cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7051
Views
0
Helpful
6
Replies

dial-peer on a VRF

alfredos
Level 1
Level 1

Good day,

I want to isolate a voice network from the data and control planes by using a separate VRF. It all works perfectly except at one point: A router which has a PRI connected needs to send/receive voice traffic to/from a dial-peer which is in the voice VRF.

The dial-peer is on a connected route on an Ethernet sub-interface (dot1q VLAN)

The network between router and the peer is built with L2 switches which are not VRF-aware (Cat29xx).

The problem is that the router doesn't send traffic to the dial-peer if I configure ip vrf forwarding name on the outgoing interface to the dial-peer.

There seems to be no way on IOS to specify that a certain dial-peer is on a given VRF, at least on what we're running (2800s with 12.4(22)T)

I have tried to import the interface route to the VRF, but for some reason it doesn't (though in all fairness, VRF/MPLS is not one of my strong subjects)

This is the dial-peer:

dial-peer voice 1010 voip

description Incoming

preference 1

service session

destination-pattern 5555555

progress_ind setup enable 3

progress_ind progress enable 8

session protocol sipv2

session target ipv4:10.10.10.10

session transport udp

incoming called-number .

dtmf-relay rtp-nte

codec g711ulaw

no vad

This is the interface (w/o ip vrf forwarding so it can do the job for now):

interface FastEthernet0/1.201

description Voice

encapsulation dot1Q 201

ip address 10.10.10.3 255.255.255.0

ip verify unicast source reachable-via rx

no ip redirects

no ip proxy-arp

ip ospf message-digest-key 1 md5 7 5555555555555555555

vrrp 1 ip 10.10.10.1

vrrp 1 authentication md5 key-string 7 5555555555555555555

This is the VRF:

ip vrf Voz

rd 65000:1

(config slightly edited to protect the guilty)

Any hint, idea or pointer appreciated. TIA.

2 Accepted Solutions

Accepted Solutions

Laurent Aubert
Cisco Employee
Cisco Employee

Hi,

I don't think dial-peer vrf aware is supported. Because the session target is directly connected you can't configure any static route in the GRT pointing to the VRF but you can configure the router so the interface will be both in the GRT and in the VRF:

interface FastEthernet0/1.201

ip vrf select source

ip vrf receive Voz

!

HTH

Laurent.

View solution in original post

smmillerd
Level 1
Level 1

Actually H323 and SIP Gateway functionality are now VRF-Aware.  Configure as described in this document:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t15/stork.html#wp1031373

Essentially, you can use the "voice vrf vrf-name" global command.

View solution in original post

6 Replies 6

Laurent Aubert
Cisco Employee
Cisco Employee

Hi,

I don't think dial-peer vrf aware is supported. Because the session target is directly connected you can't configure any static route in the GRT pointing to the VRF but you can configure the router so the interface will be both in the GRT and in the VRF:

interface FastEthernet0/1.201

ip vrf select source

ip vrf receive Voz

!

HTH

Laurent.

Thanks, that helped. The 2811 doesn't have vrf receive (at least on this version of IOS) so I had to do it the other way:

interface FastEthernet0/1.201

ip vrf receive Voz

ip policy route-map RedDeVoz

!

route-map RedDeVoz permit 10

match ip address prefix-list RedVoz

set vrf Voz

I have, however, ran into another problem. The interface route is not distributed via OSPF. It is shown on a show ip route vrf Voz as a connected route as it should. Other connected routes on the same VRF show up happily on the network but not this one. I have of course double-checked the OSPF configuration. Any ideas?

TIA.

Hi,

If none of the network statement cover the subnet of your interface, you need to configure a resdistribute connected subnet.

HTH

Laurent.

Yes it's covered (I checked), still it doesn't show up on OSPF.

With BGP I can do a show ip bgp neighbor advertised-routes but OSPF seems to lack that functionality (which I always missed).

Anyway, OSPF turns up all other routes for the VRF but not this one. Maybe related to the way it is inserted in the Voz VRF?

It wouldn't matter much to me anyway if it wasn't because it's not just OSPF, the servers on that subnet are not reachable from within the VRF even if I add statics in the VRF :-?

I think I'm getting into troubled waters here... Maybe time to start over and look for a simpler solution. Unfortunately, given the requirements and resources I can't see any other way.

Hi,

Unfortunately, it seems working only for BGP from what I tested. If you do a sh ip vrf, you will see the interface doesn't really belong to the vrf. What I suggest is to configure a summary route in the VRF VoZ pointing to null 0 that could be redistributed into OSPF.

HTH

Laurent.

smmillerd
Level 1
Level 1

Actually H323 and SIP Gateway functionality are now VRF-Aware.  Configure as described in this document:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t15/stork.html#wp1031373

Essentially, you can use the "voice vrf vrf-name" global command.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco