2020-07-25

[Cisco] Static Route Leaking

So, I had specific use case for allowing access to loopbacks on the same VRF across a point to point link without the need for a routing protocol.

None of the resources I found online gave a specific example of how to do this, however after some trial and error and piecing together various parts of specific solutions for use cases with much more elaborate designs, I came up with the following solution.


R2#show run int lo 1
Building configuration...

Current configuration : 156 bytes
!
interface Loopback1
description Management
vrf forwarding MGMT
ip address 192.168.10.2 255.255.255.255
end

R2#show run | incl ip route
ip route 192.168.10.2 255.255.255.255 Loopback1 name R2_LO1
ip route vrf MGMT 192.168.10.1 255.255.255.255 192.168.1.1 global name R1_LO1
R2#ping vrf MGMT 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R2#ping vrf MGMT 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R2#ssh -vrf MGMT -l admin 192.168.10.1
Password:

R1#show run int lo 1
Building configuration...

Current configuration : 144 bytes
!
interface Loopback1
description Management
vrf forwarding MGMT
ip address 192.168.10.1 255.255.255.255
end

R1#show run | incl ip route
ip route 192.168.10.1 255.255.255.255 Loopback1 name R1_LO1
ip route vrf MGMT 192.168.10.2 255.255.255.255 192.168.1.2 global name R2_LO1
R1#ping vrf MGMT 192.168.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1#


So based on the above, you not only have to inform the global routing table (underlay) how to get to it's own loopback, but you also have to inform the VRF to use the GRT to transport traffic for the destination IP, in this case the host route.

No comments:

 
Google+