VRF Selection using Source IP Address

VRF Selection using Source IP Address

    • Traffic from CE1 router should be only forwarded to ISP1. CE1 router interface is associated to VPN1 VRF.
    • Traffic from CE2 router should be only forwarded to ISP2. CE2 router interface is associated to VPN2 VRF.
    • Traffic that does not match any source IP address is forwarded to Null 0 interface; meaning dropped.

CE1 router:

interface serial 0/0

ip address 172.16.1.1 255.255.255.252

!

ip route 0.0.0.0 0.0.0.0 172.16.1.2

!

PE1 router:

mpls label protocol ldp

mpls ldp router-id Loopback 0 force

!

interface Loopback 0

ip address 1.1.1.1 255.255.255.255

ip ospf 1 area 0

!

ip vrf VPN1

rd 1:1

route-target both 1:1

!

ip vrf VPN2

rd 1:2

route-target both 1:2

!

ip vrf VRF_DROP

rd 99:99

route-target both 99:99

!

vrf selection source 172.16.1.0 255.255.255.252 vrf VPN1

!

vrf selection source 172.17.1.0 255.255.255.252

vrf VPN2

!

vrf selection source 0.0.0.0 0.0.0.0 vrf VRF_DROP

!

interface serial 1/0

ip vrf select source

ip vrf receive VPN1

ip vrf receive VPN2

ip vrf receive VRF_DROP

ip address 172.16.1.2 255.255.255.252

!

interface serial 1/1

ip vrf select source

ip vrf receive VPN1

ip vrf receive VPN2

ip vrf receive VRF_DROP

ip address 172.17.1.2 255.255.255.252

!

ip route vrf VRF_DROP 0.0.0.0 0.0.0.0 Null 0

!

interface serial 2/0

ip vrf forwarding VPN1

ip address 172.16.1.5 255.255.255.252

!

interface Fastethernet 0/0

ip address 10.1.1.1 255.255.255.252

ip ospf 1 area 0

mpls ip

!

router bgp 100

neighbor 2.2.2.2 remote-as 100

neighbor 2.2.2.2 update-source Loopback 0

!

address-family vpnv4

neighbor 2.2.2.2 activate

neighbor 2.2.2.2 send-community both

exit-address-family

!

address-family ipv4 vrf VPN1

redistribute connected

exit-address-family

!

address-family ipv4 vrf VPN2

redistribute connected

exit-address-family

!

CE2 router:

interface serial 0/0

ip address 172.17.1.1 255.255.255.252

!

ip route 0.0.0.0 0.0.0.0 172.17.1.2

!

PE2 router:

mpls label protocol ldp

mpls ldp router-id Loopback 0 force

!

interface Loopback 0

ip address 2.2.2.2 255.255.255.255

ip ospf 1 area 0

!

ip vrf VPN2

rd 1:2

route-target both 1:2

!

interface serial 1/0

ip vrf forwarding VPN2

ip address 172.17.1.5 255.255.255.252

!

interface Fastethernet 0/0

ip address 10.1.1.2 255.255.255.252

ip ospf 1 area 0

mpls ip

!

router bgp 100

neighbor 1.1.1.1 remote-as 100

neighbor 1.1.1.1 update-source Loopback 0

!

address-family vpnv4

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 send-community both

exit-address-family

!

address-family ipv4 vrf VPN2

redistribute connected

exit-address-family

!

Few commands to note-

1) ip vrf receive <vrf-name>- to add all the IP addresses that are associated with an interface into a VRF table. These IP addresses will be inserted as “Connected” routes and will appear as “receive” entries in the CEF table.

2) ip vrf select source- to enable the VRF Selection feature on a particular interface or sub-interface.

3) vrf selection source <source-ip-address> <source-ip-mask> vrf <vrf-name>- to populate a single source IP address or a range of source IP addresses to a VRF Selection table.