VRF over GRE

Unanswered Question
May 31st, 2007
User Badges:
  • Green, 3000 points or more

I have a PE connected to a MVRF-CE on a direct ethernet link. I Need to configure a GRE tunnel between the 2 and run OSPF over that.


the configuration looks like

PE - 7609


ip vrf Quatrro-OSPF-Test

rd 4755:667788

route-target export 4755:667788

route-target import 4755:667788


interface Tunnel2491

ip vrf forwarding Quatrro-OSPF-Test

ip address 192.168.114.1 255.255.255.252

ip ospf network point-to-point

ip ospf dead-interval minimal hello-multiplier 3

ip ospf demand-circuit

tunnel source 192.168.111.1

tunnel destination 192.168.111.2

end


sh run int Vlan2491

Building configuration...


Current configuration : 151 bytes

!

interface Vlan2491

description *** Quatrro OSPF Hellos Test ***

ip vrf forwarding Quatrro-OSPF-Test

ip address 192.168.111.1 255.255.255.252

end


MVRF-CE


ip vrf PRI

rd 4755:667788

route-target export 4755:667788

route-target import 4755:667788

!

no ip domain lookup

!

!

!

!

interface Tunnel2491

ip vrf forwarding PRI

ip address 192.168.114.2 255.255.255.252

ip ospf network point-to-point

ip ospf demand-circuit

keepalive 2 3

tunnel source 192.168.111.2

--More--

tunnel destination 192.168.111.1

tunnel mode ipip

tunnel vrf PRI


interface FastEthernet0/0

ip vrf forwarding PRI

ip address 192.168.111.2 255.255.255.252

duplex auto

speed auto


router ospf 2491 vrf PRI

log-adjacency-changes

network 192.168.114.0 0.0.0.3 area 0

network 192.168.115.0 0.0.0.3 area 0

network 192.168.116.1 0.0.0.0 area 0

!


The tunnel comes up but i am unable to ping the tunnel interface. OSPF adjacency never comes up.


Am i missing something here


Narayan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Harold Ritter Thu, 05/31/2007 - 07:56
User Badges:
  • Cisco Employee,

Narayan,


You are missing the "tunnel vrf Quatrro-OSPF-Test" command on the tunnel interface on the PE. The tunnel is therefore using the global table to resolve the tunnel destination.


Hope this helps,

swaroop.potdar Thu, 05/31/2007 - 08:31
User Badges:
  • Blue, 1500 points or more

Harold was just wondering, if the tunnel uses the global table to resolve the destination, then would it come up in the first place.


Just a thought.


Cheers,

Swaroop

Harold Ritter Thu, 05/31/2007 - 08:34
User Badges:
  • Cisco Employee,

Swaroop,


Yes, as long as there is a route in the global routing table to resolve that prefix. It could even be a default route.


Regards,

swaroop.potdar Thu, 05/31/2007 - 08:38
User Badges:
  • Blue, 1500 points or more

But the post is referring to a destination within a VRF thats what my assumption is.


I could be wrong...may be i would lab it up when get some time off travelling.


Cheers,

Swaroop

royalblues Thu, 05/31/2007 - 11:35
User Badges:
  • Green, 3000 points or more

Harold / Swaroop


The problem i have is that the tunnel VRF command is not supported on the PE


Narayan

Harold Ritter Thu, 05/31/2007 - 12:27
User Badges:
  • Cisco Employee,

Narayan,


As far as I know, using the "tunnel vrf" command is the only way to get this to work.


What IOS train do you use?


Regards,

Harold Ritter Thu, 05/31/2007 - 12:19
User Badges:
  • Cisco Employee,

Swaroop,


By default IOS tries to resolved the tunnel destination address via the global routing table. If there is any prefix in the global resolving the tunnel destination, the tunnel will come up. the command "tunnel vrf " forces the IOS to lookup the tunnel destination against the specific VRF.


Hope this helps,

swaroop.potdar Thu, 05/31/2007 - 20:30
User Badges:
  • Blue, 1500 points or more

Narayan, you can try couple to steps as below to troubleshoot.


1) I suspect there is 192.168.111.1 and 192.168.111.2 in the global routing table as well, have this checked.


2) To confirm that you have not established the tunnel with your MVRF CE enable tunnel keepalives so it will come down as there is no way it can establish a tunnel with your CE using a source from the VRF without the "tunnel vrf" command.


3) I believe your 7600 must be having the default IOS which it was shipped with 12.2SX, the SX doesnt have this command. You may have to migrate to SRA.


Following the above steps you can verify and solve your problem.


HTH-Cheers,

Swaroop

Harold Ritter Fri, 06/01/2007 - 04:00
User Badges:
  • Cisco Employee,

Swaroop,


Your analysis is right to the point. Just one precision. As I mentioned in a previous post, it doesn't need to be a specific route for the tunnel source and destination. It may well just be a default route. And yes, this command was introduced in 12.2(33)SRA for the 7600.


Regards,

royalblues Fri, 06/01/2007 - 04:07
User Badges:
  • Green, 3000 points or more

Thanks Harold,


I am travelling offsite now and will check when i am back.


It seems mostly that IOS upgrade should solve the issue


Narayan

Actions

This Discussion