05-20-2009 06:01 PM - edited 03-06-2019 05:51 AM
All,
I was playing with vrf lite tonight, and I came across an issue that I think would require more equipment, but I'm not sure.
Using gns3, I configured one router as:
PE Router A:
ip address 172.15.5.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 172.15.5.1
Router A:
ip vrf v1
ip vrf v2
int e0/0
ip address 172.15.5.1 255.255.255.0
int e0/1
ip vrf forwarding v1
ip address 10.5.5.1 255.255.255.0
int e0/2
ip vrf forwarding v2
ip address 192.168.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 172.15.5.2
Router B:
int e0/0
ip address 10.5.5.2 255.255.255.0
no ip routing
ip default-gateway 10.5.5.1
Router C:
int e0/0
ip address 192.16.1.2 255.255.255.0
no ip routing
ip default-gateway 192.168.1.1
Okay, so this worked BEFORE I configure VRF. Before, I could ping from each spoke router (router b and c) to the PE router at 172.15.5.2. Once I did the vrf configuration, I could no longer ping it. I added a static route on Router A like:
ip route vrf v1 0.0.0.0 0.0.0.0 172.15.5.2
But I realized that traffic isn't getting out of the vrf table (which I believe is what it's for). So, how can you get vrf lite working without a L3 switch or a router-on-a-stick configuration. Is it even possible?
Thanks,
John
05-20-2009 06:56 PM
John,
This is normal behavior for traffic not to get from VRF to the global routing table (GRT) and vice versa by default.
The additional static route you configured is not completely accurate as next hop 172.15.5.2 doesn't exist in VRF v1. It should rather look like this:
ip route vrf v1 0.0.0.0 0.0.0.0 e0/0
ip route vrf v2 0.0.0.0 0.0.0.0 e0/0
These routes will get traffic flowing from the VRF to the GRT.
You will also need additional routes to get the traffic flowing from the GRT to the VRF as follow:
ip route 10.5.5.0 255.255.255.0 e0/1
ip route 192.168.1.0 255.255.255.0 e0/2
Also there is a typo in the config of router C. 192.16.1.2 should be 192.168.1.2.
Regards
05-21-2009 03:17 AM
Unfortunately, I can't add the route with the interface like:
ip route vrf v1 0.0.0.0 0.0.0.0 e0/0
ip route vrf v2 0.0.0.0 0.0.0.0 e0/0
It says that the next hop ip address needs to be used if it's not a point-to-point link.
% For VPN routes, must specify a next hop IP address if not a point-to-point interface
I'm assuming that the static routes only go on the routers that have vrf configured on them. I see what you mean about the 172.x.x.x address doesn't exist in the routing table, but the 10.50.1.0 subnet does which is what's assigned to that vrf. Do I need to assign the physical egress interface to a vrf also?
Thanks,
John
05-21-2009 03:27 AM
I ran into a document on Cisco's site that said you can use statics, but it's referencing a global tag that the router I'm using doesn't support:
ip route vrf v1 0.0.0.0 0.0.0.0 172.15.5.2 global
Does the above look like what I'm missing?
Thanks,
John
05-21-2009 04:10 AM
John
I am playing around with vrf's as well at the moment.
If you add
ip route vrf v1 0.0.0.0 0.0.0.0 172.15.5.2 global
&
ip route 192.168.1.0 255.255.255.0 e0/2
then you can ping from Router C to both 172.15.5.1 & 172.15.5.2. BUT when doing a traceroute to 172.15.5.1 the packet actually goes out to 172.15.5.2 and then back to 172.15.5.1 which kind of makes sense as that is what the default route is telling it to do.
Hopefully Harold can shed some light on how to do it properly as also get the same error as you when trying to use the interface as the next-hop in a vrf route.
Jon
05-21-2009 04:13 AM
Jon,
Are you using gns to configure it or real equipment? I'm using gns, but with a 3600 series image. The 3600 doesn't support the global tag at the end of the route.
Thanks!
John
05-21-2009 04:18 AM
John
I'm using GNS3 but using 3700 routers and the global tag is supported on that.
Jon
05-21-2009 05:05 AM
John,
What is the IOS release you are using? The global keyword has been available for a long time, at least from 12.1 mainline from what I can see.
Regards
07-28-2009 07:47 AM
here is what i did to generate a route:
ip route vrf TEST 0.0.0.0 0.0.0.0 10.18.182.221
add a network statement under vrf BGP:
router bgp 65000
!
address-family ipv4 vrf TEST
no synchronization
network 0.0.0.0 --> this advertised the default route to other PE's.
07-30-2009 12:05 PM
But then it's not vrf lite any more, but MPLS...
Rgds, Ingolf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide