Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Question regarding management VPN

Hello All,

I'm currently testing a Layer3 IP VPN solution in the lab and have a question regarding the management of VRF's from a management VRF.

I have configured VPNa on two PE routers and am importing/exporting the 'VPNa' Route Target. I can see advertised routes in the VRF table for the remote CE router on both PE's respectively. I am running RIP from PE to CE.

As well as exporting/importing Route Target VPNa on the VPNa routing instance, I am also exporting routes that match the loopback range of the CE routers and tagging them with RT 'export-loopback-CE'. Also I am importing routes from BGP that have been tagged with RT 'import-mgmt-vrf'.

I've also created a 'management VRF' on one of the PE routers, and assigned the interface which connects to the NMS in the routing instance. I am tagging routes being exported from the management VRF the RT 'import-mgmt-vrf' extended community. I am also importing routes from BGP that have been tagged with the 'export-loopback-CE' community.

Now, in the management VRF I can see the loopback addresses of the CE's that connect only to remote PE routers. However, I can't see the loopback address from any of the CE devices connected to the local PE router, which also terminates my management link. I believe this is because I am importing routes tagged with community 'export-loopback-CE' from BGP... and thus any local routes from CE to PE that are RIP have not been redistributed into IBGP yet.

How could I also import the loopback management range of CE's in the VPNa VRF into the management VRF on the local PE router. Given that the local routes have not been redistributed into IBGP yet and are RIP.

Thanks in advance.

Mario.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Question regarding management VPN

Mario

If the CE loopbacks are obtained through RIP and arent redistributed into the MPBGP, it is not possible for the management vrf to know of them. You have to redistribute into BGP as well as tag them with the appropriate RT which is imported into the management vrf. Also make sure that the management vrf ip is visible in the VPNa vrf.

7 REPLIES
ktd
New Member

Re: Question regarding management VPN

Mario,

can you post the config of the 2 PE routers?

swen

Re: Question regarding management VPN

Can u alternatively as well explain the problem with some illustration.

SO it clear which routes you are getting where and which you are not.

For example you can call CE1 and CE2 PE1 and PE2, and CE1 routes are in PE1 and PE2 but not in MGMT-PE.

Something like that.

HTH-Cheers,

Swaroop

New Member

Re: Question regarding management VPN

Hi Swen,

Unfortunately I can not get the config for the two PE routers until another two days.

However, do you have any thoughts regarding this issue?

My problem is importing from a VRF into a management VRF on the same PE router. Is there 'best design' way of doing that?

Thank you

Mario.

New Member

Re: Question regarding management VPN

Mario

If the CE loopbacks are obtained through RIP and arent redistributed into the MPBGP, it is not possible for the management vrf to know of them. You have to redistribute into BGP as well as tag them with the appropriate RT which is imported into the management vrf. Also make sure that the management vrf ip is visible in the VPNa vrf.

ktd
New Member

Re: Question regarding management VPN

javar is right. You need to redistribute these addresses into bgp.

But to say exactly what you are missing, we need the config.

swen

Silver

Re: Question regarding management VPN

In additional to the response from Netpros. I believe you are redistributing the RIP into BGP, otherwise, how the MPLS know how to reach the local LAN of the remote router.

If the RIP redistribution is not configured, please advise how the MPLS know the routes from the RIP...

You can try to configure a static for the NM address only then redistribute into the BGP at PE then import to the NM VRF for testing the connectivity.

Config. is required.

Hope this helps.

New Member

Re: Question regarding management VPN

Thank you all for you comments and input.

Regards,

Mario.

147
Views
13
Helpful
7
Replies
CreatePlease to create content