01-04-2014 01:19 AM - edited 03-04-2019 09:59 PM
Hi Folks,
I am new to VRF Lite but have recently implemented multiple VRFs on a single CPE (Customer Premises Equipment) router.
I have also implemented a two-CPE redundancy using Cisco HSRP protocol but with a single VRF.
Now, I would like to expand my design by using HSRP with multiple VRFs. The problem here isn't the VRF implementation, but how to implement HSRP with multiple VRFs. The scope of this query is on the Customer Premises Equipment (CPE).
Thanks.
Gbehode
Solved! Go to Solution.
01-04-2014 04:28 AM
Just playing devil advocate, but if the scenario is to use the same LAN subnet for for multiple VRFs, will it be technically possible to use the same HSRP VIP for the various HSRP groups under different VRFs?
As a given IP subnet can (locally) only belong to exactly one VRF (or the global context), those subnets have to be distinguished somehow on common links, e.g. by VLAN-tags on trunk links. The (non-default VLAN) HSRP messages then are tagged too, so their membership is clear, even if you use the same IP addresses multiple times (in different VRFs).
HTH
Rolf
01-04-2014 02:26 AM
Hi,
I'm not sure if I understand the question correctly.
When using differnt VRFs, the only difference in the configuration is that the layer-3 interfaces have to be assigned to the corresponing VRF. The scope of the HSRP hellos is the local subnet, so the hellos will be assigned to the VRF of the receiving (sub-)interface/SVI. For the sake of consitency you could use different HSRP groups (affect the virtual MAC address).
An example:
CE1:
interface FastEthernet0/0
! global routing context
ip address 192.168.1.2 255.255.255.0
standby 1 ip 192.168.1.1
standby 1 preempt
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip vrf forwarding VRF-2
ip address 192.168.2.2 255.255.255.0
standby 2 ip 192.168.2.1
standby 2 preempt
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip vrf forwarding VRF-3
ip address 192.168.3.2 255.255.255.0
standby 3 ip 192.168.3.1
standby 3 preempt
CE2:
interface FastEthernet0/0
ip address 192.168.1.3 255.255.255.0
standby 1 ip 192.168.1.1
standby 1 priority 90
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip vrf forwarding VRF-2
ip address 192.168.2.3 255.255.255.0
standby 2 ip 192.168.2.1
standby 2 priority 90
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip vrf forwarding VRF-3
ip address 192.168.3.3 255.255.255.0
standby 3 ip 192.168.3.1
standby 3 priority 90
CE1#show standby brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Fa0/0 1 100 P Active local 192.168.1.3 192.168.1.1
Fa0/0.2 2 100 P Active local 192.168.2.3 192.168.2.1
Fa0/0.3 3 100 P Active local 192.168.3.3 192.168.3.1
CE1#show ip vrf interfaces
Interface IP-Address VRF Protocol
Fa0/0.2 192.168.2.2 VRF-2 up
Fa0/0.3 192.168.3.2 VRF-3 up
HTH
Rolf
01-04-2014 03:57 AM
Hi Rolf,
This does help. Thanks for the sample config that I am going to try on GNS3.
I guess the concept is not to use the same HSRP group. I also see that you have used different LAN subnet which is what needs to be done traditionally. As you know, in a VRF environment, it is possible to re-use the same subnet/IP so long as they belong to different VRFs.
Just playing devil advocate, but if the scenario is to use the same LAN subnet for for multiple VRFs, will it be technically possible to use the same HSRP VIP for the various HSRP groups under different VRFs? I don't know why anyone would want to do something like this but I am trying to think ahead in case my customer has only one LAN subnet that they are intending to use for all VRFs. The ideal situation would be to break the LAN subnet down into various chunks, but you never know.
thanks.
Gbehode
01-04-2014 04:28 AM
Just playing devil advocate, but if the scenario is to use the same LAN subnet for for multiple VRFs, will it be technically possible to use the same HSRP VIP for the various HSRP groups under different VRFs?
As a given IP subnet can (locally) only belong to exactly one VRF (or the global context), those subnets have to be distinguished somehow on common links, e.g. by VLAN-tags on trunk links. The (non-default VLAN) HSRP messages then are tagged too, so their membership is clear, even if you use the same IP addresses multiple times (in different VRFs).
HTH
Rolf
01-07-2014 03:03 AM
Hi Rolf,
I have built a GNS3 model based on different LAN subnet per VRF and having an HSRP group per VRF. This appears to be working correctly, at least from HSRP point of view.
I am going to modify the GNS3 model to use same LAN subnet to see if and how it works. I don't see a problem since each LAN sub-interface will have a different VLAN tag and will be encapsulated / shielded in a separate VRF. I will post further updates on this.
The other challenge is to get this to work with dynamic routing protocols like OSPF or BGP but that is totally different subjet.
Thanks.
Gbehode
01-21-2014 01:58 AM
Hi Rolf,
Just to sum up this query ...
The Multiple HSRP (M-HSRP) can be used in a multi-VRF environment to achieve redundancy on the CPE side. I have tested this with different LAN subnets and the same LAN subnets with the help of VRF. This works fine.
thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: