That would be great thanks.... I am planning to use this for approx 500 sites as VRFs are used at remotes and want to remain separate up to the headend...

The only version of code I have at the mo is 15.2T, hoping it isn't a bug...

Thx,
Lee

Sent from Cisco Technical Support iPad App

Lee,

Had some problems with 15.2, but tried with 15.4.1T1.

Hub#traceroute vrf BLUE 192.168.101.1 source e1/1
Type escape sequence to abort.
Tracing the route to 192.168.101.1
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.101.1 6 msec *  5 msec
Hub#show ip cef vrf BLUE 192.168.101.1 det
192.168.101.0/24, epoch 0, flags rib defined all labels
  recursive via 10.1.1.178 label 16
    attached to Virtual-Access3
Hub#sh run | s r b
router bgp 65001
 bgp log-neighbor-changes
 bgp listen range 10.1.1.0/24 peer-group Spokes
 neighbor Spokes peer-group
 neighbor Spokes remote-as 65001
 neighbor 2001:DB8:1999:: remote-as 65001
 neighbor 2001:DB8:1999:: update-source Loopback100
 neighbor 192.168.0.2 remote-as 65001
 !
 address-family ipv4
  network 192.168.0.0
  neighbor Spokes activate
  no neighbor 2001:DB8:1999:: activate
  neighbor 192.168.0.2 activate
  neighbor 192.168.0.2 route-reflector-client
  neighbor 192.168.0.2 next-hop-self all
  neighbor 192.168.0.2 unsuppress-map ALL
 exit-address-family
 !
 address-family vpnv4
  neighbor Spokes activate
  neighbor Spokes send-community extended
 exit-address-family
 !
 address-family ipv6
  neighbor 2001:DB8:1999:: activate
 exit-address-family
 !
 address-family ipv4 vrf BLUE
  network 192.168.0.0
  redistribute connected
 exit-address-family
Hub#sh ip route vrf BLUE
Routing Table: BLUE
(...)
Gateway of last resort is not set
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, Ethernet1/1
L        192.168.0.1/32 is directly connected, Ethernet1/1
B     192.168.101.0/24 [200/0] via 10.1.1.178, 00:07:13
B     192.168.102.0/24 [200/0] via 10.1.1.179, 00:07:13

from spoke

Spoke1#traceroute vrf BLUE 192.168.0.1 source e1/1
Type escape sequence to abort.
Tracing the route to 192.168.0.1
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.0.1 5 msec *  6 msec
Spoke1#show ip cef vrf BLUE 192.168.0.1 det
192.168.0.0/24, epoch 0, flags rib defined all labels
  recursive via 10.1.1.1 label 16
    attached to Tunnel1
Spoke1#sh run | s r b
router bgp 65001
 bgp log-neighbor-changes
 network 192.168.101.0
 neighbor 10.1.1.1 remote-as 65001
 !
 address-family vpnv4
  neighbor 10.1.1.1 activate
  neighbor 10.1.1.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf BLUE
  network 192.168.101.0
  redistribute connected
 exit-address-family
Spoke1#sh ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override
Gateway of last resort is not set
B     192.168.0.0/24 [200/0] via 10.1.1.1, 00:08:35
      192.168.101.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.101.0/24 is directly connected, Ethernet1/1
L        192.168.101.1/32 is directly connected, Ethernet1/1

Thanks a lot Marvin!... So the IOS I have looks to be limited.

Out of interest does the virtual-access interface show in the global routing table?

Sent from Cisco Technical Support iPad App

Lee,

Hub#sh run | s Virtual
interface Virtual-Template1 type tunnel
 ip unnumbered Loopback100
 ip mtu 1400
 ip nhrp network-id 2
 ip nhrp redirect
 ip tcp adjust-mss 1360
 ipv6 unnumbered Loopback100
 ipv6 enable
 mpls bgp forwarding
 tunnel path-mtu-discovery
 tunnel protection ipsec profile default
Hub#show mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16         No Label   192.168.0.0/24[V]   \
                                       0             aggregate/BLUE

Everything is global.

I'm wondering if this is actually a valid way to do things, let me pick brains of some of the MPLS folks here.

M.

Hi Marcin,

I will have a topology of 4 ASR hub routers, 2 at one site, 2 in another. I am planning on the spoke routers having 4 tunnels constantly up, one to each hub. I have read in one of your web pages that Cisco recommend iBGP between hub and spoke routers. This is fine, though will need to route-reflect between all the hubs.

The tunnels will be authenticated with a RADIUS a the headend, hence I don't believe with shortcut routing we can authenticate against the RADIUS, or will the Hub router still proxy auth requests for spoke to spoke?

Cheers,

Lee.