Embedded Files
VRF Selection using Source IP Address
- Traffic from CE1 router should be only forwarded to ISP1. CE1 router interface is associated to VPN1 VRF.
- Traffic from CE2 router should be only forwarded to ISP2. CE2 router interface is associated to VPN2 VRF.
- Traffic that does not match any source IP address is forwarded to Null 0 interface; meaning dropped.
CE1 router:
interface serial 0/0
ip address 172.16.1.1 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 172.16.1.2
!
PE1 router:
mpls label protocol ldp
mpls ldp router-id Loopback 0 force
!
interface Loopback 0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 0
!
ip vrf VPN1
rd 1:1
route-target both 1:1
!
ip vrf VPN2
rd 1:2
route-target both 1:2
!
ip vrf VRF_DROP
rd 99:99
route-target both 99:99
!
vrf selection source 172.16.1.0 255.255.255.252 vrf VPN1
!
vrf selection source 172.17.1.0 255.255.255.252
vrf VPN2
!
vrf selection source 0.0.0.0 0.0.0.0 vrf VRF_DROP
!
interface serial 1/0
ip vrf select source
ip vrf receive VPN1
ip vrf receive VPN2
ip vrf receive VRF_DROP
ip address 172.16.1.2 255.255.255.252
!
interface serial 1/1
ip vrf select source
ip vrf receive VPN1
ip vrf receive VPN2
ip vrf receive VRF_DROP
ip address 172.17.1.2 255.255.255.252
!
ip route vrf VRF_DROP 0.0.0.0 0.0.0.0 Null 0
!
interface serial 2/0
ip vrf forwarding VPN1
ip address 172.16.1.5 255.255.255.252
!
interface Fastethernet 0/0
ip address 10.1.1.1 255.255.255.252
ip ospf 1 area 0
mpls ip
!
router bgp 100
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback 0
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community both
exit-address-family
!
address-family ipv4 vrf VPN1
redistribute connected
exit-address-family
!
address-family ipv4 vrf VPN2
redistribute connected
exit-address-family
!
CE2 router:
interface serial 0/0
ip address 172.17.1.1 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 172.17.1.2
!
PE2 router:
mpls label protocol ldp
mpls ldp router-id Loopback 0 force
!
interface Loopback 0
ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0
!
ip vrf VPN2
rd 1:2
route-target both 1:2
!
interface serial 1/0
ip vrf forwarding VPN2
ip address 172.17.1.5 255.255.255.252
!
interface Fastethernet 0/0
ip address 10.1.1.2 255.255.255.252
ip ospf 1 area 0
mpls ip
!
router bgp 100
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback 0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
exit-address-family
!
address-family ipv4 vrf VPN2
redistribute connected
exit-address-family
!
Few commands to note-
1) ip vrf receive <vrf-name>- to add all the IP addresses that are associated with an interface into a VRF table. These IP addresses will be inserted as “Connected” routes and will appear as “receive” entries in the CEF table.
2) ip vrf select source- to enable the VRF Selection feature on a particular interface or sub-interface.
3) vrf selection source <source-ip-address> <source-ip-mask> vrf <vrf-name>- to populate a single source IP address or a range of source IP addresses to a VRF Selection table.
Page updated
Google Sites
Report abuse