目的
・iosv-2にてVRF⇔GRT双方でルーティングできるようにルートリークする
先置き結論
◎双方向にStaticを書く時はVRF import/exportやBGPは一切必要ない
コンフィグ
1.GlobalのRIBにVRFの経路を載せる
◎GlobalのStaticルートで、VRF向きのNW(192.168.12.0/24)宛ネクストホップVRF向きインターフェース(gi0/0)にする。
iosv-2(config)# ip route 192.168.12.0 255.255.255.0 gi0/0
RIB
iosv-2#sh ip ro | b Gate
Gateway of last resort is not set
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 100.2.2.0/24 is directly connected, Loopback0
L 100.2.2.2/32 is directly connected, Loopback0
S 192.168.12.0/24 is directly connected, GigabitEthernet0/0
192.168.23.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.23.0/24 is directly connected, GigabitEthernet0/1
L 192.168.23.2/32 is directly connected, GigabitEthernet0/1
2.VRFのRIBにGlobalの経路を載せる
◎Globalとは反対。GlobalNW(192.168.23.0/24)向きネクストホップGlobal向きインターフェース(gi0/1, 192.168.23.2)でStaticを書く
iosv-2(config)# ip route vrf VRF_1 192.168.23.0 255.255.255.0 gi0/1 192.168.23.3
注意
◎Globalのときのように出力インターフェースのみ書くと以下のようなメッセージが出力される
iosv-2(config)#ip route vrf VRF_1 192.168.23.0 255.255.255.0 gi0/1
% For VPN or topology routes, must specify a next hop IP address if not a point-to-point interface
RIB
iosv-2(config-vrf-af)#do sh ip ro vrf VRF_1 | b Gate
Gateway of last resort is not set
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, GigabitEthernet0/0
L 192.168.12.2/32 is directly connected, GigabitEthernet0/0
S 192.168.23.0/24 [1/0] via 192.168.23.2, GigabitEthernet0/1
疎通確認
問題なし。
iosv-1#traceroute 192.168.23.3
Type escape sequence to abort.
Tracing the route to 192.168.23.3
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.12.2 [AS 64702] 17 msec 26 msec 45 msec
2 192.168.23.3 [AS 64702] 12 msec 43 msec *
iosv-3#traceroute 192.168.12.1
Type escape sequence to abort.
Tracing the route to 192.168.12.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.23.2 [AS 64702] 19 msec 16 msec 26 msec
2 192.168.12.1 [AS 64702] 10 msec 13 msec *
参考
Configure Route Leak Between Global and VRF Routing Table without Next-Hop