02:21:14