• August 17, 2018, 01:18:27 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: inter-vrf routing - OSPF  (Read 419 times)

0 Members and 1 Guest are viewing this topic.

Offline adgobs

  • Rookie
  • **
  • Posts: 8
    • adg.dthird@gmail.com
inter-vrf routing - OSPF
« on: April 16, 2018, 03:52:25 AM »
Hello,

Did someone have tried to use intervrf routing using OSPF protocol?
I have two vrf instance and need to route these two vrf running both in OSPF protocol

I can't make it work, please see below config I inputted;

ip vrf blue
ip vrf red
!
interface vlan 103
   vrf red
   ip address 10.1.103.1 255.255.255.0
   ip ospf network broadcast
   ip ospf enable
!
interface vlan 104
   vrf blue
   ip address 10.1.104.1 255.255.255.0
   ip ospf network broadcast
   ip ospf enable
!
router vrf red
   ip ospf
   ip ospf router-id 10.1.103.1
   ip ospf admin-state
   ip ospf redistribute ospf vrf-src blue
   ip ospf redistribute ospf enable vrf-src blue
!
router vrf blue
   ip ospf
   ip ospf router-id 10.1.104.1
   ip ospf admin-state
   ip ospf redistribute ospf vrf-src red
   ip ospf redistribute ospf enable vrf-src red
!
ip ospf apply redistribute ospf vrf red vrf-src blue
ip ospf apply redistribute ospf vrf blue vrf-src red

Thank you.


Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 292
    • matzeks
    • Controlware GmbH - Germany
Re: inter-vrf routing - OSPF
« Reply #1 on: April 17, 2018, 07:50:35 AM »
Hi adgobs,

I got this by adding the lines below these show commands and as well please keep in mind that you need assigned and active ports in both Vlans  (103 + 104)

Good luck


CWLAB-VSP8284XSQ-01:1>sho ip route vrf red
=====================================================================================================
                                         IP Route - VRF red
=====================================================================================================
                                                     NH                      INTER   
DST             MASK            NEXT                 VRF/ISID         COST   FACE     PROT AGE TYPE PRF
-----------------------------------------------------------------------------------------------------
10.1.103.0      255.255.255.0   10.1.103.1           -                1      103      LOC  0   DB   0 
10.1.104.0      255.255.255.0   10.1.104.1           blue             1      104      vOSPF 0   IB   200

2 out of 2 Total Num of Route Entries, 2 Total Num of Dest Networks displayed.
--------------------------------------------------------------------------------------------------
TYPE Legend:
I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Route,
U=Unresolved Route, N=Not in HW, F=Replaced by FTN, V=IPVPN Route, S=SPBM Route
PROTOCOL Legend:
v=Inter-VRF route redistributed


CWLAB-VSP8284XSQ-01:1>sho ip route vrf blue
=====================================================================================================
                                         IP Route - VRF blue
=====================================================================================================
                                                     NH                      INTER   
DST             MASK            NEXT                 VRF/ISID         COST   FACE     PROT AGE TYPE PRF
-----------------------------------------------------------------------------------------------------
10.1.103.0      255.255.255.0   10.1.103.1           red              1      103      vOSPF 0   IB   200
10.1.104.0      255.255.255.0   10.1.104.1           -                1      104      LOC  0   DB   0 

2 out of 2 Total Num of Route Entries, 2 Total Num of Dest Networks displayed.
--------------------------------------------------------------------------------------------------
TYPE Legend:
I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Route,
U=Unresolved Route, N=Not in HW, F=Replaced by FTN, V=IPVPN Route, S=SPBM Route
PROTOCOL Legend:
v=Inter-VRF route redistributed
CWLAB-VSP8284XSQ-01:1>

*****************************************************************************

# optional
router vrf blue
ip ecmp
ip ecmp max-path 4
exit

# optional
router vrf red
ip ecmp
ip ecmp max-path 4
exit


router vrf blue
ip ospf redistribute ospf vrf-src red
ip ospf redistribute ospf enable vrf-src red
ip ospf redistribute direct vrf-src red
ip ospf redistribute direct enable vrf-src red
exit

router vrf red
ip ospf redistribute ospf vrf-src blue
ip ospf redistribute ospf enable vrf-src blue
ip ospf redistribute direct vrf-src blue
ip ospf redistribute direct enable vrf-src blue
exit


ip ospf apply redistribute ospf vrf blue vrf-src red
ip ospf apply redistribute direct vrf blue vrf-src red
ip ospf apply redistribute ospf vrf red vrf-src blue
ip ospf apply redistribute direct vrf red vrf-src blue

------------------------------------------------------
ACE-Fx #00050

Offline adgobs

  • Rookie
  • **
  • Posts: 8
    • adg.dthird@gmail.com
Re: inter-vrf routing - OSPF
« Reply #2 on: April 18, 2018, 02:11:06 AM »
Hi MatzeKS,

It greatly works! Thank you!
I appreciate your effort to simulate this into your lab.


Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 292
    • matzeks
    • Controlware GmbH - Germany
Re: inter-vrf routing - OSPF
« Reply #3 on: April 18, 2018, 02:28:29 AM »
you're welcome  ;)
------------------------------------------------------
ACE-Fx #00050

Offline adgobs

  • Rookie
  • **
  • Posts: 8
    • adg.dthird@gmail.com
Re: inter-vrf routing - OSPF
« Reply #4 on: April 20, 2018, 02:22:49 AM »
Hi MatzeKS,

Have you tried filtering between VRF?
Attached file is my VRF topology. I redistributed intervrf to allow internet access. However VRF TENANTS and VRF APO-AGUA should not have connectivity. Both are reachable via VRF INET. I need to filter the network from VRF TENANTS (10.10.40.0/24) and VRF APO-AGUA (10.10.50.0/24).

I tried using filtering, but is not working  :-[

filter acl 1 type inVlan name TENANTS
filter acl vlan 1 40
filter acl ace 1 1 name DENY-APO-AGUA
filter acl ace ethernet 1 1 ether-type eq ip
filter acl ace ip 1 1 src-ip mask 10.10.40.0 0.0.0.255
filter acl ace ip 1 1 dst-ip mask 10.10.50.0 0.0.0.255
filter acl ace action 1 1 deny
filter acl ace 1 1 enable

filter acl ace 1 2 name PERMIT-ALL
filter acl ace ethernet 1 2 ether-type eq ip
filter acl ace ip 1 2 src-ip mask 10.10.40.0 0.0.0.255
filter acl ace ip 1 2 dst-ip mask 0.0.0.0 0.0.0.0
filter acl ace action 1 2 permit
filter acl ace 1 2 enable
!
!
filter acl 2 type inVlan name APO-AGUA
filter acl vlan 2 50

filter acl ace 2 1 name DENY-TENANTS
filter acl ace ethernet 2 1 ether-type eq ip
filter acl ace ip 2 1 src-ip mask 10.10.50.0 0.0.0.255
filter acl ace ip 2 1 dst-ip mask 10.10.40.0 0.0.0.255
filter acl ace action 2 1 deny
filter acl ace 2 1 enable

filter acl ace 2 2 name PERMIT-ALL
filter acl ace ethernet 2 2 ether-type eq ip
filter acl ace ip 2 2 src-ip mask 10.10.40.0 0.0.0.255
filter acl ace ip 2 2 dst-ip mask 0.0.0.0 0.0.0.0
filter acl ace action 2 2 permit
filter acl ace 2 2 enable

I appreciate the help. Thank you.

Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 292
    • matzeks
    • Controlware GmbH - Germany
Re: inter-vrf routing - OSPF
« Reply #5 on: April 20, 2018, 02:39:43 AM »
Hi adgobs,

I never tried to build this with ACLs - normally a local Firewall should taken care of that.

I'm not sure, if your src-ip/dst-ip mask "0.0.0.255" are used right - did you tried "255.255.255.0" instead?

Good luck
------------------------------------------------------
ACE-Fx #00050

Offline adgobs

  • Rookie
  • **
  • Posts: 8
    • adg.dthird@gmail.com
Re: inter-vrf routing - OSPF
« Reply #6 on: April 20, 2018, 03:13:57 AM »
Hi MatzeKS,

Yes I have tried also using subnet mask instead of wildcard mask. Still not working  :-[

Offline MatzeKS

  • Sr. Member
  • ****
  • Posts: 292
    • matzeks
    • Controlware GmbH - Germany
Re: inter-vrf routing - OSPF
« Reply #7 on: April 20, 2018, 03:44:13 AM »
maybe you can try to build "Route Policy" in each VRF, which suppresses the unwanted subnet(s) from the other VRF? After that you can use this Policy and assign this in Route Redistribution with SrcVRFId.
On EDM you'll find this: VRF Context View => Choose the right VRFID => Launch VRF Conext View

The additional EDM Tab gives you access limited to that VRF, here you can create/assign the Route Policies under IP => Policy => [Prefix List] + [Route Policy] + [Route Redistribution]

Good luck
 
------------------------------------------------------
ACE-Fx #00050