Direct Route Leaking Between Virtual Routers

Version 32.4 adds support for leaking direct routes of specified VLAN(s) to a different Virtual Router (VR). Adjacent (directly connected) hosts are also reachable in the specified VR.

Note

Note

This feature is an additional method for achieving Inter-VR routing without an external router. You can also allow a static route's gateway to be in a different VR by entering the configure iproute add command and specifying vlan egress_vlan, or redistribute routes from one OSPF instance to another OSPF instance in a different VR by entering the enable ospf export {vr} command.

Leaked direct routes are created with origin direct-inter-vr in the leak-to-VR. These routes have a lower route priority than direct routes and a higher route priority than any other route type.

The route priority of direct-inter-vr can be modified using the iproute priority command. These routes can be redistributed to the OSPF protocol in the leak-to-VR like any other routes in the VR. OSPF‘s route redistribution command is also extended as part of this feature and includes the direct-inter-vr route type.

Note

Note

To ping a directly attached host from the switch command line successfully, the ping command must specify the correct VR name (or use the correct command line VR context) containing the VLAN with that subnet. If another VR name or VR context is used, the ping will not be successful.

Direct Route Leaking CLI Commands

Use the configure iproute add direct-inter-vr {ipv4} [{vlan} from_vlan_name | vlan from_vlan_list] {{vr} to_vr_name} command to add the direct routes of a VLAN or set of VLANs to be leaked to the leak-to-VR.

Use the configure iproute delete direct-inter-vr {ipv4} [{vlan} from_vlan_name | vlan from_vlan_list] {{vr} to_vr_name} command to delete a direct route of a VLAN or set of VLANs previously leaked to the leak-to-VR.

Use the show iproute direct-inter-vr {ipv4} {from-vr from_vr_name} {{vr} to_vr_name} command to display the configuration of Inter-VR direct routes.

Direct Route Leaking Use Case

A typical use case for this feature is when you have a printer IP directly attached to a switch on a VLAN in VR1. For example, a printer IP 10.1.1.222 on a VLAN names "yellow10" in VR1, with an IP address of 10.1.1.1/24. In this scenario, you want all users in VR1 and VR2 to access the printer using the same IP 10.1.1.222, without requireing an external router.

To accomplish this, you can configure the direct route of VLAN "yellow10" with IP 10.1.1.1/24 to be leaked to VR2. You can create a reverse routed path by configuring the direct route of VLAN "red20" with IP 20.1.1.1/24 in VR2 to be leaked to VR1.

By configuring direct route leaking, hardware and slow path forwarding tables are augmented to include all IP ARP entries on that interface, such as 10.1.1.222, in VR2 in addition to VR1.

Note

Note

In this scenario, you do not want users in VR3 to access 10.1.1.0/24, on VR1 and VR2.

Direct Route Leaking Example Configuration

The following example commands create or configure direct route leaking.

create vr VR1

create vlan yellow10 tag 10 vr VR1

configure yellow10 ipaddress 10.1.1.1/24

create vr VR2

create vlan red20 tag 20 vr VR2

configure red20 ipaddress 10.1.1.1/24

configure iproute add 30.1.1.0/24 20.1.1.254 vr VR2

create vr VR3

configure iproute add direct-inter-vr vlan yellow10 vr VR2

configure iproute add direct-inter-vr red20 VR1

Direct Route Leaking Example Show Output

The following example displays show command output for this feature:

Example

# show iproute direct-inter-vr​

Inter-VR Direct IPv4 Routes Leaked To Virtual Router: VR1​

Leak From VLAN Name              VID  Primary IP Addr.   Leak From Virtual Router​
-------------------------------- ---- ------------------ ------------------------------​
red20                            20   20.1.1.1       /24 VR2​

Inter-VR Direct IPv4 Routes Leaked To Virtual Router: VR2​

Leak From VLAN Name              VID  Primary IP Addr.   Leak From Virtual Router​
-------------------------------- ---- ------------------ ------------------------------​
yellow10                         10   10.1.1.1       /24 VR1​

The following examples display the "div" origin prefix showing Direct-Inter-VR information.

# show iproute vr vr1​

Ori  Destination        Gateway         Mtr  Flags         VLAN       Duration​
 d   10.1.1.0/24        10.1.1.1        1    -------um---- yellow10   0d:0h:3m:12s​
 div 20.1.1.0/24        20.1.1.1        1    -------um---- red20      0d:0h:2m:17s​
 s   30.1.1.0/24        20.1.1.254      1    -G---S-um---- red20      0d:0h:1m:59s​
​
# show iproute vr vr2​
Ori  Destination        Gateway         Mtr  Flags         VLAN       Duration​
 div 10.1.1.0/24        10.1.1.1        1    -------um---- yellow10   0d:0h:8m:39s​
 d   20.1.1.0/24        20.1.1.1        1    -------um---- red20      0d:0h:9m:42s​
 s   30.1.1.0/24        20.1.1.254      1    -G---S-um---- red20      0d:0h:0m:6s