Product manual

AX Series Network Partition: Solution Guide [Basic] Second Edition
© 2009-2010 ALAXALA Networks Corporation. All rights reserved.
34
After the settings described above are complete, route filtering is used to achieve a shared network.
Remote VRF is mutually specified between VRFs that permit communication. More detailed filter conditions
can be also created using a prefix list. Route filtering in this example configuration is described below.
Figure 3.4-3 Description of route filter for configuring a shared network
Filters permitting communication from VRF10 to VRF5 and from VRF5 to VRF10 are defined between external
network VRF5 and network 1 VRF10.
A filter permitting communication from VRF5 to VRF20 is defined between external network VRF5 and
network 2 VRF20. For communication from VRF20 to VRF5, the range of the network that enables
communication using a prefix list is limited to 192.168.x.0/24, in addition to a filter permitting VRF20.
Important points and configuration examples for the above are described below.
3.4.1 Important points in the configuration
As described above, an extra network is achieved by inter-VRF route filtering.
(1) Configure the route-map identifier when setting VRF.
To use route filtering, a route filter identifier is configured for each VRF to be treated as an extra network.
(2) Configure remote VRF permitting communication by using route filtering
In a system in which VRF is used, like the setting of ordinary route filtering, VRF can be added to the filter
conditions. This enables transfer control between VRFs.
Therefore, mutual VRF is permitted as a filter condition between VRFs that permit communication during
execution of an extra network. Furthermore, detailed control can also be done through the combined use of other
filter conditions.
Network 1: VRF10
Server: VLAN10
172.16.0.0/16
Terminal 1: VLAN100
192.168.10.0/24
Terminal 2: VLAN101
192.168.11.0/24
External network: VRF5
Network 2: VRF20
Server: VLAN20
172.17.0.0/16
Terminal 1: VLAN200
192.168.20.0/24
Terminal 2: VLAN201
192.168.21.0/24
External network:
VLAN5
10.0.0.0/8
route-map VRF5_IMPORT permit
match vrf 10
route-map VRF10_IMPORT permit
match vrf 5
route-map VRF5_IMPORT permit
match ip address prefix-list VRF20
match vrf 20
route-map VRF20_IMPORT permit
match vrf 5
ip prefix-list VRF20 permit 192.168.0.0/16