Inter-VRF-Lite routing (3/7)


Customer-to-common service ONLY communication

– R1 separates Customers and common site traffic using different routing instances “vhost4”, “vhost5” and “vhost7”.

– Customers communicate ONLY with the common site.

Picture: 1-3


R1 configuration:

ip vrf vhost4

rd 400:400

route-target export 400:400

route-target import 400:400

ip vrf vhost5

rd 500:500

route-target export 500:500

route-target import 500:500

ip vrf vhost7

rd 700:700

route-target export 700:700

route-target import 700:700

Routing between VRFs

Inter-VRF communications depends on static routing from one VRF to other VRF outbound interfaces

R1(config)#ip route vrf vhost4 172.1.1.0 255.255.255.0 fa2/0 172.1.1.7

R1(config)#ip route vrf vhost5 172.1.1.0 255.255.255.0 fa2/0 172.1.1.7

R1(config)#ip route vrf vhost7 50.0.0.0 255.255.255.0 s1/0.105 155.1.0.5

R1(config)#ip route vrf vhost7 40.0.0.0 255.255.255.0 s1/0.104 155.1.0.4

VRF vhost4 RIB

R1(config)#do sh ip route vrf vhost4

Gateway of last resort is not set

155.1.0.0/24 is subnetted, 1 subnets

C 155.1.0.0 is directly connected, Serial1/0.104

172.1.0.0/24 is subnetted, 1 subnets

S 172.1.1.0 [1/0] via 172.1.1.7, FastEthernet2/0

40.0.0.0/24 is subnetted, 1 subnets

S 40.0.0.0 [1/0] via 155.1.0.4

R1(config)#

VRF vhost5 RIB

R1(config)#do sh ip route vrf vhost5

Gateway of last resort is not set

50.0.0.0/24 is subnetted, 1 subnets

S 50.0.0.0 [1/0] via 155.1.0.5

155.1.0.0/24 is subnetted, 1 subnets

C 155.1.0.0 is directly connected, Serial1/0.105

172.1.0.0/24 is subnetted, 1 subnets

S 172.1.1.0 [1/0] via 172.1.1.7, FastEthernet2/0

R1(config)#

VRF vhost7 RIB

R1(config)#do sh ip route vrf vhost7

Gateway of last resort is not set

50.0.0.0/24 is subnetted, 1 subnets

S 50.0.0.0 [1/0] via 155.1.0.5, Serial1/0.105

172.1.0.0/24 is subnetted, 1 subnets

C 172.1.1.0 is directly connected, FastEthernet2/0

40.0.0.0/24 is subnetted, 1 subnets

S 40.0.0.0 [1/0] via 155.1.0.4, Serial1/0.104

R1(config)#

Traceroute testing

As illustrated by picture 1-3a, Customers can communicate ONLY with the common site.

Picture 1-3a: Customer-to-HUB only communication


CustomerB to Common site

vhost#trace vrf vhost4 172.1.1.7

Type escape sequence to abort.

Tracing the route to 172.1.1.7

1 40.0.0.4 52 msec 52 msec 0 msec

2 155.1.0.14 52 msec 40 msec 12 msec

3 172.1.1.7 32 msec * 100 msec

vhost#

CustomerA to Common site

vhost#trace vrf vhost5 172.1.1.7

Type escape sequence to abort.

Tracing the route to 172.1.1.7

1 50.0.0.5 72 msec 48 msec 4 msec

2 155.1.0.15 60 msec 20 msec 16 msec

3 172.1.1.7 32 msec * 116 msec

vhost#

CustomerA to CustomerB

vhost#p vrf vhost5 40.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 40.0.0.1, timeout is 2 seconds:

U.U.U

Success rate is 0 percent (0/5)

vhost#

vhost#trace vrf vhost5 40.0.0.1

Type escape sequence to abort.

Tracing the route to 40.0.0.1

1 50.0.0.5 80 msec 60 msec 4 msec

2 155.1.0.15 44 msec 24 msec 16 msec

3 155.1.0.15 !H * !H

vhost# CustomerB to CustomerA

vhost#p vrf vhost4 50.0.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 50.0.0.1, timeout is 2 seconds:

U.U.U

Success rate is 0 percent (0/5)

vhost#trace vrf vhost4 50.0.0.1

Type escape sequence to abort.

Tracing the route to 50.0.0.1

1 40.0.0.4 76 msec 12 msec 4 msec

2 155.1.0.14 56 msec 48 msec 52 msec

3 155.1.0.14 !H * !H

vhost#

Back to main article

Advertisements

About ajnouri
Se vi deziras sekure komuniki eksterbloge, jen mia publika (GPG) ŝlosilo: My public key for secure communication: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x41CCDE1511DF0EB8

One Response to Inter-VRF-Lite routing (3/7)

  1. Pingback: Inter-VRF-Lite routing « CCIE, the beginning!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: