HI NetPros .. would you mind making sense of these config I have found in one of my customers .. I know it is related to virtual routing and forwarding but am confused as to what exactly is doing .. perhaps it is a missconfiguration which I would like to remove !!!
ip vrf orange
ip vrf forwarding orange
ip address 172.19.0.251 255.255.0.0
ip route vrf orange 0.0.0.0 0.0.0.0 172.19.0.250
ip route vrf orange 10.0.0.0 255.0.0.0 172.19.0.1
ip route vrf orange 10.1.5.3 255.255.255.255 172.19.0.250
ip route vrf orange 172.16.0.0 255.255.0.0 172.19.0.1
ip route vrf orange 172.18.200.0 255.255.255.0 172.19.0.1
ip route vrf orange 172.20.0.0 255.255.0.0 172.19.0.1
Yeah.. VRF configurations.. this basically builds up a seperate routing table for a customer or vendor called orange.. it has a route-distinguisher of 100:100, which will be unique to this customer... Are you still using VRF's on this router/switch ?? Just check also if tag switching is enabled on the interfaces... all the routing configurations on VRF, has the ip route vrf context with the reqruied route.. so, if any packet comes with a vrf tag or orange, it will basically look into the vrf routing table and not the ip routing table..
SO, If you dont require, REMOVE IT, and have some good sleep :)
Cheers, this is a core 6513 switch and it is the only device configured with vrf so I think someone was trying to configure something in the past.
Just to confirm what you said and what I have been thinking.
1.- Assuming that a device in the range 172.19.0.0/16 has its default gateway as 172.19.0.251 ( the vrf interface ) then when a packet is sent by this device towards a different segment, the packet will :
a.- hit the default gateway ( vrf interface )
b.- the ip routing lookup will be performed on the routes that belong to the vrf instance instead of the normal routing table.
c.- the packets will go out accordingly to point 2.
Yeah.. you are right.. Just to add.. When a packet enters or exits an interface, and if the interface is tagged to any VRF, using the "ip vrf forwarding" command, (eg orange in ur case), it looks for a route in that particular VRF routing table.. This applies only to the router, which tags the VRF information (PE - Provider Edge), and not to the router which sends this information (CE - customer edge).. The CE router will still have only a IP routing table...
Just to brief:
1) IP Packets are sent from an interface, which is tagged with VRF forwarding...
2) packets enter the router, and are attached with a particular rd (route distinguisher), which is attached to the VRF name.. This makes it to have a distinct routing table info...
3) Depending on the VRF name, the VRF routing table entries are checked and packets are forwarded to the next hop PE router..
4) Packet goes to the destination PHP (Penultimate Hop Router) router, where a VRF lookup is done, and packets are forwarded to the appropriate interface, where the ip vrf forwarding is configured....
Hi .. a bit .. but I think I have got the principle very clear now .. basically vrf instances are used for creating multiple routing tables which can be used as alternate paths to a destination .. Cheers for your explanation Raj .. it definetly made things clear .. Cheers,
With regard to previous posts about tag-switching, PEs, PHPs, etc., are only true if MPLS is involved. Doesn't look like this is the case.
Based on the config posted which has no route-targets nor import/export policies configured, this looks more like vrf-lite. It appears that this switch is used as the default-gateway for hosts on the vlan. It appears to co-exist with 2 other routers - 172.19.0.250 and 172.19.0.1. And it will use icmp-redirects to move host traffic to the other destinations listed by the route statements via either of those two routers.
Why would this be done? If one of your customers has address space that overlaps with another, it is desireable to allocate that customer its own routing table. That's all vrf-lite and/or this config are doing.
If it were me, I would verify the existence of the other two routers as well as hosts on that vlan before changing config.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...