【新华三】通过路由复制实现Public与VRF路由互通

背景以及说明

通过路由复制实现Public路由和VRF路由互通，默认情况下VRF里的路由单独一张路由表，默认情况下与public路由表相互隔离，两张表之间不可互访。

如上图所示，S6900设备里有两张表，一张是public路由表，默认所有的路由都存放在public路由表里；除此之外还创建了VRF test，因此此设备还有VRF test路由表。

#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
#
interface LoopBack1
 ip binding vpn-instance test
 ip address 2.2.2.2 255.255.255.255
#

此时的public路由表里面并没有test的路由表。public路由表与VRF路由表之间相互隔离。Public路由表里只有loop1(1.1.1.1)的路由

[H3C]dis ip routing-table

Destinations : 9        Routes : 9

Destination/Mask   Proto   Pre Cost        NextHop         Interface
0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0
1.1.1.1/32         Direct  0   0           127.0.0.1       InLoop0
127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0
127.0.0.0/32       Direct  0   0           127.0.0.1       InLoop0
127.0.0.1/32       Direct  0   0           127.0.0.1       InLoop0
127.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0
224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0
224.0.0.0/24       Direct  0   0           0.0.0.0         NULL0
255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0
[H3C]

此时VRF test里也只有loop1（2.2.2.2）的路由，没有其他VRF或Public里的路由，相互隔离

[H3C]dis ip routing-table vpn-instance test

Destinations : 9        Routes : 9

Destination/Mask   Proto   Pre Cost        NextHop         Interface
0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0
2.2.2.2/32         Direct  0   0           127.0.0.1       InLoop0
127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0
127.0.0.0/32       Direct  0   0           127.0.0.1       InLoop0
127.0.0.1/32       Direct  0   0           127.0.0.1       InLoop0
127.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0
224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0
224.0.0.0/24       Direct  0   0           0.0.0.0         NULL0
255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0
[H3C]

ping测试一下loop0与loop1相互不通。

[H3C]ping -a 1.1.1.1 2.2.2.2
Ping 2.2.2.2 (2.2.2.2) from 1.1.1.1: 56 data bytes, press CTRL+C to break
Request time out
Request time out
Request time out
Request time out
Request time out

--- Ping statistics for 2.2.2.2 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
[H3C]%Feb 13 20:14:55:117 2023 H3C PING/6/PING_STATISTICS: Ping statistics for 2.2.2.2: 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss.

路由复制配置

想要实现VRF与public互访可以通过路由复制功能实现。具体配置如下：

ip vpn-instance test
 #
 address-family ipv4
  route-replicate from public protocol direct     //可以实现将Public的直连路由引入到VRF test里
#
ip public-instance
 #
 address-family ipv4
  route-replicate from vpn-instance test protocol direct //可以实现将VRF test的直连路由引入到Public路由表里

配置路由复制之后的两张路由表如下，可以发现Public路由表里的直连路由被复制到了VRF test里，VRF test的直连路由也被复制到了Public里。

[H3C]dis ip routing-table

Destinations : 10       Routes : 10

Destination/Mask   Proto   Pre Cost        NextHop         Interface
0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0
1.1.1.1/32         Direct  0   0           127.0.0.1       InLoop0
2.2.2.2/32         Direct  0   0           127.0.0.1       InLoop0
127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0
127.0.0.0/32       Direct  0   0           127.0.0.1       InLoop0
127.0.0.1/32       Direct  0   0           127.0.0.1       InLoop0
127.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0
224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0
224.0.0.0/24       Direct  0   0           0.0.0.0         NULL0
255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0
[H3C]dis ip routing-table vpn-instance test

Destinations : 10       Routes : 10

Destination/Mask   Proto   Pre Cost        NextHop         Interface
0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0
1.1.1.1/32         Direct  0   0           127.0.0.1       InLoop0
2.2.2.2/32         Direct  0   0           127.0.0.1       InLoop0
127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0
127.0.0.0/32       Direct  0   0           127.0.0.1       InLoop0
127.0.0.1/32       Direct  0   0           127.0.0.1       InLoop0
127.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0
224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0
224.0.0.0/24       Direct  0   0           0.0.0.0         NULL0
255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0
[H3C]

ping测试一下，发现Public可以与VRF里的地址互通。同理也可以实现VRF之间的路由互通。

[H3C]ping -a 1.1.1.1 2.2.2.2
Ping 2.2.2.2 (2.2.2.2) from 1.1.1.1: 56 data bytes, press CTRL+C to break
56 bytes from 2.2.2.2: icmp_seq=0 ttl=255 time=0.049 ms
56 bytes from 2.2.2.2: icmp_seq=1 ttl=255 time=0.092 ms
56 bytes from 2.2.2.2: icmp_seq=2 ttl=255 time=0.100 ms
56 bytes from 2.2.2.2: icmp_seq=3 ttl=255 time=0.072 ms
56 bytes from 2.2.2.2: icmp_seq=4 ttl=255 time=0.051 ms

--- Ping statistics for 2.2.2.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.049/0.073/0.100/0.021 ms
[H3C]%Feb 13 20:13:00:673 2023 H3C PING/6/PING_STATISTICS: Ping statistics for 2.2.2.2: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.049/0.073/0.100/0.021 ms.