Configuration Guide Vol. 3

30.2.8 Extranet [SL-L3A]

To perform communication from a given VRF to a network in a different VRF, configure a route filter so that a specific route in the remote VRF is imported into the local VRF.

<Structure of this section>

(1) Introduction of a particular VRF path

Configure route filters to allow communication between VRFs.To do this, a VRF 2 route (2001:db8:1:1::/64) is imported into VRF 3, and a VRF 3 route (2001:db8:1:3::/64) is imported to VRF 2.

Points to note

Use ipv6 import inter-vrf to perform inter-VRF route filtering. Use route-map to filter routes by VRF ID. Use prefix-list to supply the destination network conditions for the route-map.

First, set a route-map that is permit only for VRF 2 routes. Let this route-map be referenced from VRF 3's ipv6 import inter-vrf. Next, configure route-map to permit only the VRF 3 route. This route-map is referenced from ipv6 import inter-vrf of VRF 2.

Command examples

  1. (config)# ipv6 prefix-list PERMITVRF2 seq 10 permit 2001:db8:1:1::/64

    (config)# route-map VRF2PERMIT permit 10

    (config-route-map)# match vrf 2

    (config-route-map)# match ipv6 address prefix-list PERMITVRF2

    (config-route-map)# exit

    Sets VRF 2 route to be permit.

  2. (config)# vrf definition 3

    (config-vrf)# ipv6 import inter-vrf VRF2PERMIT

    (config-vrf)# exit

    1. Applies the filtering settings to VRF 3 extranet and configures VRF 2 route to be deployed on VRF 3.

  3. (config)# ipv6 prefix-list PERMITVRF3 seq 10 permit 2001:db8:1:3::/64

    (config)# route-map VRF3PERMIT permit 10

    (config-route-map)# match vrf 3

    (config-route-map)# match ipv6 address prefix-list PERMITVRF3

    (config-route-map)# exit

    Configures route-map to permit the VRF 3 route.

  4. (config)# vrf definition 2

    (config-vrf)# ipv6 import inter-vrf VRF3PERMIT

    (config-vrf)# exit

    Applies the filter settings in step 3 to the VRF 2 extranet so that the VRF 3 route is imported into VRF 2.

Notes

If the route-map referenced by ipv6 import inter-vrf has not been configured, all routes in the other VRF or the global network are imported. To prevent unwanted routes from being imported, always configure route-map first, and then configure ipv6 import inter-vrf.

(2) Protocol-based advertisement of VRF routes

Implement the route (2001:db8:1:3::/64) for VRF3 into the network for VRF2. Use OSPFv3 for VRF2 to advertize the implemented route for VRF3.

Points to note

Use ipv6 import inter-vrf to perform inter-VRF route filtering. Use route-map to filter routes by VRF. Use prefix-list to supply the destination network conditions for the route-map. To advertise a route imported by OSPFv3 from another VRF or the global network, configure redistribute.

Configure route-map to permit only the VRF 3 route. Next, configure ipv6 import inter-vrf to reference the route-map so that the VRF 3 route is imported into VRF 2. Finally, configure redistribute for the OSPFv3 of VRF 2 to advertise the route imported from the other VRF or global network.

Command examples

  1. (config)# ipv6 prefix-list PERMITVRF3 seq 10 permit 2001:db8:1:3::/64

    (config)# route-map VRF3TO2 permit 10

    (config-route-map)# match vrf 3

    (config-route-map)# match ipv6 address prefix-list PERMITVRF3

    (config-route-map)# exit

    Configures route-map to permit the VRF 3 route.

  2. (config)# vrf definition 2

    (config-vrf)# ipv6 import inter-vrf VRF3TO2

    (config-vrf)# exit

    Applies the filter settings in step 1 to the VRF 2 extranet so that the VRF 3 route is imported into VRF 2.

  3. (config)# ipv6 router ospf 1 vrf 2

    (config-rtr)# redistribute extra-vrf

    Advertises the route imported from the other VRF or the global network in VRF 2 OSPFv3 domain 1.

Notes

If the route-map referenced by ipv6 import inter-vrf has not been configured, all routes in the other VRF or the global network are imported. To prevent unwanted routes from being imported, always configure route-map first, and then configure ipv6 import inter-vrf.

(3) Changing the Distance of a Particular VRF

VRF 2 and VRF 3 routes are imported into the global network. For the VRF 2 route only, the distance is set to 150.

Points to note

Use ipv6 import inter-vrf to perform inter-VRF route filtering. Use route-map to filter routes by VRF.

First, configure a route-map to permit the VRF 2 route and changes its distance to 150. Next, in this route-map, specify a setting to permit the VRF 3 route with a different sequence number.

Finally, configure a filter that changes the distance of a specific VRF by ensuring that ipv6 import inter-vrf references the route-map.

Command examples

  1. (config)# route-map VRF2AND3PERMIT permit 10

    (config-route-map)# match vrf 2

    (config-route-map)# set distance 150

    (config-route-map)# exit

    Configures route-map to permit the VRF 2 route and change its distance to 150.

  2. (config)# route-map VRF2AND3PERMIT permit 20

    (config-route-map)# match vrf 3

    (config-route-map)# exit

    Configures route-map to permit the VRF 3 route.

  3. (config)# vrf definition global

    (config-vrf)# ipv6 import inter-vrf VRF2AND3PERMIT

    Applies the filter settings in steps 1 and 2 to the extranet of the global network so that the VRF 2 and VRF 3 routes are imported into the global network, and the distance of the VRF 2 route is changed to 150.

Notes

If the route-map referenced by ipv6 import inter-vrf has not been configured, all routes in the other VRF or the global network are imported. To prevent unwanted routes from being imported, always configure route-map first, and then configure ipv6 import inter-vrf.

[Product name label]

All Rights Reserved, Copyright(C), 2017, 2023, ALAXALA Networks, Corp.