I have three IGP routed IES interfaces (OSPF), and I have a VPRN (100) with various interfaces and static routes to a Firewall.
Is it possible to establish routing between IES interfaces and VPRN 100 ?. I need that the IES interfaces can have connectivity to the Firewall that is in the VPRN 100.
Emilio Palma
Routing between IES and VPRN Interfaces
Re: Routing between IES and VPRN Interfaces
Hi.
This can be done by route-leaking. I dont have a SAR to test this with at the moment, but on SR, its done by the following:
1) Create the routing policy to enable VPRN to GRT leak:
In the VPRN (1234 in my case), enable GRT lookup, create static route for the GRT route(s) and export the VPRN route(s) to GRT:
So, I have a loopback for this test:
Verify that the routes are visible in both GRT and VPRN routing table:
GRT:
VPRN:
Test:
If this is not available on the 7705, I guess you need to loop some ports to create the link between GRT and VPRN.
This can be done by route-leaking. I dont have a SAR to test this with at the moment, but on SR, its done by the following:
1) Create the routing policy to enable VPRN to GRT leak:
Code: Select all
configure
router "Base"
policy-options
-------------------------------------------------------------------------------
*A:R1>config>router>policy-options# info
----------------------------------------------
prefix-list "VPRN2GRT"
prefix 192.168.1.0/24 exact
exit
policy-statement "VRPN2GRT"
entry 10
from
prefix-list "VPRN2GRT"
exit
action accept
exit
exit
exit
Code: Select all
configure
service
vprn "1234"
-------------------------------------------------------------------------------
*A:R1>config>service>vprn# info
----------------------------------------------
route-distinguisher 1234:1234
interface "vprn" create
address 192.168.1.1/24
sap 1/1/c3/1:1111 create
exit
exit
static-route-entry 10.0.0.0/16
grt
no shutdown
exit
exit
grt-lookup
enable-grt
allow-local-management
exit
export-grt "VRPN2GRT"
exit
no shutdown
Code: Select all
*A:R1# show router interface "loop1"
===============================================================================
Interface Table (Router: Base)
===============================================================================
Interface-Name Adm Opr(v4/v6) Mode Port/SapId
IP-Address PfxState
MACSec Admin subport encap ca-name
-------------------------------------------------------------------------------
loop1 Up Up/Down Network loopback
10.0.0.1/32 n/a
- - - -
-------------------------------------------------------------------------------
Verify that the routes are visible in both GRT and VPRN routing table:
GRT:
Code: Select all
*A:R1# show router route-table protocol vpn-leak
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
192.168.1.0/24 Remote VPN Leak 00h04m39s 180
vprn 0
-------------------------------------------------------------------------------
No. of Routes: 1
Code: Select all
*A:R1# show router 1234 route-table
===============================================================================
Route Table (Service: 1234)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.0.0/16 Blackh* Static 00h17m29s 5
Black Hole 1
192.168.1.0/24 Local Local 00h12m20s 0
vprn 0
-------------------------------------------------------------------------------
No. of Routes: 2
Code: Select all
*A:R1# ping router 1234 10.0.0.1
PING 10.0.0.1 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.575ms.
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.177ms.
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.342ms.
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.212ms.
64 bytes from 10.0.0.1: icmp_seq=5 ttl=64 time=0.212ms.
[flash=]
Christoffer
Network System Expert Norway
Nokia SRA #265
Alcatel-Lucent SRC 3RP Certified #552
Alcatel-Lucent SRC NRS-2 Certified #1104
Huawei HCNP Routing & Switching certified
Cisco CCNP Certified
LinkedIN
[/flash]
Christoffer
Network System Expert Norway
Nokia SRA #265
Alcatel-Lucent SRC 3RP Certified #552
Alcatel-Lucent SRC NRS-2 Certified #1104
Huawei HCNP Routing & Switching certified
Cisco CCNP Certified
[/flash]
Re: Routing between IES and VPRN Interfaces
Hello Stoffen,
Thanks you very much, for your help
Thanks you very much, for your help