Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

mpls vrf monitor

Hi all,

I need to monitor every CE which belongs to different VRF, their IP address may be overlapping. Is there any good idea to do that.

Thanks.

2 REPLIES
Cisco Employee

Re: mpls vrf monitor

Hi,

Your task has two parts as it seems to me:

1) get IP connectivity into all VRFs

2) access all CEs

The second task requires unique IP addresses from the viewpoint of the monitoring device. This has nothing to do with VRFs per se, just a plain IPv4 unicast requirement. Two solutions are known: give unique IPv4 addresses to all CEs (loopback IPs for monitoring) or use NAT.

The first task is achieved by creating a central service VPN for monitoring. An example config:

ip vrf NMS

rd 65000:1

route-target import 65000:162

export map NMS2vrfs

ip vrf Customer1

rd 65000:101

route-target export 65000:101

route-target import 65000:101

route-target import 65000:161

export map CEloopbacks

ip vrf Customer2

rd 65000:102

route-target export 65000:102

route-target import 65000:102

route-target import 65000:161

export map CEloops2NMS

route-map CEloops2NMS permit 10

match ip address 1

set extcommunity rt 65000:162 [additive]

route-map NMS2vrfs permit 10

match ip address 2

set extcommunity rt 65000:161 [additive]

access-list 1 permit host 10.1.1.1

access-list 1 permit host 10.2.2.2

access-list 2 permit 192.0.2.0 0.0.0.255

Your IP addresses, naming, RDs and RTs might be different. In my example I assume two CEs with 10.1.1.1 and 10.2.2.2 as monitoring Loopback IPs. The export map selectively exports only those IPs into the NMS vrf. Be aware that your monitoring LAN (192.0.2.0/24 in the example) must be reachable from all CEs, which means you have to import this prefix into all VRFs. Thus an official IPv4 address range might be required to avoid address conflicts with customer IPs.

Hope this helps! Please rate all posts.

Regards, Martin

New Member

Re: mpls vrf monitor

Hi martin,

Thanks for you reply, that's really helpful. But i was wondering if there any other way for such a scenario. Is there anyone ever use vrf lite for monitor purpose? I am not so clear how it works.

269
Views
9
Helpful
2
Replies