This document describes an alternative and simple approach in order to accomplish route leaking without the use of Next-hop.
Route leaking between Global Routing Table (GRT) and Virtual Routing and Forwarding (VRF) table is quiet easy with the use of static routes. You either provide the next-hop IP address (for multi-access segment) or point the route out of an interface (point-to-point interface). However, in the absence of a next-hop IP address on a multi-access segment, route leaking becomes tricky as you cannot use static route.
Cisco recommends that you have knowledge of these topics:
Basic IP routing
Open Shortest Path First (OSPF) routing protocol concepts and terms
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
This image is used as a sample topology for rest of the document.
BGP Support for IP Prefix Import
Global IPv4 unicast or multicast prefixes are defined as match criteria for the import route map with the standard Cisco filtering mechanisms like an IP access-list or an IP prefix-list.
access-list 50 permit 10.10.1.0 0.0.0.255 or ip prefix-list GLOBAL permit 10.10.1.0/24
The IP prefixes that are defined for import are then processed through a match clause in a route map. IP prefixes that pass through the route map are imported into the VRF.
route-mapGLOBAL_TO_VRFpermit 10 matchipaddress50 or match ip address prefix-list GLOBAL ! ip vrf RED rd 1:1 importipv4unicast mapGLOBAL_TO_VRF ! ip route 10.10.3.0 255.255.255.0 Vlan900
This method requires to use Border Gateway Protocol (BGP) with VRF lite, which might not be feasible in all scenarios.
Policy Based Routing (PBR)
PBR can be used to leak routes between GRT and VRF. This is a sample configuration where a route leaking from global routing table to VRF is shown:
ip vrf RED rd 1:1 ! interface Vlan100 description GLOBAL_INTERFACE ip address 10.10.1.254 255.255.255.0 ! access-list 101 permit ip 10.10.3.0 0.0.0.255 10.10.1.0 0.0.0.255 ! route-map VRF_TO_GLOBAL permit 10 match ip address 101 set global ! interface Vlan900 description VRF_RED ip vrf forwarding RED ip address 10.10.3.254 255.255.255.0 ip policy route-map VRF_TO_GLOBAL
This works well for high end devices like 6500 switch but for devices like 3750, it is not supported. It is a platform limitation as you can see an the error message like :
3750X(config)#int vlan 900 3750X(config-if)#ip policy route-map VRF_TO_GLOBAL 3750X(config-if)# Mar 30 02:02:48.758: %PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map VRF_TO_GLOBAL not supported for Policy-Based Routing
VRF Receive feature can be used to insert the connected GRT subnet as a connected route entry in the VRF routing table.
ip vrf RED rd 1:1 ! interface Vlan100 description GLOBAL_INTERFACE ip vrf select source ip vrf receive RED ip address 10.10.1.254 255.255.255.0 end ! interface Vlan900 description VRF_RED ip vrf forwarding RED ip address 10.10.3.254 255.255.255.0 end ! ip route 10.10.3.0 255.255.255.0 Vlan900
3750X#show ip route vrf RED
Routing Table: RED
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C 10.10.3.0/24 is directly connected, Vlan900 L 10.10.3.254/32 is directly connected, Vlan900 C 10.10.1.0/24 is directly connected, Vlan100 L 10.10.1.254/32 is directly connected, Vlan100
3750X#ping 10.10.3.1 source vlan 100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.3.1, timeout is 2 seconds: Packet sent with a source address of 10.10.1.254 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
3750X#show ip arp vrf RED vlan 900 Protocol Address Age (min) Hardware Addr Type Interface Internet 10.10.3.254 - d072.dc36.7fc2 ARPA Vlan900 Internet 10.10.3.1 0 c84c.751f.26f0 ARPA Vlan900
There is currently no verification procedure available for this configuration.
There is currently no specific troubleshooting information available for this configuration.