Hi there,
If you want to run a multi-vrf setup with overlapping address space, you might be wondering how to do the surveilance and management of the CE devices. Obviously, you can’t set up a separate NMS system per VRF, and doing NAT from all CE devices into a non-overlapping address pool is just not an option. Here’s what I came up with – it’s been tested on dynamips and I’ve included the .net file for dynagen also.
My example topology looks like this:
It works in the following way:
- You define a vrf per customer as usual
- You define a management VRF
- Your customer VRF imports the management MP-BGP extended community
- Your customer VRF exports the management routes using a route-map that sets the extcommunity rd to a new value (a CPE route-target) – see example below
- Your management VRF imports this CPE extcommunity as a route-target
A customer vrf definition would look like this:
!
ip vrf customer1
rd 99:100
export map management
route-target export 99:100
route-target import 99:100
route-target import 99:99
!
The 99:99 MP-BGP extended community is the route-distinguisher of your management vrf.
The export map route-map looks like this:
!
route-map management permit 10
match ip address management
set extcommunity rt 99:98 additive
!
match ip address management is a regular standard ACL that matches 172.16.1.0/24.
Your management VRF looks like this:
ip vrf management
rd 99:99
route-target export 99:99
route-target import 99:99
route-target import 99:98
!
This is actually the basics of it. You can find the full config of one of the PE here.
The dynagen .net file including all configs are here.
I hope you can use it!
Discussion
Trackbacks/Pingbacks
Pingback: Leaking specific routes between VRF’s part II « Blog noir - June 25, 2009