Cisco Cisco Nexus 5010 Switch Libro bianco
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 41 of 75
vrf VRF-B
address-family ipv4 unicast
advertise l2vpn evpn
redistribute direct route-map FABRIC-RMAP-REDIST-SUBNET
redistribute static route-map REDIST-DEF-ROUTE
## redistributing default route into
VRF-B
maximum-paths ibgp 2
vrf VRF-EXT
address-family ipv4 unicast
advertise l2vpn evpn
redistribute direct route-map FABRIC-RMAP-REDIST-SUBNET
redistribute static route-map REDIST-VRF-SUBNETS
## redistributing routing
reachability towards protected subnets in protected VRFs
maximum-paths ibgp 2
evpn
vni 33001 l2
rd auto
route-target import auto
route-target export auto
vni 33002 l2
rd auto
route-target import auto
route-target export auto
vni 33500 l2
rd auto
route-target import auto
route-target export auto
Active-Standby Failover: Single-Attached Tenant-Edge Firewalls in Routed Mode with
Dynamic Routing
Dynamic Routing
When operational practices allow you to run a dynamic routing protocol between the fabric and the firewall, you can
reduce the overhead related to the static configuration of routing reachability information on both the firewalls and
, but some of the configuration is different. For
example, anycast-gateway mode is no longer used for the SVI and BDI used to establish routing adjacency with
the firewall. In addition, the IP addresses of the SVI and BDI for the respective VLANs must be different on each
border leaf node, but the interfaces must be on the same subnet.
Also, the route maps used for route redistribution may need to change depending on the operating practices used.
This document assumes that the firewall is sending the default route using OSPF.