HELP - VRF!

Discussion in 'Cisco' started by AM, Feb 22, 2007.

  1. AM

    AM Guest

    Hello guys,

    I need a complete answer from you.

    Let me explain briefly the scenario:

    let's say I have a device supporting VRF and I have defined 2 VRFs (A & B) with 2 interfaces each, say A1 & A2 and B1 & B2.

    AFAIK those VRFs are independent and each one groups some interfaces of the device.

    Then, if I want to link two of the VRFs I need another router with 2 interfaces (say C1 & C2) that share the same LAN
    segment with one of the VRF. I mean

    C1 belongs to the same LAN segment of B1 and
    C2 belongs to the same LAN segment of A2.
    All the layer 3 parameters set up accordingly
    Am I correct? I hope so.

    My question is:

    can I use a third VRF on the same device in order to do that?
    Maybe is not a common practice but I want to know whether it is possible or not.

    TIA Alex.
     
    AM, Feb 22, 2007
    #1
    1. Advertisements

  2. AM

    egjose Guest

    Hi,
    I think that you have to use "Multiprotocol BGP (MP-BGP)" to share the
    routes between VRFs. You don't need other Router or VRF (is possible,
    but not necesary).

    See:
    http://www.cisco.com/warp/public/105/mpls_vpn_basic.html

    Jose.
     
    egjose, Feb 22, 2007
    #2
    1. Advertisements

  3. AM

    jlaidlaw Guest

    The scenario you are describing is commonly referred to as "VRF lite"
    because you are connecting two vrf's together without bgp. Normally,
    the vrf's routes are tagged internally with the route distinguisher,
    or RD. This value is assigned to the vrf when you create it, like rd
    1:1, or rd 192.168.1.1:4532. The routes will be self contained, but
    you can share routes with MBGP. So you need to tell the vrf what
    routes you want to put into bgp and what routes you want to take out
    of bgp, so you use the route-target import and route-target export
    commands. You can reuse the RD value or use another value, and it is
    these values that allow you to share routes between vrf's with BGP.
    ex.

    ip vrf a
    rd 100:100
    route-target export 100:100
    route-target import 255:275
    !
    ip vrf b
    rd 200:200
    route-target export 255:275
    route-target import 100:100
    !
    int e 0/2
    ip vrf forwarding a
    ip add 1.1.1.1 255.255.255.0
    !
    int e 0/3
    ip vrf forwarding b
    ip add 2.2.2.2 255.255.255.0
    !
    router bgp 65514
    !
    address-family ipv4 vrf a
    network 1.1.1.0 mask 255.255.255.0
    !
    address-family ipv4 vrf b
    network 2.2.2.0 mask 255.255.255.0


    This config will share all the routes from one vrf with the other. If
    you want to only share some of the routes, then remove the route-
    target export statements, and use an "export map". ie.

    ip prefix-list vrfa-nets permit 1.1.1.0/24
    ip prefix-list vrfb-nets permit 2.2.2.0/24

    route-map vrfa-export
    match ip add prefix vrfa-nets
    set extcommunity rt 100:100
    !
    route-map vrfb-export
    match ip add prefix vrfb-nets
    set extcommunity rt 255:275
    !
    ip vrf a
    no route-target export 100:100
    export map vrfa-export
    !
    ip vrf b
    no route-target export 255:275
    export map vrfb-export
    !

    then do a "clear ip bgp *"


    Rack1R3(config-router)#do sh ip bgp vpn all
    BGP table version is 7, local router ID is 172.16.3.3
    Status codes: s suppressed, d damped, h history, * valid, > best, i -
    internal,
    r RIB-failure, S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete

    Network Next Hop Metric LocPrf Weight Path
    Route Distinguisher: 100:100 (default for vrf a)
    *> 1.1.1.0/24 0.0.0.0 0 32768 i
    *> 2.2.2.0/24 0.0.0.0 0 32768 i
    Route Distinguisher: 200:200 (default for vrf b)
    *> 1.1.1.0/24 0.0.0.0 0 32768 i
    *> 2.2.2.0/24 0.0.0.0 0 32768 i


    Rack1R3(config-router)#do sh ip route vrf a

    Routing Table: a
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2
    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
    level-2
    ia - IS-IS inter area, * - candidate default, U - per-user
    static route
    o - ODR, P - periodic downloaded static route

    Gateway of last resort is not set

    1.0.0.0/24 is subnetted, 1 subnets
    C 1.1.1.0 is directly connected, Ethernet0/2
    2.0.0.0/24 is subnetted, 1 subnets
    B 2.2.2.0 is directly connected, 00:00:46, Ethernet0/3
    Rack1R3(config-router)#do sh ip route vrf b

    Routing Table: b
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2
    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
    level-2
    ia - IS-IS inter area, * - candidate default, U - per-user
    static route
    o - ODR, P - periodic downloaded static route

    Gateway of last resort is not set

    1.0.0.0/24 is subnetted, 1 subnets
    B 1.1.1.0 is directly connected, 00:00:49, Ethernet0/2
    2.0.0.0/24 is subnetted, 1 subnets
    C 2.2.2.0 is directly connected, Ethernet0/3
     
    jlaidlaw, Feb 23, 2007
    #3
  4. AM

    AM Guest

    Thank you so much all of you guys!!!


    Alex.
     
    AM, Feb 23, 2007
    #4
  5. AM

    andriyk Guest

    Hello,
    I've got a similar requirement for the network. I need to share
    directly connected routes between two VRFs on one router (6509)
    As far as I understand, sharing routing tables between VRFs requires
    the bgp, doesn't it?
    I've tried the approach described in your discussion.
    I'll explain briefly the relevant configuration (it's ~30K file):

    ---
    ip vrf vrf_ga
    rd 108:1
    route-target export 108:1
    route-target export 111:1
    route-target import 108:1
    route-target import 111:1
    !
    ip vrf vrf_mng
    rd 111:1
    route-target export 111:1
    route-target export 108:1
    route-target import 111:1
    route-target import 108:1
    !

    interface Vlan108
    ip vrf forwarding vrf_ga
    ip address 10.211.16.65 255.255.255.224
    no ip redirects
    no ip proxy-arp
    standby 108 timers 1 3
    standby 108 preempt
    !

    interface Vlan111
    ip vrf forwarding vrf_mng
    ip address 10.211.2.130 255.255.255.128
    no ip redirects
    no ip proxy-arp
    standby 111 ip 10.211.2.129
    standby 111 timers 1 3
    standby 111 preempt delay minimum 30
    !

    router bgp 65514
    !
    address-family ipv4 vrf vrf_ga
    network 10.211.16.64 mask 255.255.255.224
    exit-address-family
    !
    address-family ipv4 vrf vrf_mng
    network 10.211.2.128 mask 255.255.255.128
    exit-address-family
    ---

    The problem I experience is that "show ip bgp vpn4 all" never shows
    that VRF routes are shared. As a result, I can't route between vlans
    108 and 111.
    I've tried many different configurations with "route-target" and bgp,
    but to no avail ("destination unreachable"). Everything's perfect if
    the vlans are in the same vrf.
    Could you give me some hints where to dig further?

    regards,
    - andrey
     
    andriyk, Mar 28, 2007
    #5
  6. Yes, BGP need to be running to leak routes between two different VRFs, and
    it does work on one router without any neighbours configured.

    Do you have at least one interface in the global routing table, otherwise
    the mBGP won't start; I've just tried your config in the lab, and until I
    created a loopback in the global routing table, the BGP routes didn't
    appear. Also, I've added "no synchronisation" and "no auto-summary" under
    the two vrf instances, and the global instance. Instead of the network
    statements (which will work), you could consider "redistributed connected"
    and "redistribute static" (if required).

    My working configuration is included below:


    !
    ip vrf BLUE
    rd 65000:200
    route-target export 65000:200
    route-target export 65000:100
    route-target import 65000:200
    route-target import 65000:100
    !
    ip vrf RED
    rd 65000:100
    route-target export 65000:100
    route-target export 65000:200
    route-target import 65000:100
    route-target import 65000:200
    !
    ip cef
    !
    interface Loopback0
    ip address 10.0.0.1 255.255.255.255
    !
    interface FastEthernet0/0
    no ip address
    no keepalive
    duplex auto
    speed auto
    !
    interface FastEthernet0/0.100
    encapsulation dot1Q 100
    ip vrf forwarding RED
    ip address 10.0.100.1 255.255.255.0
    !
    interface FastEthernet0/0.200
    encapsulation dot1Q 200
    ip vrf forwarding BLUE
    ip address 10.0.200.1 255.255.255.0
    !
    router bgp 65000
    no synchronization
    bgp log-neighbor-changes
    no auto-summary
    !
    address-family ipv4 vrf RED
    no auto-summary
    no synchronization
    network 10.0.100.0 mask 255.255.255.0
    exit-address-family
    !
    address-family ipv4 vrf BLUE
    no auto-summary
    no synchronization
    network 10.0.200.0 mask 255.255.255.0
    exit-address-family


    Router#sh ip bgp vpnv4 vrf RED
    BGP table version is 7, local router ID is 10.0.0.1
    Status codes: s suppressed, d damped, h history, * valid, > best, i -
    internal
    Origin codes: i - IGP, e - EGP, ? - incomplete

    Network Next Hop Metric LocPrf Weight Path
    Route Distinguisher: 65000:100 (default for vrf RED)
    *> 10.0.100.0/24 0.0.0.0 0 32768 i
    *> 10.0.200.0/24 0.0.0.0 0 32768 i


    Router#sh ip route vrf RED
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
    level-2
    ia - IS-IS inter area, * - candidate default, U - per-user static
    route
    o - ODR, P - periodic downloaded static route

    Gateway of last resort is not set

    10.0.0.0/24 is subnetted, 2 subnets
    C 10.0.100.0 is directly connected, FastEthernet0/0.100
    B 10.0.200.0 is directly connected, 00:07:50, FastEthernet0/0.200


    Router#ping vrf RED ip 10.0.200.1

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.0.200.1, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

    Cheers,

    Matt
     
    Matthew Melbourne, Mar 28, 2007
    #6
  7. AM

    andriyk Guest

    Hello Matthew,
    All my interfaces are in VRFs, so the global table is empty. I will
    try your advice with Loopback.
    (I've actually tried before "redistribute" and "no synchronization"
    and "no auto-summary". It did not work). Could be exactly your
    suggestion, that global table effects the BGP routes ramification. As
    soon as I'm at the console, I'll try and share my results!
    Regards,
    - andrey
     
    andriyk, Apr 2, 2007
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.