配置全局路由表和VRF路由表之间的路由泄漏
1、拓扑图
2、R1配置
R1#sho run Building configuration... Current configuration : 1360 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ip vrf R1 rd 1:1 ! no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! memory-size iomem 0 archive log config hidekeys ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 ip vrf forwarding R1 ip address 1.1.12.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip vrf forwarding R1 ip address 10.1.1.1 255.255.255.0 duplex auto speed auto ! router bgp 10 no synchronization bgp router-id 1.1.1.1 bgp log-neighbor-changes no auto-summary ! address-family ipv4 vrf R1 neighbor 1.1.12.2 remote-as 20 neighbor 1.1.12.2 activate no synchronization network 10.1.1.0 mask 255.255.255.0 exit-address-family ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! ! ! ! ! ! ! control-plane ! ! ! mgcp fax t38 ecm ! ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! end
3、R2配置
R2#sho run Building configuration... Current configuration : 1780 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ip vrf R2 rd 2:2 import ipv4 unicast map R3 ! no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! memory-size iomem 0 archive log config hidekeys ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 ip vrf forwarding R2 ip address 1.1.12.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 1.1.23.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/0 ip address 10.1.2.1 255.255.255.0 duplex half ! router bgp 20 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 1.1.23.3 remote-as 30 ! address-family ipv4 neighbor 1.1.23.3 activate no auto-summary no synchronization network 10.1.1.0 mask 255.255.255.0 network 10.1.2.0 mask 255.255.255.0 exit-address-family ! address-family ipv4 vrf R2 neighbor 1.1.12.1 remote-as 10 neighbor 1.1.12.1 activate no synchronization exit-address-family ! ip forward-protocol nd ip route 10.1.1.0 255.255.255.0 FastEthernet0/0 no ip http server no ip http secure-server ! ! ! ! ip prefix-list 1 seq 5 permit 10.1.3.0/24 ip prefix-list 1 seq 10 permit 10.1.2.0/24 ! ! ! ! route-map R3 permit 10 match ip address prefix-list 1 ! ! ! control-plane ! ! ! mgcp fax t38 ecm ! ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! end
4、R3配置
R3#sho run Building configuration... Current configuration : 1269 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! memory-size iomem 0 archive log config hidekeys ! ! ! ! ! ip tcp synwait-time 5 ! ! ! ! interface FastEthernet0/0 ip address 10.1.3.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 1.1.23.3 255.255.255.0 duplex auto speed auto ! router bgp 30 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 1.1.23.2 remote-as 20 ! address-family ipv4 neighbor 1.1.23.2 activate no auto-summary no synchronization network 10.1.3.0 mask 255.255.255.0 exit-address-family ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! ! ! ! ! ! ! control-plane ! ! ! mgcp fax t38 ecm ! ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous stopbits 1 line vty 0 4 login ! end
5、华三全局路由表和VRF之间路由泄漏配置(写静态路由然后分别重分布到全局路由和VRF路由)
[H3C]dis current-configuration # version 7.1.064, Release 0427P22 # sysname H3C # ip vpn-instance R2 route-distinguisher 2:2 # system-working-mode standard xbar load-single password-recovery enable lpu-type f-series # vlan 1 # interface NULL0 # interface GigabitEthernet0/0 port link-mode route combo enable copper ip binding vpn-instance R2 ip address 1.1.12.2 255.255.255.0 # interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 1.1.23.2 255.255.255.0 # bgp 20 router-id 2.2.2.2 peer 1.1.23.3 as-number 30 # address-family ipv4 unicast import-route static peer 1.1.23.3 enable # ip vpn-instance R2 peer 1.1.12.1 as-number 10 # address-family ipv4 unicast import-route static peer 1.1.12.1 enable # scheduler logfile size 16 # ip route-static 1.1.1.0 24 vpn-instance R2 1.1.12.1 ip route-static vpn-instance R2 3.3.3.0 24 GigabitEthernet0/1 1.1.23.3 # return [H3C]dis ip routing-table protocol static Summary count : 1 Static Routing table status : <Active> Summary count : 1 Destination/Mask Proto Pre Cost NextHop Interface 1.1.1.0/24 Static 60 0 1.1.12.1 GE0/0 Static Routing table status : <Inactive> Summary count : 0 [H3C]dis ip routing-table protocol bgp Summary count : 1 BGP Routing table status : <Active> Summary count : 1 Destination/Mask Proto Pre Cost NextHop Interface 3.3.3.0/24 BGP 255 0 1.1.23.3 GE0/1 BGP Routing table status : <Inactive> Summary count : 0 [H3C]dis ip routing-table vpn-instance R2 protocol static Summary count : 1 Static Routing table status : <Active> Summary count : 1 Destination/Mask Proto Pre Cost NextHop Interface 3.3.3.0/24 Static 60 0 1.1.23.3 GE0/1 Static Routing table status : <Inactive> Summary count : 0 [H3C]dis ip routing-table vpn-instance R2 protocol bgp Summary count : 1 BGP Routing table status : <Active> Summary count : 1 Destination/Mask Proto Pre Cost NextHop Interface 1.1.1.0/24 BGP 255 0 1.1.12.1 GE0/0 BGP Routing table status : <Inactive> Summary count : 0 [H3C]
参考链接:
配置全局路由表和VRF路由表之间的路由泄漏(无下一跳)
https://www.cisco.com/c/zh_cn/support/docs/ip/ip-routing/200158-Configure-Route-Leaking-between-Global-a.html
在Cisco IOS XE上配置VRF泄漏
https://www.cisco.com/c/zh_cn/support/docs/ip/ip-routing/216541-vrf-configuration-examples-on-ios-xe.html
在 Cisco Nexus 交换机上配置 VRF 路由泄漏
https://www.cisco.com/c/zh_cn/support/docs/ios-nx-os-software/nx-os-software/213908-configure-vrf-route-leak-on-nexus.html
