OcNOS-RON : Layer 3 Guide : VRF Lite Configuration Guide : Inter-VRF Route Leaking Configuration
Inter-VRF Route Leaking Configuration
This chapter shows how to configure inter-VRF route leaking.
Overview
Virtual Routing and Forwarding (VRF) provides the ability to have multiple virtual routers on a single physical device. VRFs operate without knowledge of one another unless they are imported or exported into one another using inter-VRF route leaking. Inter-VRF route leaking allows leaking of route prefixes from one VRF instance to another VRF instance on the same physical router which eliminates the need for external routing.This is useful in cases where multiple VRFs share the same path to reach an external domain, while maintaining their internal routing information limited to their own VRF. This feature enables a data center to consolidate multiple VRF services onto a single server.
There are two types of inter-VRF route leaking:
Static leaking: leaking manually configured static route entries from a source VRF to a global default VRF table.
Dynamic leaking: leaking connected routes and dynamically learned routes from protocols such as ISIS, OSPF, and BGP from a source VRF to a destination VRF.
Static Leaking
Static route leaking directly between VRFs is not supported. What does work is routing traffic from a VRF to the global default VRF routing table. One advantage of using static route leaking is that you can configure exactly which routes are reachable without configuring BGP.
Topology
Static leaking
Configuration
The following steps describe how to configure static leaking.
RTR1
 
RTR1#configure terminal
Enter configure mode.
RTR1(config)#interface xe5
Enter interface mode
RTR1(config-if)#ip address 5.5.5.5/24
Assign IP address 5.5.5.5 to interface xe5
RTR1(config-if)#exit
Exit interface mode
RTR1(config)#interface xe27
Enter interface mode
RTR1(config-if)#ip address 1.1.1.1/24
Assign IP address 1.1.1.1 to interface xe27
RTR1(config-if)#exit
Exit interface mode
RTR2
 
RTR2#configure terminal
Enter configure mode.
RTR2(config)#interface xe1/2
Enter interface mode
RTR2(config-if)#ip address 1.1.1.2/24
Assign IP address 1.1.1.2 to interface xe1/2
RTR2(config-if)#exit
Exit interface mode
RTR2(config)#ip vrf vrf1
Create VRF vrf1
RTR2(config-vrf)#exit
Exit VRF mode
RTR2(config)#interface xe3/1
Enter interface mode
RTR2(config-if)#ip vrf forwarding vrf1
Associate xe3/1 to vrf1
RTR2(config-if)#ip address 6.6.6.6/24
Assign IP address 6.6.6.6 to interface xe3/1
RTR2(config-if)#exit
Exit interface mode
RTR2(config)#ip route vrf vrf1 5.5.5.0/24 1.1.1.1 xe1/2 global
Add static route to reach global default VRF table
RTR2(config)#exit
Exit configure mode
Validation
RTR2#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
* - candidate default
 
IP Route Table for VRF "default"
C 1.1.1.0/24 is directly connected, xe1/2, 00:00:05
C 127.0.0.0/8 is directly connected, lo, 00:20:38
IP Route Table for VRF "management"
Gateway of last resort is 10.12.29.1 to network 0.0.0.0
 
S* 0.0.0.0/0 [1/0] via 10.12.29.1, eth0, 00:20:38
C 10.12.29.0/24 is directly connected, eth0, 00:20:38
C 127.0.0.0/8 is directly connected, lo.management, 00:20:38
IP Route Table for VRF "vrf1"
S v5.5.5.0/24 [1/0] via 1.1.1.1, xe1/2, 00:05:20
C 6.6.6.0/24 is directly connected, xe3/1, 00:07:06
C 127.0.0.0/8 is directly connected, lo.vrf1, 00:12:25
 
RTR2#show ip route vrf all database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
> - selected route, * - FIB route, p - stale info
 
IP Route Table for VRF "default"
C *> 1.1.1.0/24 is directly connected, xe1/2, 00:00:51
C *> 127.0.0.0/8 is directly connected, lo, 00:21:24
IP Route Table for VRF "management"
S *> 0.0.0.0/0 [1/0] via 10.12.29.1, eth0, 00:21:24
C *> 10.12.29.0/24 is directly connected, eth0, 00:21:24
C *> 127.0.0.0/8 is directly connected, lo.management, 00:21:24
IP Route Table for VRF "vrf1"
S *> v5.5.5.0/24 [1/0] via 1.1.1.1, xe1/2, 00:06:06
C *> 6.6.6.0/24 is directly connected, xe3/1, 00:07:52
C *> 127.0.0.0/8 is directly connected, lo.vrf1, 00:13:11
Dynamic Leaking
Route Leaking enables communication between isolated (virtual) routing domains by segregating and sharing a set of services that are available on one routing domain with other virtual domains. Inter-VRF route leaking enables a VRF to leak or export routes in its router to one or more VRFs. Dynamic route leaking enables a source VRF to share both its connected routes as well as dynamically learned routes from protocols such as ISIS, OSPF, and BGP to destination VRFs.
Topology
Dynamic leaking
Configuration
The following steps describe how to configure dynamic leaking.
RTR1
 
RTR1#configure terminal
Enter configure mode.
RTR1(config)#interface xe5
Enter interface mode
RTR1(config-if)#ip address 5.5.5.5/24
Assign IP address 5.5.5.5 to interface xe5
RTR1(config-if)#exit
Exit interface mode
RTR1(config)#interface xe27
Enter interface mode
RTR1(config-if)#ip address 1.1.1.1/24
Assign IP address 1.1.1.1 to interface xe27
RTR1(config-if)#exit
Exit interface mode
RTR1(config)#router ospf 1
Enter OSPF router mode
RTR1(config-router)#network 1.1.1.0/24 area 0
Specify the network type and area 0
RTR1(config-router)#redistribute connected
Redistribute connected route inside ospf
RTR1(config-router)#exit
Exit OSPF router mode
RTR2
 
RTR2#configure terminal
Enter configure mode.
RTR2(config)#ip vrf vrf1
Create VRF vrf1
RTR2(config-vrf)#rd 100:1
Configure route distinguisher in the VRF
RTR2(config-vrf)#route-target export 100:1
Configure export route target
RTR2(config-vrf)#route-target import 200:1
Configure import route target
RTR2(config-vrf)#exit
Exit VRF mode
RTR2(config)#ip vrf vrf2
Create VRF vrf2
RTR2(config-vrf)#rd 200:1
Configure route distinguisher in the VRF
RTR2(config-vrf)#route-target export 200:1
Configure export route target
RTR2(config-vrf)#route-target import 100:1
Configure import route target
RTR2(config-vrf)#exit
Exit VRF mode
RTR2(config)#interface xe1/2
Enter interface mode
RTR2(config-if)#ip vrf forwarding vrf1
Associate vrf1 to interface xe1/2
RTR2(config-if)#ip address 1.1.1.2/24
Assign IP address 1.1.1.2 to interface xe1/2
RTR2(config-if)#exit
Exit interface mode
RTR2(config)#interface xe3/3
Enter interface mode
RTR2(config-if)#ip vrf forwarding vrf2
Associate vrf2 to interface xe3/3
RTR2(config-if)#ip address 2.2.2.2/24
Assign IP address 2.2.2.2 to interface xe3/3
RTR2(config-if)#exit
Exit interface mode
RTR2(config)#router ospf 1 vrf1
Associate the OSPF process with vrf1
RTR2(config-router)#network 1.1.1.0/24 area 0
Specify the network type and area 0
RTR2(config-router)#redistribute bgp
Redistribute BGP routes inside OSPF
RTR2(config-router)#exit
Exit router mode
RTR2(config)#router ospf 2 vrf2
Associate the OSPF process with vrf2
RTR2(config-router)#network 2.2.2.0/24 area 0
Specify the network type and area 0
RTR2(config-router)#redistribute bgp
Redistribute BGP routes inside OSPF
RTR2(config-router)#exit
Exit router mode
RTR2(config)#router bgp 100
Enter BGP router mode
RTR2(config-router)#address-family ipv4 vrf vrf1
Enter address family mode for vrf1
RTR2(config-router-af)#redistribute ospf 1
Redistribute OSPF routes inside BGP
RTR2(config-router-af)#exit-address-family
Exit address family mode
RTR2(config-router)#address-family ipv4 vrf vrf2
Enter address family mode for vrf2
RTR2(config-router-af)#redistribute ospf 2
Redistribute OSPF routes inside BGP
RTR2(config-router-af)#exit-address-family
Exit address family mode
RTR2(config-router)#exit
Exit router mode
RTR3
 
RTR3#configure terminal
Enter configure mode.
RTR3(config)#interface xe1
Enter interface mode
RTR3(config-if)#ip address 6.6.6.6/24
Assign IP address 6.6.6.6 to interface xe1
RTR3(config-if)#exit
Exit from config mode
RTR3(config)#interface xe33
Enter interface mode
RTR3(config-if)#ip address 2.2.2.3/24
Assign IP address 2.2.2.3 to interface xe33
RTR3(config-if)#exit
Exit interface mode
RTR3(config)#router ospf 2
Enter OSPF router mode
RTR3(config-router)#network 2.2.2.0/24 area 0
Specify the network type and area 0
RTR3(config-router)#redistribute connected
Redistribute connected route inside ospf
RTR3(config-router)#exit
Exit OSPF router mode
Validation
RTR1
RTR1#sh ip ospf neighbor
 
Total number of full neighbors: 1
OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface
Instance ID
1.1.1.2 1 Full/Backup 00:00:39 1.1.1.2 xe27
 
RTR1#sh ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
* - candidate default
 
IP Route Table for VRF "default"
C 1.1.1.0/24 is directly connected, xe27, 01:51:47
O E2 2.2.2.0/24 [110/1] via 1.1.1.2, xe27, 00:22:51
C 5.5.5.0/24 is directly connected, xe5, 02:16:39
O E2 6.6.6.0/24 [110/1] via 1.1.1.2, xe27, 00:22:51
C 127.0.0.0/8 is directly connected, lo, 02:25:23
RTR2
RTR2#sh ip ospf neighbor
 
Total number of full neighbors: 1
OSPF process 1 VRF(vrf1):
Neighbor ID Pri State Dead Time Address Interface Instance ID
5.5.5.5 1 Full/DR 00:00:34 1.1.1.1 xe1/2 0
 
Total number of full neighbors: 1
OSPF process 2 VRF(vrf2):
Neighbor ID Pri State Dead Time Address Interface Instance ID
6.6.6.6 1 Full/DR 00:00:36 2.2.2.3 xe3/3 0
RTR2#sh ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
* - candidate default
 
IP Route Table for VRF "default"
C 127.0.0.0/8 is directly connected, lo, 02:06:03
IP Route Table for VRF "management"
Gateway of last resort is 10.12.29.1 to network 0.0.0.0
 
S* 0.0.0.0/0 [1/0] via 10.12.29.1, eth0, 02:06:03
C 10.12.29.0/24 is directly connected, eth0, 02:06:03
C 127.0.0.0/8 is directly connected, lo.management, 02:06:03
IP Route Table for VRF "vrf1"
C 1.1.1.0/24 is directly connected, xe1/2, 01:31:20
B v2.2.2.0/24 [20/1] is directly connected, xe3/3, 00:02:35
O E2 5.5.5.0/24 [110/20] via 1.1.1.1, xe1/2, 00:07:12
B v6.6.6.0/24 [20/20] via 2.2.2.3, xe3/3, 00:02:35
C 127.0.0.0/8 is directly connected, lo.vrf1, 01:40:49
IP Route Table for VRF "vrf2"
B v1.1.1.0/24 [20/1] is directly connected, xe1/2, 00:03:35
C 2.2.2.0/24 is directly connected, xe3/3, 01:31:02
B v5.5.5.0/24 [20/20] via 1.1.1.1, xe1/2, 00:03:35
O E2 6.6.6.0/24 [110/20] via 2.2.2.3, xe3/3, 00:06:52
C 127.0.0.0/8 is directly connected, lo.vrf2, 01:32:22
 
RTR2#sh ip route vrf all database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
> - selected route, * - FIB route, p - stale info
 
IP Route Table for VRF "default"
C *> 127.0.0.0/8 is directly connected, lo, 02:07:34
IP Route Table for VRF "management"
S *> 0.0.0.0/0 [1/0] via 10.12.29.1, eth0, 02:07:34
C *> 10.12.29.0/24 is directly connected, eth0, 02:07:34
C *> 127.0.0.0/8 is directly connected, lo.management, 02:07:34
IP Route Table for VRF "vrf1"
C *> 1.1.1.0/24 is directly connected, xe1/2, 01:32:51
O 1.1.1.0/24 [110/1] is directly connected, xe1/2, 00:09:13
B *> v2.2.2.0/24 [20/1] is directly connected, xe3/3, 00:04:06
O E2 *> 5.5.5.0/24 [110/20] via 1.1.1.1, xe1/2, 00:08:43
B *> v6.6.6.0/24 [20/20] via 2.2.2.3, xe3/3, 00:04:06
C *> 127.0.0.0/8 is directly connected, lo.vrf1, 01:42:20
IP Route Table for VRF "vrf2"
B *> v1.1.1.0/24 [20/1] is directly connected, xe1/2, 00:05:06
C *> 2.2.2.0/24 is directly connected, xe3/3, 01:32:33
O 2.2.2.0/24 [110/1] is directly connected, xe3/3, 00:08:42
B *> v5.5.5.0/24 [20/20] via 1.1.1.1, xe1/2, 00:05:06
O E2 *> 6.6.6.0/24 [110/20] via 2.2.2.3, xe3/3, 00:08:23
C *> 127.0.0.0/8 is directly connected, lo.vrf2, 01:33:53
RTR3
RTR3#sh ip ospf neighbor
 
Total number of full neighbors: 1
OSPF process 2 VRF(default):
Neighbor ID Pri State Dead Time Address Interface Instance ID
2.2.2.2 1 Full/Backup 00:00:37 2.2.2.2 xe33 0
 
RTR3#sh ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area,
v - vrf leaked
* - candidate default
 
IP Route Table for VRF "default"
O E2 1.1.1.0/24 [110/1] via 2.2.2.2, xe33, 00:20:12
C 2.2.2.0/24 is directly connected, xe33, 01:47:45
O E2 5.5.5.0/24 [110/1] via 2.2.2.2, xe33, 00:20:12
C 6.6.6.0/24 is directly connected, xe1, 02:00:13
C 127.0.0.0/8 is directly connected, lo, 02:21:14