Does ip vrf require MPLS

Discussion in 'Cisco' started by RobertABowie, Feb 6, 2008.

  1. RobertABowie

    RobertABowie Guest

    I am trying to provide new customer transports through my company ip
    network running ospf. Can i utlize ip vrf to separate their routing
    instances or do I need mpls.
     
    RobertABowie, Feb 6, 2008
    #1
    1. Advertisements

  2. RobertABowie

    Thrill5 Guest

    You don't but you need to make sure that your image supports OSPF routing in
    VRFs. (There are images that support only BGP and static, BGP, OSPF and
    static, and BGP, OSPF, EIGRP and static) I have setup vrf's for a similar
    purpose, routing on a DMZ switch so groups of VLANs could have their own
    routing instance. I could find no examples of VRFs without MPLS, but its
    actually very simple. I think the reason that Cisco doesn't have any
    documentation for this because it is so simple. It is, but I still spent
    about 4 hours researching it, and then configured it in our test lab because
    I couldn't believe that this was all there was too it.

    ip vrf <vrfname>
    rd <ip address>:1 ! <ip address> can be anything, it is really only used
    with MPLS, but should be an IP in the VRF, and there is a ":1" (colon one)
    after it. The number can be anything, but I just used one.

    interface <intname>
    ip vrf forwarding <vrfname> ! Do this on each routed interface in the VRF

    You will need to create a separate OSPF routing process for the VRF. I
    don't know the commands for assigning the process to the VRF instance, but
    you can look that up in the documentation.
     
    Thrill5, Feb 6, 2008
    #2
    1. Advertisements

  3. RobertABowie

    stephan Guest

    Hi Robert

    A few years ago i did it as follows:

    !the config is used on a c3550 with enhanced image and looks like this:
    !
    ! ----vl100---- ----vlan200----- ----vlan300----
    ! | | |
    ! | ---vlan201--- | |
    ! | | | |
    ! global | | |
    ! routing table vrf for vrf for
    ! | customer 1 customer 2
    ! | | |
    ! | | |
    ! vlan10 vlan20 vlan30
    ! | | |
    ! v v v
    ! to core to core to core
    !
    !
    !
    !----lets start!
    ip subnet-zero
    ip routing
    !
    !-----lets create the vrf-environment first----------
    ip vrf custom1
    rd 20:20
    route-target export 20:20
    route-target import 20:20
    !
    ip vrf custom2
    rd 30:30
    route-target export 30:30
    route-target import 30:30
    !
    !
    !----then set up a few vlans for transport towards the core and
    !----local purpose
    !----start first with the vlans for managing your devices
    !----vlan 10 is used towards the core, this net transports netmgt
    !----traffic as ssh/telnet, snmp, syslog
    vlan 10
    name netmgmt
    !
    !vlan 100 is the local vlan for netmgmt traffic
    vlan 100
    name netmgmt-local
    !
    !
    !----then start with your customervlans
    !----vlan 20 connects to the core and transports all traffic for
    !----customer 1
    vlan 20
    name custom1
    !
    !vlan 200 is the 1st local vlan for for customer 1
    vlan 200
    name custom1-local-1
    !
    !vlan 201 is the 2nd local vlan for for customer 1
    vlan 201
    name custom1-local-2
    !
    !
    !----then add some vlans for a 2nd customer
    !----vlan 30 ist the towards the core an holds all traffic for
    !----customer 2
    vlan 30
    name custom2
    !
    !---- next create the vlans for your customers
    !----vlan 300 is the 1st local vlan for for customer 2
    vlan 300
    name custom2-local-1
    !
    !
    !----now add some loopback i/f. they will be used for routing purposes
    !----and others
    !----lo1 is used to terminate ssh/telnet or as source for snmp, syslog
    interface Loopback1
    ip address 10.1.1.1 255.255.255.255
    !
    ! lo2 is used to address the vrf for customer 1
    interface Loopback2
    ip vrf forwarding custom1
    ip address 10.2.1.1 255.255.255.255
    !
    ! lo3 is used to address the vrf for customer 2
    interface Loopback3
    ip vrf forwarding custom2
    ip address 10.3.3.1 255.255.255.255
    !
    !
    !----now set up the layer-3
    !----vlan1 not used
    interface Vlan1
    no ip address
    shutdown
    !
    interface Vlan10
    description netmgmt-to-core
    ip address 10.10.1.1 255.255.255.0
    !
    interface Vlan20
    description custom1-to-core
    ip vrf forwarding custom1
    ip address 10.20.1.1 255.255.255.0
    !
    interface Vlan30
    description custom2-to-core
    ip vrf forwarding custom2
    ip address 10.30.1.1 255.255.255.0
    !
    !
    !----then add the local vlans
    !----vlan100 is used only if you need to have the netmgt-vlan on
    !----other switches
    !----you'll notice that vlan 10 & 100 is NOT connected to a vrf.
    !----see at the end for a reason
    interface Vlan100
    description netmgt-to-local
    ip address 10.10.11.1 255.255.255.0
    !
    !
    !----vlan200 is the 1st local customer vlan
    interface Vlan200
    description custom1-local-1
    ip vrf forwarding custom1
    ip address 150.50.5.1 255.255.255.0
    !
    !
    !----vlan201 is the 2nd local customer vlan
    interface Vlan201
    description custom1-local-2
    ip vrf forwarding custom1
    ip address 150.50.6.1 255.255.255.0
    !
    !
    !----vlan300 is the 1st local customer vlan for customer 2
    interface Vlan300
    description custom2-local-1
    ip vrf forwarding custom2
    ip address 130.30.3.1 255.255.255.0
    !
    !
    !
    !----you have to route these networks in the global routing table
    router ospf 10
    network 10.10.1.0 0.0.0.255 area 0 ! this is vlan10
    network 10.10.11.0 0.0.0.255 area 0 ! this is vlan100
    network 10.1.1.1 0.0.0.0 area 0 ! this is lo1
    !
    !----this vrf has its own routing table; vl20,200,201 & lo2
    router ospf 20 vrf custom1
    redistribute connected subnet
    network 10.20.1.0 0.0.0.255 area 0 ! this is vlan20
    !
    router ospf 30 vrf custom2
    redistribute connected subnet
    network 10.30.1.0 0.0.0.255 area 0 ! this is vlan30
    !
    !
    !---the next few commands are helpful but not required
    ip tacacs source-interface Loopback1
    ip telnet source-interface vlan 100
    logging source-interface Loopback1
    snmp-server trap-source Loopback1



    !----reason for NOT connecting vlan 10 & 100 & lo1 to a vrf:
    ! i actually dont remember anymore for sure but i think it
    ! was because of the unability of snmp (or was it syslog?)
    ! to work with a vrf....????
    ! anyway, with newer releases that might work today....

    --

    regards
    yellow2 sysadmin
    ________________________________________
    mailto:%79%65%6c%6c%6f%77%32%40%67%6d%78%2e%6e%65%74
     
    stephan, Feb 6, 2008
    #3
  4. RobertABowie

    stephen Guest

    you might need
    capability vrflite

    on the 1st OSPF instance - i found routing across an ABR was broken until we
    added this on a 12.2 switch (although a 12.4 routers added the line for me).

    this is an easy way to "lock" protocols to a vrf as long as you dont have
    interfaces with the same address in a different VRF.
    you can send traps and syslog into a VRF pretty easily - just add "vrf xxx"
    to the command.
     
    stephen, Feb 7, 2008
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.