Re: VRF Lite and static routes

John Blakley · ‎05-20-2009

All,

I was playing with vrf lite tonight, and I came across an issue that I think would require more equipment, but I'm not sure.

Using gns3, I configured one router as:

PE Router A:

ip address 172.15.5.2 255.255.255.0

ip route 0.0.0.0 0.0.0.0 172.15.5.1

Router A:

ip vrf v1

ip vrf v2

int e0/0

ip address 172.15.5.1 255.255.255.0

int e0/1

ip vrf forwarding v1

ip address 10.5.5.1 255.255.255.0

int e0/2

ip vrf forwarding v2

ip address 192.168.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 172.15.5.2

Router B:

int e0/0

ip address 10.5.5.2 255.255.255.0

no ip routing

ip default-gateway 10.5.5.1

Router C:

int e0/0

ip address 192.16.1.2 255.255.255.0

no ip routing

ip default-gateway 192.168.1.1

Okay, so this worked BEFORE I configure VRF. Before, I could ping from each spoke router (router b and c) to the PE router at 172.15.5.2. Once I did the vrf configuration, I could no longer ping it. I added a static route on Router A like:

ip route vrf v1 0.0.0.0 0.0.0.0 172.15.5.2

But I realized that traffic isn't getting out of the vrf table (which I believe is what it's for). So, how can you get vrf lite working without a L3 switch or a router-on-a-stick configuration. Is it even possible?

Thanks,

John

HTH, John *** Please rate all useful posts ***

Harold Ritter · ‎05-20-2009

John,

This is normal behavior for traffic not to get from VRF to the global routing table (GRT) and vice versa by default.

The additional static route you configured is not completely accurate as next hop 172.15.5.2 doesn't exist in VRF v1. It should rather look like this:

ip route vrf v1 0.0.0.0 0.0.0.0 e0/0

ip route vrf v2 0.0.0.0 0.0.0.0 e0/0

These routes will get traffic flowing from the VRF to the GRT.

You will also need additional routes to get the traffic flowing from the GRT to the VRF as follow:

ip route 10.5.5.0 255.255.255.0 e0/1

ip route 192.168.1.0 255.255.255.0 e0/2

Also there is a typo in the config of router C. 192.16.1.2 should be 192.168.1.2.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

John Blakley · ‎05-21-2009

Unfortunately, I can't add the route with the interface like:

ip route vrf v1 0.0.0.0 0.0.0.0 e0/0

ip route vrf v2 0.0.0.0 0.0.0.0 e0/0

It says that the next hop ip address needs to be used if it's not a point-to-point link.

% For VPN routes, must specify a next hop IP address if not a point-to-point interface

I'm assuming that the static routes only go on the routers that have vrf configured on them. I see what you mean about the 172.x.x.x address doesn't exist in the routing table, but the 10.50.1.0 subnet does which is what's assigned to that vrf. Do I need to assign the physical egress interface to a vrf also?

Thanks,

John

HTH, John *** Please rate all useful posts ***

John Blakley · ‎05-21-2009

I ran into a document on Cisco's site that said you can use statics, but it's referencing a global tag that the router I'm using doesn't support:

ip route vrf v1 0.0.0.0 0.0.0.0 172.15.5.2 global

Does the above look like what I'm missing?

Thanks,

John

HTH, John *** Please rate all useful posts ***

Jon Marshall · ‎05-21-2009

John

I am playing around with vrf's as well at the moment.

If you add

ip route vrf v1 0.0.0.0 0.0.0.0 172.15.5.2 global

&

ip route 192.168.1.0 255.255.255.0 e0/2

then you can ping from Router C to both 172.15.5.1 & 172.15.5.2. BUT when doing a traceroute to 172.15.5.1 the packet actually goes out to 172.15.5.2 and then back to 172.15.5.1 which kind of makes sense as that is what the default route is telling it to do.

Hopefully Harold can shed some light on how to do it properly as also get the same error as you when trying to use the interface as the next-hop in a vrf route.

Jon

John Blakley · ‎05-21-2009

Jon,

Are you using gns to configure it or real equipment? I'm using gns, but with a 3600 series image. The 3600 doesn't support the global tag at the end of the route.

Thanks!

John

HTH, John *** Please rate all useful posts ***

Jon Marshall · ‎05-21-2009

John

I'm using GNS3 but using 3700 routers and the global tag is supported on that.

Jon

Harold Ritter · ‎05-21-2009

John,

What is the IOS release you are using? The global keyword has been available for a long time, at least from 12.1 mainline from what I can see.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Atif Siddiqui · ‎07-28-2009

here is what i did to generate a route:

ip route vrf TEST 0.0.0.0 0.0.0.0 10.18.182.221

add a network statement under vrf BGP:

router bgp 65000

!

address-family ipv4 vrf TEST

no synchronization

network 0.0.0.0 --> this advertised the default route to other PE's.

iyde · ‎07-30-2009

But then it's not vrf lite any more, but MPLS...

Rgds, Ingolf