Subnet Toolsand other network tips

VRF Lite with redistribution between BGP and EIGRP

Some of my posts are just things that I was pretty sure worked but wasn’t 100% on how it worked and what the exact config looked like. In these situations if I can’t find something in a blog or on the Cisco site I post something to make it easier for the next guy trying to do the same thing.

In a recent project I had a site with full L3 from the access layer up through distribution to core and MPLS CE. The CE runs BGP and peers with the PE and redistributes both ways between EIGRP and BGP. The core, distribution and access layers run EIGRP; it’s a pretty standard design nowadays. The goal of the project was to connect a device on a segregated network and have it logically┬ásegregated on the LAN using the same hardware so that it can connect to a different MPLS VPN presented over the same bearer by the MPLS provider.

To achieve this the EIGRP and BGP was pretty simple and overlaying the vrf (called RED) on top was also pretty standard. For EIGRP you can assign a separate ASN for the overlaid VRF to make things clearer to understand.

router eigrp 800
 network 10.0.0.0
 network 192.168.0.0
 no auto-summary
 !
 address-family ipv4 vrf RED
 network 10.0.0.0
 network 192.168.0.0
 no auto-summary
 autonomous-system 900
 exit-address-family
!

On R3 you then need to redistribute from the new ASN in your BGP process.

 address-family ipv4 vrf RED
 redistribute eigrp 900
 neighbor 192.168.0.11 remote-as 2800
 neighbor 192.168.0.11 activate
 no synchronization
 exit-address-family

You don’t need to do this with BGP as MBGP ensures that you redistribute from the right vrf.

router eigrp 800
 redistribute bgp 6500 metric 10000 0 255 1 1500
 network 192.168.0.0
 no auto-summary
 !
 address-family ipv4 vrf RED
 redistribute bgp 6500 metric 10000 0 255 1 1500
 network 192.168.0.0
 no auto-summary
 autonomous-system 900
 exit-address-family
!

Uses of this solution include pushing dirty internet or guest network down to the access layer if you’re doing stuff like dot1x in an environment with L3 between the network tiers.

Full configs of the lab below.

R1 R2 R3 R4

Comments are currently closed.