Configuring a complex inter-VRF solution

Local interfaces can be utilised by a number of protocols for various purposes. They can be used as a reliable address via which to access a device - an address that is always accessible, irrespective of the link status of any individual external interface.

Within each VRF, configure optional route distinguisher (RD), route-targets and VRF import and export maps. The RD, route-targets and VRF import and export maps are used when leaking routes via BGP. They are not required when inter-VRF communication is achieved via static inter-VRF routes. BGP is used to facilitate inter-VRF communication in this example.

The RD is a BGP ASN (xxx:). The VRF RD is also used by MPLS to facilitate VRF VPNs, which are currently not supported, and thus serves little purpose in the context of VRF-lite. However the RD command is required if using BGP to facilitate inter-VRF communications. Each RD references a unique VRF instance (:xxx). A complete VRF ASN uses the syntax xxx:xxx. For example 100:1 denotes BGP ASN 100, VRF instance1.

The command route-target export xxx:xxx enables routes in the VRF domain with a matching VRF ASN tag to be exported via BGP to be subsequently leaked to other VRFs.

The command route-target import xxx:xxx enables routes from other VRF domains with a matching VRF ASN tag to be imported via BGP into the VRF domain.

The command export map name references a route map, which in turn references the ACLs previously configured. This command ensures (via the associated ACLs) that only selected routes are exported from the VRF domain to BGP.

In this example VRF orange has a static route to network 192.168.20.0/24. This same IP subnet is assigned to vlan 2, which is a part of VRF green. Therefore there is an export map (orange 140) and associated ACL orangeBlock20Export140 deny 192.168.20.0/24 to ensure the network 192.168.20.0 is not exported into BGP, whilst still allowing the export of other networks that do not match the ACL.

The command import map name references a route map, which in turn references the ACLs previously configured. This commands ensures (via the associated ACLs) that only selected routes are imported into the VRF domain from BGP.

There is no route leakage to or from VRF overlap. VRF overlap (and its associated VLANs) remain completely isolated from all other VRF domains. VRF overlap contains network 192.168.10.0/24 associated with vlan6. This same subnet is also contained in VRF red vlan1. This is OK, as VRF overlap has no associated route-target import and route-target export commands.

Configure VRF-lite Page 47

Page 46 Page 48
Page 47
Image 47
Allied Telesis C613-16164-00 REV E manual Configure VRF-lite
Page 46 Page 48

C613-16164-00 REV E specifications

The Allied Telesis C613-16164-00 REV E is a robust networking device designed to enhance connectivity and communication within enterprise environments. Renowned for its reliability and efficiency, this device serves as an ideal choice for organizations seeking to improve their network infrastructure.

At its core, the C613-16164-00 REV E is a part of Allied Telesis' suite of products that adhere to high-performance standards. One of the main features is its support for both Layer 2 and Layer 3 networking, making it versatile enough to handle a variety of network configurations. This capability allows for seamless integration into different network architectures, whether for simple local area networks (LANs) or more advanced setups with routing capabilities.

Another significant characteristic of the C613-16164-00 REV E is its high-speed data transfer capabilities. With support for Gigabit Ethernet, the device ensures that data can be transmitted quickly and efficiently across the network. This is particularly important for businesses that rely on heavy data usage and need to maintain performance standards even during peak hours.

Additionally, the C613-16164-00 REV E features advanced security measures, including VLAN support and port security configurations, which help protect sensitive information and prevent unauthorized access. This is essential for businesses that handle confidential data and must comply with industry regulations.

In terms of manageability, the device supports SNMP (Simple Network Management Protocol), allowing for easy monitoring and management of network resources. Network administrators can efficiently manage the device and optimize performance with minimal effort, improving overall productivity.

The design of the C613-16164-00 REV E is also noteworthy; it is built for durability, often featuring a compact form factor that makes installation straightforward without compromising on performance. Its compatibility with various Allied Telesis products ensures that organizations can build a cohesive network ecosystem.

In conclusion, the Allied Telesis C613-16164-00 REV E stands out as an excellent networking solution characterized by its support for multiple networking layers, high-speed data transfer, and robust security features. Ideal for both small to medium enterprises and larger organizations, it helps ensure that businesses can maintain efficient and secure operations in a constantly evolving digital landscape.
Top Page Image Contents