This document explains PICOS static route leaking. As shown in Figure 1, three devices, R1, R2 and R3 participate in this static route leaking example. The goal is to allow hosts connected to R2 in the default VRF, access to hosts connected to R3 in vrf2. To achieve this, static leaks will be configured on R1, which has two interfaces in two different VRFs, vrf2 and the default VRF. The interface connecting R2 belongs to the default VRF and the interface connecting R3 belongs to vrf2.
Figure1. Static Routing Leaking Topology
Static route leaks will be configured on R1. Additionally, a static route will be configured on R2 to reach 1.1.1.1 with a next-hop router address of R1 L3 VLAN interface. Similarly another static route will be configured on R3 to reach 4.4.4.4 with the next-hop router address of the R1 L3 VLAN interface. The sections below explains the device configuration of the three devices.
R1 Configuration
Step 1. Configure interface te-1/1/15 and te-1/1/47. Assign VLAN ID and configure the L3 VLAN interface IP address.
admin@R1# set interface gigabit-ethernet te-1/1/15 family ethernet-switching native-vlan-id 3000 admin@R1# set interface gigabit-ethernet te-1/1/47 family ethernet-switching native-vlan-id 3001 admin@R1# set l3-interface vlan-interface vlan3000 address 30.57.166.166 prefix-length 24 admin@R1# set l3-interface vlan-interface vlan3001 address 31.147.166.166 prefix-length 24 admin@R1# set vlans vlan-id 3001 l3-interface "vlan3001" admin@R1# set vlans vlan-id 3000 l3-interface "vlan3000" admin@R1# set l3-interface loopback lo address 2.2.2.2 prefix-length 32 admin@R1# set l3-interface loopback vrf2 address 166.166.166.2
Step 2. Create VRF vrf2 and assign vlan3001 to vrf2. Also enable IP routing on the device.
admin@R1# set ip vrf vrf2 admin@R1# set l3-interface vlan-interface vlan3001 vrf "vrf2" admin@R1# set ip routing enable true
Step 3. Create static leak routes on R1. Route 1.1.1.1/32 in created in the default VRF whereas route 4.4.4.4/32 is created in vrf2.
admin@R1# set protocols static route 1.1.1.1/32 nexthop-vrf vrf2 next-hop 31.147.166.47 admin@R1# set protocols static vrf vrf2 route 4.4.4.4/32 nexthop-vrf default next-hop 30.57.166.57
R2 Configuration
Step1. Configure interface ge-1/1/15, VLAN ID and L3 VLAN interface and IP address.
admin@R2# set interface gigabit-ethernet ge-1/1/15 family ethernet-switching native-vlan-id 3000 admin@R2# set l3-interface vlan-interface vlan3000 address 30.57.166.57 prefix-length 24 admin@R2# set vlans vlan-id 3000 l3-interface "vlan3000"
Step 2. Configure a static route to destination 1.1.1.1 and enable IP routing on the device. Also create the loopback interface and assign IP address.
admin@R2# set l3-interface loopback lo address 4.4.4.4 prefix-length 32 admin@R2# set protocols static route 1.1.1.1/32 next-hop 30.57.166.166 admin@R2# set ip routing enable true
R3 Configuration
Step1. Configure interface ge-1/1/2, L3 VLAN interface and IP address.
admin@R3# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 3001 admin@R3# set l3-interface vlan-interface vlan3001 address 31.147.166.47 prefix-length 24 admin@R3# set vlans vlan-id 3001 l3-interface "vlan3001" admin@R3# set l3-interface vlan-interface vlan3001 vrf vrf2
Step 2. Create vrf2, create loopback and configure a static route to destination 4.4.4.4/32 and also enable IP routing on the device.
admin@R3# set ip vrf vrf2 admin@R3# set l3-interface loopback vrf2 address 1.1.1.1 prefix-length 32 admin@R3# set protocols static vrf vrf2 route 4.4.4.4/32 next-hop 31.147.166.166 admin@R3# set ip routing enable true
Verify configuration
Ping 1.1.1.1 from R2 to test connectivity.
admin@R2# run ping 1.1.1.1 PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data. 64 bytes from 1.1.1.1: icmp_seq=1 ttl=63 time=2.15 ms 64 bytes from 1.1.1.1: icmp_seq=2 ttl=63 time=1.61 ms 64 bytes from 1.1.1.1: icmp_seq=3 ttl=63 time=2.43 ms 64 bytes from 1.1.1.1: icmp_seq=4 ttl=63 time=2.22 ms 64 bytes from 1.1.1.1: icmp_seq=5 ttl=63 time=1.97 ms
Verify Routing Table on R1
admin@R1# run show route vrf vrf2 show ip route vrf vrf1 static ============================= Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route VRF vrf2: S>* 4.4.4.4/32 [1/0] via 30.57.166.57, vlan3000 (vrf default), weight 1, 06:44:46 C>* 31.147.166.0/24 is directly connected, vlan3001, 00:31:25 show ipv6 route vrf vrf2 static =============================== admin@R1# run show route ipv4 Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route S>* 1.1.1.1/32 [1/0] via 31.147.166.47, vlan3001 (vrf vrf2), weight 1, 06:45:11 C>* 30.57.166.0/24 is directly connected, vlan3000, 00:51:25
Verify Routing Table on R2
admin@R2# run show route ipv4 Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route S>* 1.1.1.1/32 [1/0] via 30.57.166.166, vlan3001, weight 1, 06:45:11 C>* 30.57.166.0/24 is directly connected, vlan3000, 00:51:25
Verify Routing Table on R3
admin@R3# run show route vrf vrf2 Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route S>* 4.4.4.4/32 [1/0] via 31.147.166.166, vlan3001, weight 1, 06:45:11 C>* 31.147.166.0/24 is directly connected, vlan3001, 00:51:25