[FROG] VRF Configuration

Dan White dwhite at olp.net
Sat Feb 10 10:30:43 EST 2018


On 02/09/18 14:42 -0500, Donald Sharp wrote:
>Since properly configuring a VRF has become a point of contention,
>I've started a wiki on how to properly configure VRF's so that you can
>use them properly with FRRouting:
>
>https://github.com/FRRouting/frr/wiki/Configuring-a-VRF-to-work-properly-for-FRR

Thank you Donald. This is very useful.

My background is with Netiron, IOS, and JunOS and I have a couple of comments
on VRF leaking, which is not discussed in the above that I that I've seen,
but is in discussion on dev.

The Tutorial suggests installing a default route with low priority in your
VRF as a basic step. In a route leaking context this can and will lead to
disaster in a production environment. I can recall an uncomfortable
discussion with a bank after leaking a default route into their mpls vrf,
from within another common (voice) vrf I was configuring. I generally stay
away from static routes altogether. You can mitigate that risk with
import/export lists.

Some implementations do leaking much better than others, and the primary
area of issue that I have is how do you leak connected routes - that is how
do you leak a local interface/subnet, such as 'int ve 1000', into another
local vrf, that is not learned through a dynamic routing protocol. Cisco
does this the moment you configure:

ip bgp vpnv4 <vrf>

and Netiron requires requires ugly route_maps to accomplish the same thing.



More information about the frog mailing list