VASI – VRF Aware Service Interfaces, what the heck are those?!
Cisco has defined a VASI interface as:
VASI is implemented using virtual interfaces that provide the framework necessary to configure a firewall and NAT between VRF instances. Each interface pair is associated with two different VRF instances. The two virtual interfaces, called vasileft and vasiright, in a pair are logically wired back-to-back and are completely symmetrical. Each interface has an index. The association of the pairing is done automatically based on the two interface indexes such that vasileft automatically gets paired to vasiright.
So you could look at a VASI interface as like a back-to-back connection between VRFs – call it a virtual cable of sort. You can also see that the traditional use of a VASI interface is to connect two VRFs, on the same router, together so they can route and NAT between each other. But what I am saying about Global Route Leaking?
Well, recently I had a problem where a client wanted to leak routes, dynamically, from a VRF to the Global table on an ASR1000 with an RP1 installed. We could easily have done it via a physical cable, but I knew their had to be a better way. I did some digging on the VASI interface and possible configurations and came across this – added in IOS XE 3.10S code is the ability to actually BGP peer over the VASI interfaces to exchange routes.
You may click on the image below to view the PDF on this.