Inter-VRF route leaking is useful in cases where multiple VRFs share the same path to an external domain, while maintaining the internal routing information limited to their own VRFs. This feature enables a data center to consolidate multiple VRF services onto one server.
Important
When OptiScale™ is enabled for the SLX 9540, the non-default VRF is not supported, nor is inter-VRF route leaking. Multi-VRF and inter-VRF route leaking are supported only when OptiScale is not enabled. For more information, see Internet Route Scaling.Important
Deploy this feature only if you are an advanced user, because route leak configuration in source VRFs can collide with route and interface definitions in target VRFs. Such a situation can lead to unpredictable behavior in packet forwarding.A static route conflict can occur when the same prefix is reachable by two different next hops in the target VRF. The forwarding behavior is different depending on which command occurred later. In the following example, the global configuration presents a static route conflict for 10.1.2.0/24.
vrf red device(config-vrf-red)# address-family ipv4 unicast device(config-vrf-red-ipv4-unicast)# ip route 10.1.2.0/24 next-hop-vrf green 10.1.1.1 device(config)# vrf green device(config-vrf-green)# address-family ipv4 unicast device(config-vrf-green)# ip route 10.1.2.0/24 18.1.1.1
Note
However, if the source of the prefix in each case is different (for example, 10.1.2.0 comes from OSPF, BGP, static, or connected, then the method of conflict resolution (where the most recent configuration takes precedence) does not apply. The order of preference is as follows: (1) connected, (2) static, (3) OSPF, and (4) BGP, assuming that the administrative distances for the prefixes are the defaults. In other words, when the prefix is installed through different sources (OSPF, BGP, static, or connected), the prefix with the lowest administrative distance takes precedence. The most recently configured prefix rule applies only if the source of the prefix is the same.Important
Ensure that identical prefixes are not leaked.A dynamic route conflict can occur when dynamic routing protocols advertise different routes to the same prefix in the target VRF.
The following example illustrates a connected route conflict:
device(config)# vrf red device(config-vrf-red)# address-family ipv4 unicast device(vrf-red-ipv4-unicast)# ip route 10.1.2.0/24 next-hop-vrf green 10.1.1.1 device(config)# interface ethernet 0/1 device(conf-if-eth-0/1)# vrf forwarding green device(conf-if-eth-0/1)# ip address 10.1.2.1/24
Note
Be aware of such possible conflicts before deploying the route leak feature, because there is no method for error checking these scenarios. A best practice is to ensure that definitions are globally unique and route collisions do not exist.The show ip route command displays "%vrf" in the route type, with the next-hop address, for the leaked routes in a VRF.
The following example displays output for routes in the default-vrf
device# show ip route IP Routing Table for VRF "default-vrf" Total number of IP routes: 6 '*' denotes best ucast next-hop '[x/y]' denotes [preference/metric] 1.1.1.0/24, *via 8.8.8.100%vrf200, Ve200 , [1/1], 2m45s, static, tag 0 2.2.2.0/24, attached *via DIRECT, Ve 100, [0/0], 2m45s, direct, tag 0 2.2.2.100/32, attached *via DIRECT, Ve 100, [0/0], 2m45s, local, tag 0 40.0.0.0/24, attached *via DIRECT, Eth 0/2, [0/0], 31m15s, direct, tag 0 40.0.0.1/32, attached *via DIRECT, Eth 0/2, [0/0], 31m15s, local, tag 0 90.0.0.0/24, *via 40.0.0.100, Eth 0/2, [1/1], 16m42s, static, tag 0
You can also determine the leaked route for a specific VRF by using the show ip route vrf command, as illustrated in the following example for vrf1 that displays "%default-vrf" in the route type.
device# show ip route vrf vrf1 IP Routing Table for VRF "vrf1" Total number of IP routes: 6 '*' denotes best ucast next-hop '[x/y]' denotes [preference/metric] 3.3.3.0/24, *via 14.14.14.100, Ve 2, [1/1], 0m23s, static, tag 0 11.11.11.0/24, *via 40.0.0.2%default-vrf, Eth 0/2, [1/1], 1m40s, static, tag 0 14.14.14.0/24, attached *via DIRECT, Ve 2, [0/0], 9m11s, direct, tag 0 14.14.14.14/32, attached *via DIRECT, Ve 2, [0/0], 9m11s, local, tag 0 15.15.15.0/24, attached *via DIRECT, Ve 3, [0/0], 9m11s, direct, tag 0 15.15.15.1/32, attached *via DIRECT, Ve 3, [0/0], 9m11s, local, tag 0