I don't think any of them will work. The router import and export has to be symmetric if you want bidirectional communication.
ip vrf A rd 1:1 route-target both 1:1 route-target import 1:3 ! ip vrf B rd 1:2 route-target both 1:2 route-target import 1:3 ! ip vrf Central_Services rd 1:3 route-target both 1:3 route-target import 1:1 route-target import 1:2 Schilling On Fri, Mar 18, 2011 at 9:04 AM, Peter Rathlev <pe...@rathlev.dk> wrote: > Is there any "smart" way configure an MPLS VPN network for a "central > services" VRF for all (or many) other VRFs? > > I see three possible ways: > > 1) Use import & export on the central services VRF, no configuration > on the other VRFs: > > ip vrf A > rd 1:1 > route-target both 1:1 > ! > ip vrf B > rd 1:2 > route-target both 1:2 > ! > ip vrf Central_Services > rd 1:3 > route-target both 1:1 > route-target both 1:2 > route-target both 1:3 > ! > > 2) Use import & export on each VRF that needs to access the central > services VRF. > > ip vrf A > rd 1:1 > route-target both 1:1 > route-target both 1:3 > ! > ip vrf B > rd 1:2 > route-target both 1:2 > route-target both 1:3 > ! > ip vrf Central_Services > rd 1:3 > route-target both 1:1 > ! > > 3) Use an empty (permit anything) import map on the central services > VRF and an export map on the other VRFs: > > route-map CS_EXPORT_MAP permit 10 > set extcommunity rt 1:3 additive > ! > route-map CS_IMPORT_MAP permit 10 > ! > ip vrf A > rd 1:1 > route-target both 1:1 > export map CS_EXPORT_MAP > ! > ip vrf B > rd 1:2 > route-target both 1:2 > export map CS_EXPORT_MAP > ! > ip vrf Central_Services > rd 1:3 > route-target both 1:3 > import map CS_IMPORT_MAP > ! > > In my eyes all approaches seem like a lot of work, but I'm leaning > towards solution 2 because it seems easier to not make mistakes. > > An SP from which we buy last-mile in a couple of VRFs have their > management prefixes leaked out into every VRF and we're looking for > something similar. > > Does anybody know of a smart(er) way of doing this? Are anybody on this > list using it large scale and are willing to share some experience? > > -- > Peter > > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/