Serial interfaces, ip vrf forwarding, and PBR with set vrf

Answered Question
Aug 27th, 2009
User Badges:

I am doing some work with VRF-lite but I am having some trouble with serial interfaces. I have a PE router with a serial interface where I want to take incoming traffic and using policy-based routing send the traffic to the appropriate VRF. I want to assign the serial interface itself to be in one of those VRFs, not the global routing table. Eventually, I also want to overlap the VPNs/VRFs to send traffic going out the serial interface through the VRF assigned to the serial interface. Initially, it looks something like this:


ip vrf VRF1

rd 65000:3

route-target export 65000:3

!

ip vrf VRF2

rd 65000:18

route-target import 65000:3


ip route vrf VRF1 10.90.51.0 255.255.255.0 192.168.11.18


interface Serial0/0/0

ip vrf forwarding VRF1

ip address 192.168.11.17 255.255.255.252


router bgp 65000

no synchronization

bgp log-neighbor-changes

no auto-summary

!

address-family ipv4 vrf VRF1

redistribute static

no auto-summary

no synchronization

exit-address-family


ip access-list extended remote-source

permit ip 10.90.0.0 0.0.255.255 any


route-map SERIAL-INCOMING permit 100

match ip address remote-source

set vrf VRF2



But if I try to turn on the policy based routing at the serial interface, I get an error:


Router(conf)#interface Serial0/0/0

Router(config-if)#ip policy route-map SERIAL-INCOMING

% Can not apply route-map SERIAL-INCOMING to this interface

% Either remove 'set vrf' from route-map or unconfigure 'ip vrf forward'


I can sort of get around the problem by using an "ip vrf receive" instead of "ip vrf forward", but unfortunately, that leaves my Serial interface in the global table which isn't what I wanted.


What troubles me is that I can do this without any problems on an Ethernet interface. Are there any known issues with "ip vrf forward" and using PBR and "set vrf" on Serial interfaces, or have I configured something wrong?


If I stick with the "ip vrf receive", how can I force the physical Serial interface into the appropriate VRF?


Thanks.


Clarke Morledge

College of William and Mary

Correct Answer by Laurent Aubert about 7 years 7 months ago

Hi Clarke,


There is no restriction on serial interface.


Looks like a bug for me. TAC will help you to identify it.


HTH


Laurent.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Laurent Aubert Thu, 08/27/2009 - 12:03
User Badges:
  • Cisco Employee,

Hi Clarke,


There is no restriction on serial interface.


Looks like a bug for me. TAC will help you to identify it.


HTH


Laurent.

cmorledge Fri, 08/28/2009 - 10:59
User Badges:

Upon further investigation....


The serial interface issue was a red herring. It just so happens that every other time I've done this it has been on a flavor of 12.2x on a 6500/7600 where this feature is supported. The only systems I have with Serial interfaces are 1841s.


The problem with the 1841 is that most of the code revisions out there do not support this feature. It was only added to the regular code train with the recent release of 12.2(24)T. I tested with 12.2(24)T1 and you are now able to use "ip vrf forwarding" on all interfaces along with a PBR route-map that uses the "set vrf" option.


Thanks, Laurent, for pointing me towards the TAC on this.


Clarke Morledge

College of William and Mary

Actions

This Discussion