David thanks a lot,  my english y so bad,  Today at monrning  I did the configuration  and I hope that work fine. ( at nigh  we  have the installation). The ASR will be interconect Juniper router, then  IT's  will be connected to  1x stm1 and 3 x smt1 and the juniper will  be have  other sonet conection to other ISPs.

I just needed  the  ABF config Thanks.  

Thanks  again !!

Hi Luis,

Here is an example ABF configuration:

ipv4 access-list ABF

10 permit ipv4 any any nexthop1 ipv4 141.1.1.2

!

And then application of this ABF to an interface:

RP/0/RSP0/CPU0:A9K-BNG(config)#int g0/0/0/0

RP/0/RSP0/CPU0:A9K-BNG(config-if)#ipv4 access-group ABF in

In this example every incoming packet is set forcefully to next hop 141.1.1.2

You can have multiple next hops also and you could use some EEM tricks to do next hop tracking.

One additional note, at this point in time, ABF is not vrf aware, what that means is the next hop in this configuration is always sought in the default routing table.

Soon we will have vrf aware abf that allows you to set the next hop in a particular vrf regardless of the vrf that the interface is in where this ABF ACL is applied to.

You can apply ABF to an interface today that is in a vrf, but the next hop is still found in the global Routing Table.

xander

Thanks the last  saturday the  ASR was configured and migrated and the ABF   is working  very good.

Thansk alot.

Luis

Hello collegaues,

Does ABF supports on BVI interfase in dedicated vrf?

Thanks in advance

Rjystantin

Hi Konstantin,

Currently BVI doesn't do ACL and therefore also no ABF.

in XR 4.2.0 we will get ACL for BVI interfaces, but only ipv4

The extension to ABF is being scoped for XR 421. (can't make promises here)...

Also in XR 420, ABF will be vrf aware. that means that the next hop can be configured to be in any vrf.

Applying the ABF to an interface in a vrf we can already do today.

xander

Ok. Thank you very much ))).

And last question.

Do you know date of announce release 4.2.0 and 4.2.1

WBR,

Konstantin

XR 420 is december of this year (2011)

and XR 421 is 1H2012

xander

Great.

Thanks.

Hi Xander,

Is it possible to use the PBR feature above to route traffic through an MPLS TE tunnel? I see you can only specify a next hop and not an outbound interface so I presume we couldn't achieve this on IOS XR and we have to use either autoroute announce/destination or static routes.

If it works, does the feature support policy routing of VRF traffic over an MPLS TE tunnel?
 

Thanks,
Pavel

Hello,

We've got 4.2.0 release notes and:

http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/addr_serv/configuration/guide/b_ipaddr_cg42a9k.html

"The nexthop functionality is not supported in VRF. Nexthop is looked at in the global table only."

Do anyone know when nexthop functionality will be support?

This is not really RPL, but the vrf aware ABF is available in CCO 420.

This note you reference is from old ABF documentation pre 420 which could not find the next hop in a vrf.

You could submit feedback ont eh document to have it lifted and mention that vrf aware abf is supported in 420 for A9K xander

Ok, thanks. We have created two BVI 1 and 2. There are two host 2.2.2.1 and 3.3.3.1 which connect to these BVI. But there is no traffic on sniffer.

What could be cause of the issue?

Thanks.

vrf Gb

address-family ipv4 unicast

  import route-target

   65100:4

  !

  export route-target

   65100:4

!

ipv4 access-list VRF_Gb

10 permit ipv4 2.2.2.0 0.0.0.255 any nexthop1 vrf Gb ipv4 3.3.3.1

interface BVI1

description Test_ABF_source

vrf Gb

ipv4 address 2.2.2.2 255.255.255.252

!

interface BVI2

description Test_ABF_destin

vrf Gb

ipv4 address 3.3.3.2 255.255.255.252

!

  bridge-domain VRF_Gb_Test

   interface GigabitEthernet0/0/0/9

   !

   routed interface BVI1

  !

  bridge-domain VRF_Gb_Test_2

   interface GigabitEthernet0/0/0/10

   !

   routed interface BVI2

vrf Gb

address-family ipv4 unicast

  import route-target

   65100:4

  !

  export route-target

   65100:4

!

ipv4 access-list VRF_Gb

10 permit ipv4 2.2.2.0 0.0.0.255 any nexthop1 vrf Gb ipv4 3.3.3.1

interface BVI1

description Test_ABF_source

vrf Gb

ipv4 address 2.2.2.2 255.255.255.252

!

interface BVI2

description Test_ABF_destin

vrf Gb

ipv4 address 3.3.3.2 255.255.255.252

!

  bridge-domain VRF_Gb_Test

   interface GigabitEthernet0/0/0/9

   !

   routed interface BVI1

  !

  bridge-domain VRF_Gb_Test_2

   interface GigabitEthernet0/0/0/10

   !

   routed interface BVI2

I assume you have the ABF ACL applied to an ingress interface right that is likely MPLS tagged?

There could be 2 problems with your setup:

1) when traffic comes in mpls tagged, L3 ACL's can't be applied. this is a generic and as per design that L3 ACL's don't apply to tagged traffic

2) when you have tagged traffic /mpls-vpn you need to use per vrf labels with BVI. the reason is that you get an agg label then. otherwise with per prefix labels, traffic can't be forwarded as the per prefix label usually gives you a directly fib lookup, which can;t be done with BVI's (we need that extra pass an agg label gives us). this is an a9k specific implementation of VRF+BVI.

xander