cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
961
Views
8
Helpful
10
Replies

VRF over GRE

royalblues
Level 10
Level 10

I have a PE connected to a MVRF-CE on a direct ethernet link. I Need to configure a GRE tunnel between the 2 and run OSPF over that.

the configuration looks like

PE - 7609

ip vrf Quatrro-OSPF-Test

rd 4755:667788

route-target export 4755:667788

route-target import 4755:667788

interface Tunnel2491

ip vrf forwarding Quatrro-OSPF-Test

ip address 192.168.114.1 255.255.255.252

ip ospf network point-to-point

ip ospf dead-interval minimal hello-multiplier 3

ip ospf demand-circuit

tunnel source 192.168.111.1

tunnel destination 192.168.111.2

end

sh run int Vlan2491

Building configuration...

Current configuration : 151 bytes

!

interface Vlan2491

description *** Quatrro OSPF Hellos Test ***

ip vrf forwarding Quatrro-OSPF-Test

ip address 192.168.111.1 255.255.255.252

end

MVRF-CE

ip vrf PRI

rd 4755:667788

route-target export 4755:667788

route-target import 4755:667788

!

no ip domain lookup

!

!

!

!

interface Tunnel2491

ip vrf forwarding PRI

ip address 192.168.114.2 255.255.255.252

ip ospf network point-to-point

ip ospf demand-circuit

keepalive 2 3

tunnel source 192.168.111.2

--More--

tunnel destination 192.168.111.1

tunnel mode ipip

tunnel vrf PRI

interface FastEthernet0/0

ip vrf forwarding PRI

ip address 192.168.111.2 255.255.255.252

duplex auto

speed auto

router ospf 2491 vrf PRI

log-adjacency-changes

network 192.168.114.0 0.0.0.3 area 0

network 192.168.115.0 0.0.0.3 area 0

network 192.168.116.1 0.0.0.0 area 0

!

The tunnel comes up but i am unable to ping the tunnel interface. OSPF adjacency never comes up.

Am i missing something here

Narayan

10 Replies 10

Harold Ritter
Cisco Employee
Cisco Employee

Narayan,

You are missing the "tunnel vrf Quatrro-OSPF-Test" command on the tunnel interface on the PE. The tunnel is therefore using the global table to resolve the tunnel destination.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold was just wondering, if the tunnel uses the global table to resolve the destination, then would it come up in the first place.

Just a thought.

Cheers,

Swaroop

Swaroop,

Yes, as long as there is a route in the global routing table to resolve that prefix. It could even be a default route.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

But the post is referring to a destination within a VRF thats what my assumption is.

I could be wrong...may be i would lab it up when get some time off travelling.

Cheers,

Swaroop

Harold / Swaroop

The problem i have is that the tunnel VRF command is not supported on the PE

Narayan

Narayan,

As far as I know, using the "tunnel vrf" command is the only way to get this to work.

What IOS train do you use?

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Swaroop,

By default IOS tries to resolved the tunnel destination address via the global routing table. If there is any prefix in the global resolving the tunnel destination, the tunnel will come up. the command "tunnel vrf " forces the IOS to lookup the tunnel destination against the specific VRF.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Narayan, you can try couple to steps as below to troubleshoot.

1) I suspect there is 192.168.111.1 and 192.168.111.2 in the global routing table as well, have this checked.

2) To confirm that you have not established the tunnel with your MVRF CE enable tunnel keepalives so it will come down as there is no way it can establish a tunnel with your CE using a source from the VRF without the "tunnel vrf" command.

3) I believe your 7600 must be having the default IOS which it was shipped with 12.2SX, the SX doesnt have this command. You may have to migrate to SRA.

Following the above steps you can verify and solve your problem.

HTH-Cheers,

Swaroop

Swaroop,

Your analysis is right to the point. Just one precision. As I mentioned in a previous post, it doesn't need to be a specific route for the tunnel source and destination. It may well just be a default route. And yes, this command was introduced in 12.2(33)SRA for the 7600.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thanks Harold,

I am travelling offsite now and will check when i am back.

It seems mostly that IOS upgrade should solve the issue

Narayan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: