VRF over GRE

Unanswered Question
May 31st, 2007

I have a PE connected to a MVRF-CE on a direct ethernet link. I Need to configure a GRE tunnel between the 2 and run OSPF over that.

the configuration looks like

PE - 7609

ip vrf Quatrro-OSPF-Test

rd 4755:667788

route-target export 4755:667788

route-target import 4755:667788

interface Tunnel2491

ip vrf forwarding Quatrro-OSPF-Test

ip address 192.168.114.1 255.255.255.252

ip ospf network point-to-point

ip ospf dead-interval minimal hello-multiplier 3

ip ospf demand-circuit

tunnel source 192.168.111.1

tunnel destination 192.168.111.2

end

sh run int Vlan2491

Building configuration...

Current configuration : 151 bytes

!

interface Vlan2491

description *** Quatrro OSPF Hellos Test ***

ip vrf forwarding Quatrro-OSPF-Test

ip address 192.168.111.1 255.255.255.252

end

MVRF-CE

ip vrf PRI

rd 4755:667788

route-target export 4755:667788

route-target import 4755:667788

!

no ip domain lookup

!

!

!

!

interface Tunnel2491

ip vrf forwarding PRI

ip address 192.168.114.2 255.255.255.252

ip ospf network point-to-point

ip ospf demand-circuit

keepalive 2 3

tunnel source 192.168.111.2

--More--

tunnel destination 192.168.111.1

tunnel mode ipip

tunnel vrf PRI

interface FastEthernet0/0

ip vrf forwarding PRI

ip address 192.168.111.2 255.255.255.252

duplex auto

speed auto

router ospf 2491 vrf PRI

log-adjacency-changes

network 192.168.114.0 0.0.0.3 area 0

network 192.168.115.0 0.0.0.3 area 0

network 192.168.116.1 0.0.0.0 area 0

!

The tunnel comes up but i am unable to ping the tunnel interface. OSPF adjacency never comes up.

Am i missing something here

Narayan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Harold Ritter Thu, 05/31/2007 - 07:56

Narayan,

You are missing the "tunnel vrf Quatrro-OSPF-Test" command on the tunnel interface on the PE. The tunnel is therefore using the global table to resolve the tunnel destination.

Hope this helps,

swaroop.potdar Thu, 05/31/2007 - 08:31

Harold was just wondering, if the tunnel uses the global table to resolve the destination, then would it come up in the first place.

Just a thought.

Cheers,

Swaroop

Harold Ritter Thu, 05/31/2007 - 08:34

Swaroop,

Yes, as long as there is a route in the global routing table to resolve that prefix. It could even be a default route.

Regards,

swaroop.potdar Thu, 05/31/2007 - 08:38

But the post is referring to a destination within a VRF thats what my assumption is.

I could be wrong...may be i would lab it up when get some time off travelling.

Cheers,

Swaroop

royalblues Thu, 05/31/2007 - 11:35

Harold / Swaroop

The problem i have is that the tunnel VRF command is not supported on the PE

Narayan

Harold Ritter Thu, 05/31/2007 - 12:27

Narayan,

As far as I know, using the "tunnel vrf" command is the only way to get this to work.

What IOS train do you use?

Regards,

Harold Ritter Thu, 05/31/2007 - 12:19

Swaroop,

By default IOS tries to resolved the tunnel destination address via the global routing table. If there is any prefix in the global resolving the tunnel destination, the tunnel will come up. the command "tunnel vrf " forces the IOS to lookup the tunnel destination against the specific VRF.

Hope this helps,

swaroop.potdar Thu, 05/31/2007 - 20:30

Narayan, you can try couple to steps as below to troubleshoot.

1) I suspect there is 192.168.111.1 and 192.168.111.2 in the global routing table as well, have this checked.

2) To confirm that you have not established the tunnel with your MVRF CE enable tunnel keepalives so it will come down as there is no way it can establish a tunnel with your CE using a source from the VRF without the "tunnel vrf" command.

3) I believe your 7600 must be having the default IOS which it was shipped with 12.2SX, the SX doesnt have this command. You may have to migrate to SRA.

Following the above steps you can verify and solve your problem.

HTH-Cheers,

Swaroop

Harold Ritter Fri, 06/01/2007 - 04:00

Swaroop,

Your analysis is right to the point. Just one precision. As I mentioned in a previous post, it doesn't need to be a specific route for the tunnel source and destination. It may well just be a default route. And yes, this command was introduced in 12.2(33)SRA for the 7600.

Regards,

royalblues Fri, 06/01/2007 - 04:07

Thanks Harold,

I am travelling offsite now and will check when i am back.

It seems mostly that IOS upgrade should solve the issue

Narayan

Actions

This Discussion