Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Does ip vrf require MPLS

Reply
Thread Tools

Does ip vrf require MPLS

 
 
RobertABowie@cbs.com
Guest
Posts: n/a
 
      02-06-2008
I am trying to provide new customer transports through my company ip
network running ospf. Can i utlize ip vrf to separate their routing
instances or do I need mpls.
 
Reply With Quote
 
 
 
 
Thrill5
Guest
Posts: n/a
 
      02-06-2008

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I am trying to provide new customer transports through my company ip
> network running ospf. Can i utlize ip vrf to separate their routing
> instances or do I need mpls.


You don't but you need to make sure that your image supports OSPF routing in
VRFs. (There are images that support only BGP and static, BGP, OSPF and
static, and BGP, OSPF, EIGRP and static) I have setup vrf's for a similar
purpose, routing on a DMZ switch so groups of VLANs could have their own
routing instance. I could find no examples of VRFs without MPLS, but its
actually very simple. I think the reason that Cisco doesn't have any
documentation for this because it is so simple. It is, but I still spent
about 4 hours researching it, and then configured it in our test lab because
I couldn't believe that this was all there was too it.

ip vrf <vrfname>
rd <ip address>:1 ! <ip address> can be anything, it is really only used
with MPLS, but should be an IP in the VRF, and there is a ":1" (colon one)
after it. The number can be anything, but I just used one.

interface <intname>
ip vrf forwarding <vrfname> ! Do this on each routed interface in the VRF

You will need to create a separate OSPF routing process for the VRF. I
don't know the commands for assigning the process to the VRF instance, but
you can look that up in the documentation.


 
Reply With Quote
 
 
 
 
stephan
Guest
Posts: n/a
 
      02-06-2008
Hi Robert

A few years ago i did it as follows:

!the config is used on a c3550 with enhanced image and looks like this:
!
! ----vl100---- ----vlan200----- ----vlan300----
! | | |
! | ---vlan201--- | |
! | | | |
! global | | |
! routing table vrf for vrf for
! | customer 1 customer 2
! | | |
! | | |
! vlan10 vlan20 vlan30
! | | |
! v v v
! to core to core to core
!
!
!
!----lets start!
ip subnet-zero
ip routing
!
!-----lets create the vrf-environment first----------
ip vrf custom1
rd 20:20
route-target export 20:20
route-target import 20:20
!
ip vrf custom2
rd 30:30
route-target export 30:30
route-target import 30:30
!
!
!----then set up a few vlans for transport towards the core and
!----local purpose
!----start first with the vlans for managing your devices
!----vlan 10 is used towards the core, this net transports netmgt
!----traffic as ssh/telnet, snmp, syslog
vlan 10
name netmgmt
!
!vlan 100 is the local vlan for netmgmt traffic
vlan 100
name netmgmt-local
!
!
!----then start with your customervlans
!----vlan 20 connects to the core and transports all traffic for
!----customer 1
vlan 20
name custom1
!
!vlan 200 is the 1st local vlan for for customer 1
vlan 200
name custom1-local-1
!
!vlan 201 is the 2nd local vlan for for customer 1
vlan 201
name custom1-local-2
!
!
!----then add some vlans for a 2nd customer
!----vlan 30 ist the towards the core an holds all traffic for
!----customer 2
vlan 30
name custom2
!
!---- next create the vlans for your customers
!----vlan 300 is the 1st local vlan for for customer 2
vlan 300
name custom2-local-1
!
!
!----now add some loopback i/f. they will be used for routing purposes
!----and others
!----lo1 is used to terminate ssh/telnet or as source for snmp, syslog
interface Loopback1
ip address 10.1.1.1 255.255.255.255
!
! lo2 is used to address the vrf for customer 1
interface Loopback2
ip vrf forwarding custom1
ip address 10.2.1.1 255.255.255.255
!
! lo3 is used to address the vrf for customer 2
interface Loopback3
ip vrf forwarding custom2
ip address 10.3.3.1 255.255.255.255
!
!
!----now set up the layer-3
!----vlan1 not used
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description netmgmt-to-core
ip address 10.10.1.1 255.255.255.0
!
interface Vlan20
description custom1-to-core
ip vrf forwarding custom1
ip address 10.20.1.1 255.255.255.0
!
interface Vlan30
description custom2-to-core
ip vrf forwarding custom2
ip address 10.30.1.1 255.255.255.0
!
!
!----then add the local vlans
!----vlan100 is used only if you need to have the netmgt-vlan on
!----other switches
!----you'll notice that vlan 10 & 100 is NOT connected to a vrf.
!----see at the end for a reason
interface Vlan100
description netmgt-to-local
ip address 10.10.11.1 255.255.255.0
!
!
!----vlan200 is the 1st local customer vlan
interface Vlan200
description custom1-local-1
ip vrf forwarding custom1
ip address 150.50.5.1 255.255.255.0
!
!
!----vlan201 is the 2nd local customer vlan
interface Vlan201
description custom1-local-2
ip vrf forwarding custom1
ip address 150.50.6.1 255.255.255.0
!
!
!----vlan300 is the 1st local customer vlan for customer 2
interface Vlan300
description custom2-local-1
ip vrf forwarding custom2
ip address 130.30.3.1 255.255.255.0
!
!
!
!----you have to route these networks in the global routing table
router ospf 10
network 10.10.1.0 0.0.0.255 area 0 ! this is vlan10
network 10.10.11.0 0.0.0.255 area 0 ! this is vlan100
network 10.1.1.1 0.0.0.0 area 0 ! this is lo1
!
!----this vrf has its own routing table; vl20,200,201 & lo2
router ospf 20 vrf custom1
redistribute connected subnet
network 10.20.1.0 0.0.0.255 area 0 ! this is vlan20
!
router ospf 30 vrf custom2
redistribute connected subnet
network 10.30.1.0 0.0.0.255 area 0 ! this is vlan30
!
!
!---the next few commands are helpful but not required
ip tacacs source-interface Loopback1
ip telnet source-interface vlan 100
logging source-interface Loopback1
snmp-server trap-source Loopback1



!----reason for NOT connecting vlan 10 & 100 & lo1 to a vrf:
! i actually dont remember anymore for sure but i think it
! was because of the unability of snmp (or was it syslog?)
! to work with a vrf....????
! anyway, with newer releases that might work today....

--

regards
yellow2 sysadmin
________________________________________
mailto:%79%65%6c%6c%6f%77%32%40%67%6d%78%2e%6e%65% 74

 
Reply With Quote
 
stephen
Guest
Posts: n/a
 
      02-07-2008
"stephan" <(E-Mail Removed)> wrote in message
news:176e6$47aa4311$544b0fc5$(E-Mail Removed) ...
> Hi Robert
>
> A few years ago i did it as follows:
>
> !the config is used on a c3550 with enhanced image and looks like this:
> !
> ! ----vl100---- ----vlan200----- ----vlan300----
> ! | | |
> ! | ---vlan201--- | |
> ! | | | |
> ! global | | |
> ! routing table vrf for vrf for
> ! | customer 1 customer 2
> ! | | |
> ! | | |
> ! vlan10 vlan20 vlan30
> ! | | |
> ! v v v
> ! to core to core to core
> !
> !
> !
> !----lets start!
> ip subnet-zero
> ip routing
> !
> !-----lets create the vrf-environment first----------
> ip vrf custom1
> rd 20:20
> route-target export 20:20
> route-target import 20:20
> !
> ip vrf custom2
> rd 30:30
> route-target export 30:30
> route-target import 30:30
> !
> !
> !----then set up a few vlans for transport towards the core and
> !----local purpose
> !----start first with the vlans for managing your devices
> !----vlan 10 is used towards the core, this net transports netmgt
> !----traffic as ssh/telnet, snmp, syslog
> vlan 10
> name netmgmt
> !
> !vlan 100 is the local vlan for netmgmt traffic
> vlan 100
> name netmgmt-local
> !
> !
> !----then start with your customervlans
> !----vlan 20 connects to the core and transports all traffic for
> !----customer 1
> vlan 20
> name custom1
> !
> !vlan 200 is the 1st local vlan for for customer 1
> vlan 200
> name custom1-local-1
> !
> !vlan 201 is the 2nd local vlan for for customer 1
> vlan 201
> name custom1-local-2
> !
> !
> !----then add some vlans for a 2nd customer
> !----vlan 30 ist the towards the core an holds all traffic for
> !----customer 2
> vlan 30
> name custom2
> !
> !---- next create the vlans for your customers
> !----vlan 300 is the 1st local vlan for for customer 2
> vlan 300
> name custom2-local-1
> !
> !
> !----now add some loopback i/f. they will be used for routing purposes
> !----and others
> !----lo1 is used to terminate ssh/telnet or as source for snmp, syslog
> interface Loopback1
> ip address 10.1.1.1 255.255.255.255
> !
> ! lo2 is used to address the vrf for customer 1
> interface Loopback2
> ip vrf forwarding custom1
> ip address 10.2.1.1 255.255.255.255
> !
> ! lo3 is used to address the vrf for customer 2
> interface Loopback3
> ip vrf forwarding custom2
> ip address 10.3.3.1 255.255.255.255
> !
> !
> !----now set up the layer-3
> !----vlan1 not used
> interface Vlan1
> no ip address
> shutdown
> !
> interface Vlan10
> description netmgmt-to-core
> ip address 10.10.1.1 255.255.255.0
> !
> interface Vlan20
> description custom1-to-core
> ip vrf forwarding custom1
> ip address 10.20.1.1 255.255.255.0
> !
> interface Vlan30
> description custom2-to-core
> ip vrf forwarding custom2
> ip address 10.30.1.1 255.255.255.0
> !
> !
> !----then add the local vlans
> !----vlan100 is used only if you need to have the netmgt-vlan on
> !----other switches
> !----you'll notice that vlan 10 & 100 is NOT connected to a vrf.
> !----see at the end for a reason
> interface Vlan100
> description netmgt-to-local
> ip address 10.10.11.1 255.255.255.0
> !
> !
> !----vlan200 is the 1st local customer vlan
> interface Vlan200
> description custom1-local-1
> ip vrf forwarding custom1
> ip address 150.50.5.1 255.255.255.0
> !
> !
> !----vlan201 is the 2nd local customer vlan
> interface Vlan201
> description custom1-local-2
> ip vrf forwarding custom1
> ip address 150.50.6.1 255.255.255.0
> !
> !
> !----vlan300 is the 1st local customer vlan for customer 2
> interface Vlan300
> description custom2-local-1
> ip vrf forwarding custom2
> ip address 130.30.3.1 255.255.255.0
> !
> !
> !
> !----you have to route these networks in the global routing table
> router ospf 10
> network 10.10.1.0 0.0.0.255 area 0 ! this is vlan10
> network 10.10.11.0 0.0.0.255 area 0 ! this is vlan100
> network 10.1.1.1 0.0.0.0 area 0 ! this is lo1
> !


you might need
capability vrflite

on the 1st OSPF instance - i found routing across an ABR was broken until we
added this on a 12.2 switch (although a 12.4 routers added the line for me).


> !----this vrf has its own routing table; vl20,200,201 & lo2
> router ospf 20 vrf custom1
> redistribute connected subnet
> network 10.20.1.0 0.0.0.255 area 0 ! this is vlan20
> !
> router ospf 30 vrf custom2
> redistribute connected subnet
> network 10.30.1.0 0.0.0.255 area 0 ! this is vlan30
> !
> !
> !---the next few commands are helpful but not required
> ip tacacs source-interface Loopback1
> ip telnet source-interface vlan 100


this is an easy way to "lock" protocols to a vrf as long as you dont have
interfaces with the same address in a different VRF.

> logging source-interface Loopback1
> snmp-server trap-source Loopback1
>
>
>
> !----reason for NOT connecting vlan 10 & 100 & lo1 to a vrf:
> ! i actually dont remember anymore for sure but i think it
> ! was because of the unability of snmp (or was it syslog?)
> ! to work with a vrf....????
> ! anyway, with newer releases that might work today....


you can send traps and syslog into a VRF pretty easily - just add "vrf xxx"
to the command.

got this going with 3560 and 12.2(40)SE, and on 12.4(15)T<x?> on a 2811 (for
some version of x - dont remember which)

>
> --
>
> regards
> yellow2 sysadmin
> ________________________________________
> mailto:%79%65%6c%6c%6f%77%32%40%67%6d%78%2e%6e%65% 74
>

--
Regards

http://www.velocityreviews.com/forums/(E-Mail Removed) - replace xyz with ntl


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VRF and VRf-lite. AM Cisco 3 02-15-2009 12:52 PM
VRF GRE Tunnel over another VRF network ngurjar Software 0 10-11-2008 04:15 AM
VRF aware IPSEC with vrf-lite boozer_2 Cisco 0 08-20-2007 07:08 PM
Multi-vrf to Multi-vrf keithb Cisco 1 05-10-2004 04:32 PM
VRF/MPLS Problem Craig Whitmore Cisco 0 07-15-2003 12:22 AM



Advertisments