Download PNETLab Platform

PNETLAB Store
PNETLab.com

VRF Leak Route Between Global and VRF Routing Table

Lab Topology:
The lab network topology is illustrated below:

Lab Objective:

The objective of this lab exercise is for you to learn and understand how to configure VRF Leak
Route between Global and VRF Routing Table.

Task:

R1 and interface e0/0 of R2 belong to GLOBAL Table. R3 and interface e0/1 of R2 belong to VRF
YELLOW. We need Loopback 0 of R1 reach to Loopback 0 of R3.

Solution

Task 1: Basic Configuration.

Configure hostnames and IP addresses on all routers as illustrated in the network topology.

Router R1 R2 R3

1
Download PNETLab Platform
PNETLAB Store
PNETLab.com

Interface interface Loopback0 ip vrf YELLOW interface Loopback0

configuration no shutdown ! no shutdown
ip address 1.1.1.1 interface Ethernet0/0 ip address 3.3.3.3
255.255.255.255 description GLOBAL 255.255.255.255
! no shutdown !
interface Ethernet0/0 ip address 10.1.2.2 interface Ethernet0/0
no shutdown 255.255.255.0 no shutdown
ip address 10.1.2.1 ! ip address 10.2.3.3
255.255.255.0 interface Ethernet0/1 255.255.255.0
! description VRF_YELLOW !
ip vrf forwarding YELLOW
ip address 10.2.3.2
255.255.255.0
Routing ip route 0.0.0.0 0.0.0.0 ip route 0.0.0.0 0.0.0.0
Configuration 10.1.2.2 10.2.3.2

On R2, we can create two static route to reach Loopback 0 of R1 and R3

R2(config)# ip route 1.1.1.1 255.255.255.255 10.1.2.1
R2(config)# ip route vrf YELLOW 3.3.3.3 255.255.255.255 10.2.3.3

Task 2: Create Policy Base Routing on R2 and apply them in interface e0/1 of R2
R2:
!
route-map VRF_TO_GLOBAL permit 10
match ip address 100
set global
!
!
access-list 100 permit ip host 3.3.3.3 host 1.1.1.1
!
interface Ethernet0/1
description VRF_YELLOW
ip vrf forwarding YELLOW
ip address 10.2.3.2 255.255.255.0
ip policy route-map VRF_TO_GLOBAL
!

Let’s check routing table on VRF YELLOW of R2

R2#show ip route vrf YELLOW

Gateway of last resort is not set

3.0.0.0/32 is subnetted, 1 subnets

S 3.3.3.3 [1/0] via 10.2.3.3
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
2
Download PNETLab Platform
PNETLAB Store
PNETLab.com

C 10.2.3.0/24 is directly connected, Ethernet0/1

L 10.2.3.2/32 is directly connected, Ethernet0/1
R2#

Let’s check routing table on GLOBAL Table of R2

R2#show ip route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

S 1.1.1.1 [1/0] via 10.1.2.1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.2.0/24 is directly connected, Ethernet0/0
L 10.1.2.2/32 is directly connected, Ethernet0/0
R2#

Now, try to ping Loopback 0 of R1 from R3

R3# ping 1.1.1.1 source 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
.....
Success rate is 0 percent (0/5)
R3#

Let’s me explain:
- In spite of the ip access-list 100 and route-map VRF_TO_GLOBAL of R2 are matched
packet from R3’s Loopback 0 to R1’s Loopback 0 as below:
R2#show ip access-lists
Extended IP access list 100
10 permit ip host 3.3.3.3 host 1.1.1.1 (10 matches)
R2#
R2#show route-map all
STATIC routemaps
route-map VRF_TO_GLOBAL, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
global
Policy routing matches: 10 packets, 1140 bytes
DYNAMIC routemaps
Current active dynamic routemaps = 0

But, on GLOBAL Table of R2 don’t have route to reach R3’s Loopback 0. We can verify again:
3
Download PNETLab Platform
PNETLAB Store
PNETLab.com

R2#show ip route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

S 1.1.1.1 [1/0] via 10.1.2.1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.2.0/24 is directly connected, Ethernet0/0
L 10.1.2.2/32 is directly connected, Ethernet0/0
R2#

Task 3: Create a Static Route for Loopback 0 of R3 on GLOBAL TABLE of R2

So, we need to create a static route for Loopback 0 of R3 on GLOBAL Table of R2. This can instruct
traffic to R3’s Loopback 0 must via which interface?
R2(config)#ip route 3.3.3.3 255.255.255.255 Ethernet0/1
R2(config)#end
R2#
R2#show ip route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

S 1.1.1.1 [1/0] via 10.1.2.1
3.0.0.0/32 is subnetted, 1 subnets
S 3.3.3.3 is directly connected, Ethernet0/1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.2.0/24 is directly connected, Ethernet0/0
L 10.1.2.2/32 is directly connected, Ethernet0/0
R2#
Now, Try to check and verify again:
R3# ping 1.1.1.1 source 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R3#
R3#traceroute 1.1.1.1 source 3.3.3.3
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.2.2 0 msec 1 msec 0 msec
2 10.1.2.1 1 msec * 1 msec
R3#

Finish this LAB!