VRF Lite Route Leaking – Network Professional Member Site

VRF Lite allows us to use multiple routing tables on a router, creating a separation similar to VLANs on switches. Each interface on the router can be assigned to a different VRF. However, what if you have some shared services or routes that should be shared between multiple VRFs?

It is possible to “leak” routes from one VRF into another. There are two options to achieve this:

Static Routes
MP-BGP

In this lesson, I’ll show you how to configure both options.

Configuration

This is the topology I will use:

Vrf Lite Route Leaking Topology Red Blue Isp

We have an ISP router that is connected to two customers. For each customer, we use a different VRF:

VRF “RED” for Red1
VRF “BLUE” for Blue1

Configurations
ISP
Red1
Blue1

Want to take a look for yourself? Here you will find the startup configuration of each device.

With the configuration above, we only have connectivity within a VRF. What if we want connectivity between VRF RED and BLUE?

Static Routes

Let’s start with the static routes option. According to this Cisco document, static routes directly between VRFs are not supported. What does work, is routing traffic from a VRF to the global routing table and then to the destination VRF. One advantage of using static routes is that you can configure exactly which routes should be reachable without the hassle of configuring MP-BGP.

I’ll show you how to get connectivity between 1.1.1.1/32 in VRF RED and 3.3.3.3/32 in VRF BLUE.

Configuration

First, let’s create a default route on the Red1 and Blue1 routers so that they send all unknown traffic towards the ISP router:

Red1(config)#ip route 0.0.0.0 0.0.0.0 192.168.12.2

Blue1(config)#ip route 0.0.0.0 0.0.0.0 192.168.23.2

In each VRF, we add a static route for the destination in the other VRF that we want to reach. This static route is pointed to the global routing table:

ISP(config)#ip route vrf RED 3.3.3.3 255.255.255.255 192.168.23.3 global
ISP(config)#ip route vrf BLUE 1.1.1.1 255.255.255.255 192.168.12.1 global

Let me explain what you see above:

In VRF RED, we have a static route to destination 3.3.3.3/32 that uses next hop IP address 192.168.23.3 in the global routing table.
In VRF BLUE, we have a static route for destination 1.1.1.1/32 that uses next hop IP address 192.168.12.1 in the global routing table.

These two static routes will route traffic from the VRFs to the global routing table. These next hop addresses, however, are not in the global routing table but in the VRFs.

We need to add two static routes in the global routing table of the ISP router so that it knows how to reach the next hop addresses:

ISP(config)#ip route 192.168.12.1 255.255.255.255 GigabitEthernet 0/1
ISP(config)#ip route 192.168.23.3 255.255.255.255 GigabitEthernet 0/2

That completes our configuration.

Verification

Let’s look at the routing tables of our ISP router. Here’s the routing table of VRF RED:

ISP#show ip route vrf RED static 

      3.0.0.0/32 is subnetted, 1 subnets
S        3.3.3.3 [1/0] via 192.168.23.3

Above we see the static route for 3.3.3.3/32 that points to 192.168.23.3. It doesn’t show it, but this static route points to the global routing table. Here is the route for 1.1.1.1/32 in routing table VRF BLUE:

ISP#show ip route vrf BLUE static 

      1.0.0.0/32 is subnetted, 1 subnets
S        1.1.1.1 [1/0] via 192.168.12.1

Here is the global routing table:

ISP#show ip route static 

      192.168.12.0/32 is subnetted, 1 subnets
S        192.168.12.1 is directly connected, GigabitEthernet0/1
      192.168.23.0/32 is subnetted, 1 subnets
S        192.168.23.3 is directly connected, GigabitEthernet0/2

Above, we see the entries for the next hop addresses in the global routing table.

The ISP router is now able to route from one VRF into the global routing table and into another VRF. Let’s try a quick ping:

Red1#ping 3.3.3.3 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/7/10 ms

Mission accomplished.

Configurations
Blue1
ISP
Red1

Want to take a look for yourself? Here you will find the startup configuration of each device.

MP-BGP

Let’s see how we can get connectivity between the VRFs by using MP-BGP. This is pretty much the same as MPLS VPN PE CE but without MPLS. We will use MP-BGP to redistribute routes from one VRF into another.

To demonstrate this, I will redistribute static routes that I create on the ISP router into MP-BGP. Of course, you can also use a routing protocol like OSPF or EIGRP between the ISP and customer routers.

Configuration

Let’s create a default route on the customer routers that point to the ISP:

Unit 1: Introduction
- Introduction to MPLS
- MPLS Labels and Devices
Unit 2: LDP (Label Distribution Protocol)
- MPLS LDP (Label Distribution Protocol)
- MPLS LDP Label Filtering
Unit 3: MPLS VPN
Unit 4: MPLS L2 Encapsulation
- AToM (Any Transport over MPLS)
Unit 5: IPv6 MPLS
- IPv6 over MPLS 6PE/6VPE
Unit 6: MPLS Traffic Engineering (TE)