Building network automation solutions

9 module online course

Start now!

Inter-VRF static routes

Swapnendu was trying to implement inter-VRF route leaking in multi-VRF environment without using route targets. He decided to use inter-VRF static routes, but got concerned after reading the following paragraph from Cisco’s documentation:

You can not configure two static routes to advertise each prefix between the VRFs, because this method is not supported. Packets will not be routed by the router. To achieve route leaking between VRFs, you must use the import functionality of route-target and enable Border Gateway Protocol (BGP) on the router. No BGP neighbor is required

There is no reason why inter-VRF static routes on point-to-point interfaces would not work. However … if Cisco's documentation states something is not supported, that's exactly what it is: not supported. It might work for you, it might not work on specific platforms and it might be broken in a future software release (like MPLS VPN on 1800 routers). You're using it at your own risk and if it stops working you can't even complain to the TAC (because they'll tell you it's unsupported).


  1. thanks for sharing this with everyone..

    in summary i can say the following -

    Routing between two VRFs on the same router is not allowed officially (though method exists to bypass this) using any static route combination for Ethernet/SVI/other multipoint interface types. MP-BGP must be used to achieve this. MP-BGP can be used without any neighbors, just redistribute connected routes into MP-BGP and set the route-targets correctly.

    To bypass this restriction on P2P links :
    If VPN1 and VPN2 are connected via a point-to-point interface e.g. serial link, static routes can be used to communicate between the VRFs *WITHOUT* using MPBGP. This doesn’t work for multiaccess interfaces like VLAN or Ethernet interface.

    ip route vrf VRF1 destination-other-VRF2-subnet mask other-VRF2-local-interface-P2P

    If added on a interfaces like Ethernet or SVI – error
    % For VPN routes, must specify a next hop IP address if not a point-to-point interface

    CCIE#19804 :)

    finally the comments worked!
  2. You can also use static routes over multiaccess interfaces, but you have to specify the next-hop address in the other VRF.

    Inter-VRF static route pointing to a multiaccess interface has never been allowed (this limitation goes back to 12.0T).
  3. Quick question. When using MP-BGP why must one import yourself in order to perform route leaking?

    ip vrf test1
    rd 100:1
    route-target import 100:1
    route-target export 100:1
    route-target import 200:1

    ip vrf test2
    rd 200:1
    route-target import 200:1
    route-target export 200:1
    route-target import 100:1
  4. I haven't tested this for years, but a while ago you had to import your own routes due to a bug (well, implementation detail :) ) in Cisco IOS.
  5. Thanks Ivan. I have tested that it isn't necessary on recent code. Appreciate you response.
  6. 8-) :( =-X :-P
  7. Hello

    >You can also use static routes over multiaccess interfaces, but you have to specify the next-hop address >in the other VRF.

    I tried static inter-vrf routing with vlan and nexthop address on a 6500 VSS with 12.2(33)SXI6 but it does not work! But I heard it worked on older releases (12.2.17SXB???).

    CEF Debug:
    18:13:58 18322: *Jun 6 16:09:58.294: CEF-Drop: Packet from (Vl400) to, Neighbor resolution req

    Any hints?

    CEF-Drop: Packet from (Vl400) to, Neighbor resolution req
  8. Inter-VRF static routes definitely work (I guess we also used them on a 6500). If there's nothing obviously wrong with your setup (make sure the next hop does belong to the IP subnet of the target interface), it's probably best to open a case with TAC.
Add comment