Filter
Top Products
Dynamic inter-VRF communication explained
Page 24 | Configure VRF-lite
How VRF-lite security is maintained
Incidentally, only the original routes can be copied from one VRF to another. Copied routes
cannot be subsequently copied to another VRF, to ensure VRF security domains are
enforced.
For example:
VRFred----VRFshared----VRFgreen
If VRF red routes are copied into the route table of VRF shared, VRF red routes will not be
able to subsequently be copied from VRF shared into the VRF green route table. This
ensures that while VRF green, and VRF red can access VRF shared, there is no inter-VRF
communication between VRF red and VRF green - unless additional route leakage is
configured.
Similarly, routes learnt by the default global VRF domain from a VRF instance via internal BGP
peering cannot be subsequently advertised from the default global VRF domain to another
VRF instance.
VRFred---default_global_VRF---VRFgreen
Viewing source VRF and attribute information for a prefix
The command show ip bgp < prefix> can be used to display source VRF and extended
community attribute information for a route.
For example:
VRF_device#show ip bgp 192.168.120.0
[VRF: green]
BGP routing table entry for 192.168.120.0/24
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
192.168.20.1 from 192.168.20.10 (192.168.20.10)
Origin IGP metric 0, localpref 100, valid, external, best
Extended Community: RT:500:2
Last update: Thu Nov 18 03:51:06 2010
[VRF: common]
BGP routing table entry for 192.168.120.0/24
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
192.168.20.1 from 192.168.20.10 (192.168.20.10)
Origin IGP metric 0, localpref 100, valid, external, best
Extended Community: RT:500:2
Copied from VRF: green
Last update: Thu Nov 18 03:51:06 2010