14.2.8 Extranet [SL-L3A]
To perform communication from a given VRF to a network in a different VRF, configure a route filter so that a specific route in the remote VRF is imported into the local VRF.
- <Structure of this section>
(1) Introduction of a particular VRF path
Configure route filters to allow communication between VRFs.To do this, a VRF 2 route (172.16.1.0/24) is imported into VRF 3, and a VRF 3 route (172.16.3.0/24) is imported to VRF 2.
- Points to note
-
Use import inter-vrf to perform inter-VRF route filtering. Use route-map to filter routes by VRF ID. Use prefix-list to supply the destination network conditions for the route-map.
First, set a route-map that is permit only for VRF 2 routes. Let this route-map be referenced from VRF 3's import inter-vrf. Next, configure route-map to permit only the VRF 3 route. This route-map is referenced from import inter-vrf of VRF 2.
Command examples
-
(config)# route-map VRF2PERMIT permit 10
(config-route-map)# match vrf 2
(config-route-map)# exit
Sets VRF 2 route to be permit.
-
(config)# vrf definition 3
(config-vrf)# import inter-vrf VRF2PERMIT
(config-vrf)# exit
1. Applies the filtering settings to VRF 3 extranet and configures VRF 2 route to be deployed on VRF 3.
-
(config)# route-map VRF3PERMIT permit 10
(config-route-map)# match vrf 3
(config-route-map)# exit
Configures route-map to permit the VRF 3 route.
-
(config)# vrf definition 2
(config-vrf)# import inter-vrf VRF3PERMIT
(config-vrf)# exit
Applies the filter settings in step 3 to the VRF 2 extranet so that the VRF 3 route is imported into VRF 2.
- Notes
-
If route-map referenced by import inter-vrf has not been configured, all routes in the other VRF or the global network are imported. To prevent unwanted routes from being imported, always configure route-map first, and then configure import inter-vrf.
(2) Protocol-based advertisement of VRF routes
Implement the route (172.16.3.0/24) for VRF3 into the network for VRF2. Use OSPF for VRF 2 to advertize the implemented route for VRF 3.
- Points to note
-
Use import inter-vrf to perform inter-VRF route filtering. Use route-map to filter routes by VRF. Use prefix-list to supply the destination network conditions for the route-map. To advertise a route imported by OSPF from another VRF or the global network, configure redistribute.
Configure route-map to permit only the VRF 3 route. Next, configure import inter-vrf to reference route-map so that the VRF 3 route is imported into VRF 2. Finally, configure redistribute for the OSPF of VRF 2 to advertise the route imported from the other VRF or global network.
Command examples
-
(config)# ip prefix-list PERMITVRF3 seq 10 permit 172.16.3.0/24
(config)# route-map VRF3TO2 permit 10
(config-route-map)# match vrf 3
(config-route-map)# match ip address prefix-list PERMITVRF3
(config-route-map)# exit
Configures route-map to permit the VRF 3 route.
-
(config)# vrf definition 2
(config-vrf)# import inter-vrf VRF3TO2
(config-vrf)# exit
Applies the filter settings in step 1 to the VRF 2 extranet so that the VRF 3 route is imported into VRF 2.
-
(config)# router ospf 1 vrf 2
(config-router)# redistribute extra-vrf
Advertises the route imported from the other VRF or the global network in VRF 2 OSPF domain 1.
- Notes
-
If route-map referenced by import inter-vrf has not been configured, all routes in the other VRF or the global network are imported. To prevent unwanted routes from being imported, always configure route-map first, and then configure import inter-vrf.
(3) Changing the Distance of a Particular VRF
VRF 2 and VRF 3 routes are imported into the global network. For the VRF 2 route only, the distance is set to 150.
- Points to note
-
Use import inter-vrf to perform inter-VRF route filtering. Use route-map to filter routes by VRF.
First, configure a route-map to permit the VRF 2 route and changes its distance to 150. Next, in this route-map, specify a setting to permit the VRF 3 route with a different sequence number.
Finally, configure a filter that changes the distance of a specific VRF by ensuring that import inter-vrf references route-map.
Command examples
-
(config)# route-map VRF2AND3PERMIT permit 10
(config-route-map)# match vrf 2
(config-route-map)# set distance 150
(config-route-map)# exit
Configures route-map to permit the VRF 2 route and change its distance to 150.
-
(config)# route-map VRF2AND3PERMIT permit 20
(config-route-map)# match vrf 3
(config-route-map)# exit
Configures route-map to permit the VRF 3 route.
-
(config)# vrf definition global
(config-vrf)# import inter-vrf VRF2AND3PERMIT
Applies the filter settings in steps 1 and 2 to the extranet of the global network so that the VRF 2 and VRF 3 routes are imported into the global network, and the distance of the VRF 2 route is changed to 150.
- Notes
-
If route-map referenced by import inter-vrf has not been configured, all routes in the other VRF or the global network are imported. To prevent unwanted routes from being imported, always configure route-map first, and then configure import inter-vrf.