Leaking specific routes between VRF’s

Hi there,

If you want to run a multi-vrf setup with overlapping address space, you might be wondering how to do the surveilance and management of the CE devices. Obviously, you can’t set up a separate NMS system per VRF, and doing NAT from all CE devices into a non-overlapping address pool is just not an option. Here’s what I came up with – it’s been tested on dynamips and I’ve included the .net file for dynagen also.

My example topology looks like this:

Topology

It works in the following way:

• You define a vrf per customer as usual
• You define a management VRF
• Your customer VRF imports the management MP-BGP extended community
• Your customer VRF exports the management routes using a route-map that sets the extcommunity rd to a new value (a CPE route-target) – see example below
• Your management VRF imports this CPE extcommunity as a route-target

A customer vrf definition would look like this:

!
ip vrf customer1
rd 99:100
export map management
route-target export 99:100
route-target import 99:100
route-target import 99:99
!

The 99:99 MP-BGP extended community is the route-distinguisher of your management vrf.

The export map route-map looks like this:

!
route-map management permit 10
match ip address management
set extcommunity rt  99:98 additive
!

match ip address management is a regular standard ACL that matches 172.16.1.0/24.

Your management VRF looks like this:

ip vrf management
rd 99:99
route-target export 99:99
route-target import 99:99
route-target import 99:98
!

This is actually the basics of it. You can find the full config of one of the PE here.

The dynagen .net file including all configs are here.

I hope you can use it!