Does ip vrf require MPLS

Discussion in 'Cisco' started by RobertABowie@cbs.com, Feb 6, 2008.

  1. Guest

    I am trying to provide new customer transports through my company ip
    network running ospf. Can i utlize ip vrf to separate their routing
    instances or do I need mpls.
    , Feb 6, 2008
    #1
    1. Advertising

  2. Thrill5 Guest

    <> wrote in message
    news:...
    >I am trying to provide new customer transports through my company ip
    > network running ospf. Can i utlize ip vrf to separate their routing
    > instances or do I need mpls.


    You don't but you need to make sure that your image supports OSPF routing in
    VRFs. (There are images that support only BGP and static, BGP, OSPF and
    static, and BGP, OSPF, EIGRP and static) I have setup vrf's for a similar
    purpose, routing on a DMZ switch so groups of VLANs could have their own
    routing instance. I could find no examples of VRFs without MPLS, but its
    actually very simple. I think the reason that Cisco doesn't have any
    documentation for this because it is so simple. It is, but I still spent
    about 4 hours researching it, and then configured it in our test lab because
    I couldn't believe that this was all there was too it.

    ip vrf <vrfname>
    rd <ip address>:1 ! <ip address> can be anything, it is really only used
    with MPLS, but should be an IP in the VRF, and there is a ":1" (colon one)
    after it. The number can be anything, but I just used one.

    interface <intname>
    ip vrf forwarding <vrfname> ! Do this on each routed interface in the VRF

    You will need to create a separate OSPF routing process for the VRF. I
    don't know the commands for assigning the process to the VRF instance, but
    you can look that up in the documentation.
    Thrill5, Feb 6, 2008
    #2
    1. Advertising

  3. stephan Guest

    Hi Robert

    A few years ago i did it as follows:

    !the config is used on a c3550 with enhanced image and looks like this:
    !
    ! ----vl100---- ----vlan200----- ----vlan300----
    ! | | |
    ! | ---vlan201--- | |
    ! | | | |
    ! global | | |
    ! routing table vrf for vrf for
    ! | customer 1 customer 2
    ! | | |
    ! | | |
    ! vlan10 vlan20 vlan30
    ! | | |
    ! v v v
    ! to core to core to core
    !
    !
    !
    !----lets start!
    ip subnet-zero
    ip routing
    !
    !-----lets create the vrf-environment first----------
    ip vrf custom1
    rd 20:20
    route-target export 20:20
    route-target import 20:20
    !
    ip vrf custom2
    rd 30:30
    route-target export 30:30
    route-target import 30:30
    !
    !
    !----then set up a few vlans for transport towards the core and
    !----local purpose
    !----start first with the vlans for managing your devices
    !----vlan 10 is used towards the core, this net transports netmgt
    !----traffic as ssh/telnet, snmp, syslog
    vlan 10
    name netmgmt
    !
    !vlan 100 is the local vlan for netmgmt traffic
    vlan 100
    name netmgmt-local
    !
    !
    !----then start with your customervlans
    !----vlan 20 connects to the core and transports all traffic for
    !----customer 1
    vlan 20
    name custom1
    !
    !vlan 200 is the 1st local vlan for for customer 1
    vlan 200
    name custom1-local-1
    !
    !vlan 201 is the 2nd local vlan for for customer 1
    vlan 201
    name custom1-local-2
    !
    !
    !----then add some vlans for a 2nd customer
    !----vlan 30 ist the towards the core an holds all traffic for
    !----customer 2
    vlan 30
    name custom2
    !
    !---- next create the vlans for your customers
    !----vlan 300 is the 1st local vlan for for customer 2
    vlan 300
    name custom2-local-1
    !
    !
    !----now add some loopback i/f. they will be used for routing purposes
    !----and others
    !----lo1 is used to terminate ssh/telnet or as source for snmp, syslog
    interface Loopback1
    ip address 10.1.1.1 255.255.255.255
    !
    ! lo2 is used to address the vrf for customer 1
    interface Loopback2
    ip vrf forwarding custom1
    ip address 10.2.1.1 255.255.255.255
    !
    ! lo3 is used to address the vrf for customer 2
    interface Loopback3
    ip vrf forwarding custom2
    ip address 10.3.3.1 255.255.255.255
    !
    !
    !----now set up the layer-3
    !----vlan1 not used
    interface Vlan1
    no ip address
    shutdown
    !
    interface Vlan10
    description netmgmt-to-core
    ip address 10.10.1.1 255.255.255.0
    !
    interface Vlan20
    description custom1-to-core
    ip vrf forwarding custom1
    ip address 10.20.1.1 255.255.255.0
    !
    interface Vlan30
    description custom2-to-core
    ip vrf forwarding custom2
    ip address 10.30.1.1 255.255.255.0
    !
    !
    !----then add the local vlans
    !----vlan100 is used only if you need to have the netmgt-vlan on
    !----other switches
    !----you'll notice that vlan 10 & 100 is NOT connected to a vrf.
    !----see at the end for a reason
    interface Vlan100
    description netmgt-to-local
    ip address 10.10.11.1 255.255.255.0
    !
    !
    !----vlan200 is the 1st local customer vlan
    interface Vlan200
    description custom1-local-1
    ip vrf forwarding custom1
    ip address 150.50.5.1 255.255.255.0
    !
    !
    !----vlan201 is the 2nd local customer vlan
    interface Vlan201
    description custom1-local-2
    ip vrf forwarding custom1
    ip address 150.50.6.1 255.255.255.0
    !
    !
    !----vlan300 is the 1st local customer vlan for customer 2
    interface Vlan300
    description custom2-local-1
    ip vrf forwarding custom2
    ip address 130.30.3.1 255.255.255.0
    !
    !
    !
    !----you have to route these networks in the global routing table
    router ospf 10
    network 10.10.1.0 0.0.0.255 area 0 ! this is vlan10
    network 10.10.11.0 0.0.0.255 area 0 ! this is vlan100
    network 10.1.1.1 0.0.0.0 area 0 ! this is lo1
    !
    !----this vrf has its own routing table; vl20,200,201 & lo2
    router ospf 20 vrf custom1
    redistribute connected subnet
    network 10.20.1.0 0.0.0.255 area 0 ! this is vlan20
    !
    router ospf 30 vrf custom2
    redistribute connected subnet
    network 10.30.1.0 0.0.0.255 area 0 ! this is vlan30
    !
    !
    !---the next few commands are helpful but not required
    ip tacacs source-interface Loopback1
    ip telnet source-interface vlan 100
    logging source-interface Loopback1
    snmp-server trap-source Loopback1



    !----reason for NOT connecting vlan 10 & 100 & lo1 to a vrf:
    ! i actually dont remember anymore for sure but i think it
    ! was because of the unability of snmp (or was it syslog?)
    ! to work with a vrf....????
    ! anyway, with newer releases that might work today....

    --

    regards
    yellow2 sysadmin
    ________________________________________
    mailto:%79%65%6c%6c%6f%77%32%40%67%6d%78%2e%6e%65%74
    stephan, Feb 6, 2008
    #3
  4. stephen Guest

    "stephan" <> wrote in message
    news:176e6$47aa4311$544b0fc5$...
    > Hi Robert
    >
    > A few years ago i did it as follows:
    >
    > !the config is used on a c3550 with enhanced image and looks like this:
    > !
    > ! ----vl100---- ----vlan200----- ----vlan300----
    > ! | | |
    > ! | ---vlan201--- | |
    > ! | | | |
    > ! global | | |
    > ! routing table vrf for vrf for
    > ! | customer 1 customer 2
    > ! | | |
    > ! | | |
    > ! vlan10 vlan20 vlan30
    > ! | | |
    > ! v v v
    > ! to core to core to core
    > !
    > !
    > !
    > !----lets start!
    > ip subnet-zero
    > ip routing
    > !
    > !-----lets create the vrf-environment first----------
    > ip vrf custom1
    > rd 20:20
    > route-target export 20:20
    > route-target import 20:20
    > !
    > ip vrf custom2
    > rd 30:30
    > route-target export 30:30
    > route-target import 30:30
    > !
    > !
    > !----then set up a few vlans for transport towards the core and
    > !----local purpose
    > !----start first with the vlans for managing your devices
    > !----vlan 10 is used towards the core, this net transports netmgt
    > !----traffic as ssh/telnet, snmp, syslog
    > vlan 10
    > name netmgmt
    > !
    > !vlan 100 is the local vlan for netmgmt traffic
    > vlan 100
    > name netmgmt-local
    > !
    > !
    > !----then start with your customervlans
    > !----vlan 20 connects to the core and transports all traffic for
    > !----customer 1
    > vlan 20
    > name custom1
    > !
    > !vlan 200 is the 1st local vlan for for customer 1
    > vlan 200
    > name custom1-local-1
    > !
    > !vlan 201 is the 2nd local vlan for for customer 1
    > vlan 201
    > name custom1-local-2
    > !
    > !
    > !----then add some vlans for a 2nd customer
    > !----vlan 30 ist the towards the core an holds all traffic for
    > !----customer 2
    > vlan 30
    > name custom2
    > !
    > !---- next create the vlans for your customers
    > !----vlan 300 is the 1st local vlan for for customer 2
    > vlan 300
    > name custom2-local-1
    > !
    > !
    > !----now add some loopback i/f. they will be used for routing purposes
    > !----and others
    > !----lo1 is used to terminate ssh/telnet or as source for snmp, syslog
    > interface Loopback1
    > ip address 10.1.1.1 255.255.255.255
    > !
    > ! lo2 is used to address the vrf for customer 1
    > interface Loopback2
    > ip vrf forwarding custom1
    > ip address 10.2.1.1 255.255.255.255
    > !
    > ! lo3 is used to address the vrf for customer 2
    > interface Loopback3
    > ip vrf forwarding custom2
    > ip address 10.3.3.1 255.255.255.255
    > !
    > !
    > !----now set up the layer-3
    > !----vlan1 not used
    > interface Vlan1
    > no ip address
    > shutdown
    > !
    > interface Vlan10
    > description netmgmt-to-core
    > ip address 10.10.1.1 255.255.255.0
    > !
    > interface Vlan20
    > description custom1-to-core
    > ip vrf forwarding custom1
    > ip address 10.20.1.1 255.255.255.0
    > !
    > interface Vlan30
    > description custom2-to-core
    > ip vrf forwarding custom2
    > ip address 10.30.1.1 255.255.255.0
    > !
    > !
    > !----then add the local vlans
    > !----vlan100 is used only if you need to have the netmgt-vlan on
    > !----other switches
    > !----you'll notice that vlan 10 & 100 is NOT connected to a vrf.
    > !----see at the end for a reason
    > interface Vlan100
    > description netmgt-to-local
    > ip address 10.10.11.1 255.255.255.0
    > !
    > !
    > !----vlan200 is the 1st local customer vlan
    > interface Vlan200
    > description custom1-local-1
    > ip vrf forwarding custom1
    > ip address 150.50.5.1 255.255.255.0
    > !
    > !
    > !----vlan201 is the 2nd local customer vlan
    > interface Vlan201
    > description custom1-local-2
    > ip vrf forwarding custom1
    > ip address 150.50.6.1 255.255.255.0
    > !
    > !
    > !----vlan300 is the 1st local customer vlan for customer 2
    > interface Vlan300
    > description custom2-local-1
    > ip vrf forwarding custom2
    > ip address 130.30.3.1 255.255.255.0
    > !
    > !
    > !
    > !----you have to route these networks in the global routing table
    > router ospf 10
    > network 10.10.1.0 0.0.0.255 area 0 ! this is vlan10
    > network 10.10.11.0 0.0.0.255 area 0 ! this is vlan100
    > network 10.1.1.1 0.0.0.0 area 0 ! this is lo1
    > !


    you might need
    capability vrflite

    on the 1st OSPF instance - i found routing across an ABR was broken until we
    added this on a 12.2 switch (although a 12.4 routers added the line for me).


    > !----this vrf has its own routing table; vl20,200,201 & lo2
    > router ospf 20 vrf custom1
    > redistribute connected subnet
    > network 10.20.1.0 0.0.0.255 area 0 ! this is vlan20
    > !
    > router ospf 30 vrf custom2
    > redistribute connected subnet
    > network 10.30.1.0 0.0.0.255 area 0 ! this is vlan30
    > !
    > !
    > !---the next few commands are helpful but not required
    > ip tacacs source-interface Loopback1
    > ip telnet source-interface vlan 100


    this is an easy way to "lock" protocols to a vrf as long as you dont have
    interfaces with the same address in a different VRF.

    > logging source-interface Loopback1
    > snmp-server trap-source Loopback1
    >
    >
    >
    > !----reason for NOT connecting vlan 10 & 100 & lo1 to a vrf:
    > ! i actually dont remember anymore for sure but i think it
    > ! was because of the unability of snmp (or was it syslog?)
    > ! to work with a vrf....????
    > ! anyway, with newer releases that might work today....


    you can send traps and syslog into a VRF pretty easily - just add "vrf xxx"
    to the command.

    got this going with 3560 and 12.2(40)SE, and on 12.4(15)T<x?> on a 2811 (for
    some version of x - dont remember which)

    >
    > --
    >
    > regards
    > yellow2 sysadmin
    > ________________________________________
    > mailto:%79%65%6c%6c%6f%77%32%40%67%6d%78%2e%6e%65%74
    >

    --
    Regards

    - replace xyz with ntl
    stephen, Feb 7, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Craig Whitmore

    VRF/MPLS Problem

    Craig Whitmore, Jul 15, 2003, in forum: Cisco
    Replies:
    0
    Views:
    3,005
    Craig Whitmore
    Jul 15, 2003
  2. keithb

    Multi-vrf to Multi-vrf

    keithb, May 10, 2004, in forum: Cisco
    Replies:
    1
    Views:
    2,315
    Christophe Fillot
    May 10, 2004
  3. AM

    VRF and VRf-lite.

    AM, Sep 18, 2006, in forum: Cisco
    Replies:
    3
    Views:
    31,307
    peart
    Feb 15, 2009
  4. boozer_2

    VRF aware IPSEC with vrf-lite

    boozer_2, Aug 20, 2007, in forum: Cisco
    Replies:
    0
    Views:
    3,768
    boozer_2
    Aug 20, 2007
  5. ngurjar
    Replies:
    0
    Views:
    1,818
    ngurjar
    Oct 11, 2008
Loading...

Share This Page