Header Navigation

Thursday, December 31, 2015

Leaking VRF (Virtual Routing Forwarding) Route to Global Routing Table (GRT) on Alcatel-Lucent 7750 SR

Hello, in the last day of 2015. I'll share some technique, how to leak your route from VRF to GRT using Alcatel-lucent Service Router. For this step I using 7750 SR with SR OS 12. Below the simple topology



The vrf put in PE-B and It's route need to distributed to PE-A. I can use vrf-export and vrf-import, but to accept that, I need to configure vrf too in PE-A and loopback A can reach the server. The goal of vrf leaking to GRT is the device in vrf (ex, server, system or etc) can reach from another router using Global routing table. Let see the procedure


  1. Make vrf policy confiiguration.
    For this step I need two policies in PE-B, the first policy to distribute to local, I need this to limit the prefix advertisement  from vrf to GRT. The GRT-Leak-Prefix using for to the specific prefix need to advertise to Global routing table.
     *A:PE-B# /show router policy "Prefix-Limiter-VRF"  
       entry 10  
         from  
           prefix-list "GRT-Leak-Prefix"  
         exit  
         action accept  
         exit  
       exit  
     *A:PE-B#   
    

    The second to allow the vpn-leak advertise to ospf routing table (in case I use ospf protocol for Global Routing Table)

     *A:PE-B# /show router policy "VPN-to-OSPF"  
       entry 10  
         from  
           protocol vpn-leak  
           prefix-list "GRT-Leak-Prefix"  
         exit  
         action accept  
         exit  
       exit  
       entry 20  
       exit  
     *A:PE-B#   
    
     
  2. Create configuration in VRF ( in this case I use vprn id 808)
     *A:PE-B# configure service vprn 808   
     *A:PE-B>config>service>vprn# info   
     ----------------------------------------------  
           route-distinguisher 808:1  
           auto-bind ldp  
           interface "Server-Interface" create  
             address 114.0.77.117/30  
             sap 2/1/3:808 create  
             exit  
           exit  
           grt-lookup  
             enable-grt  
             exit  
             export-grt "Prefix-Limiter-VRF"  
           exit  
           no shutdown  
     ----------------------------------------------  
     *A:PE-B>config>service>vprn#   
    
  3. We success make VPN-Leak. But The prefix juts populate the local GRT, we need to export them to ospf so PE-A can reach the prefix 
     *A:PE-B# configure router ospf   
     *A:PE-B>config>router>ospf# info   
     ----------------------------------------------  
           asbr  
           traffic-engineering  
           export "VPN-to-OSPF"  
      ------------------(output ommited)-----------           
           no shutdown  
     ----------------------------------------------  
     *A:PE-B>config>router>ospf#    
    
  4. Done. Lets verify

Verify in PE-B


Test ping from PE-B to VRF interface

Test ping from VRF to PE-B loopback/system ip


Route-table check in PE-A


Test ping to Local VRF domain from PE-A


I think it's enough. I hope this information can help you when you need it :)

No comments:

Post a Comment