CISCO Routing leak Test Topology

CISCO Routing leak Test topology

Routing leak is one technique that widely used in Service Provide and big Enterprise，but there are  few articles to discuss this issue.

Today I write a comprehensive article to discuss this issue.

Physical

Logical

The configuration of R3

hostname R3

!

!

ip vrf test1

 rd 100:1

 route-target export 100:1

 route-target import 100:2

!

ip vrf test2

 rd 100:2

 route-target export 100:2

 route-target import 100:1

!        

!        

ip cef   

!        

interface Loopback3

 ip address 33.33.33.33 255.255.255.255

!        

interface Loopback66

 ip vrf forwarding test2

 ip address 99.99.99.99 255.255.255.255

!        

interface FastEthernet0/0

 ip vrf forwarding test1

 ip address 9.9.13.3 255.255.255.0

 duplex full

!        

interface FastEthernet1/0

 ip vrf forwarding test2

 ip address 9.9.23.3 255.255.255.0

 duplex full

!        

interface Serial2/0

 ip address 9.9.34.3 255.255.255.0

 serial restart-delay 0

!        

ip route 9.9.13.0 255.255.255.0 FastEthernet0/0 9.9.13.1

ip route 44.44.44.44 255.255.255.255 9.9.34.4

ip route vrf test1 0.0.0.0 0.0.0.0 44.44.44.44 global

ip route vrf test1 9.9.23.0 255.255.255.0 FastEthernet1/0 9.9.23.2

ip route vrf test2 9.9.13.0 255.255.255.0 FastEthernet0/0 9.9.13.1

!        

Test result as follows

Analysis and Conclusions

ip route vrf test1 0.0.0.0 0.0.0.0 44.44.44.44 global  

The key word‘vrf test1’ indicate the route is written for vrf test1.   If the next hop is in the global routing table,we need add key word ‘global’.

ip route 9.9.13.0 255.255.255.0 FastEthernet0/0 9.9.13.1

global的回程路由出接口及下一跳地址则不需要指明是某个vrf的

Regarding the global route，if the next-hop in one vrf,the outbound interface and nexp-hop no need specify which vrf it belong to.

vrf的路由的出接口接下一跳同理，不需要指明属于哪一个vrf

Regaring the vrf route, if the next-hop in one vrf,the outbound interface and nexp-hop no need specify which vrf it belong to.

需要特别注意的是，书写静态路由的时候，实际上是为报文转发指定一个方向，因此如果下一跳书写的是本地的接口，则无法指明出接口方向，因此一定不能写本地接口

One problem in routing leak scenarios, require special attention: In order to  specify a direction for packet forwarding，we write static route. If we use the local interface ip address as next-hop ,we can not specify the  direction.