03-08-2009 08:27 PM - edited 03-04-2019 03:51 AM
Hi I am trying to setup vrf's but I need to get my network to function properly first, so I have 4 routers and I am running bgp between R2&R3, OSPF between R1&R2 and R3&R4. Router R3 and R4 can ping all the routers on my network but R4 and R1 can only ping their directly connected routers. I have redistributed OSPF into BGP and vice versa on R4&R3 as below.
R1--R2--R3--R4
R2
router ospf 1
log-adjacency-changes
redistribute bgp 100 metric 2 subnets
network 4.4.4.4 0.0.0.0 area 0
network 165.148.122.0 0.0.0.255 area 0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 4.4.4.4 mask 255.255.255.255
network 165.148.120.0 mask 255.255.255.252
redistribute ospf 1 metric 2
neighbor 165.148.120.1 remote-as 100
no auto-summary
!
R3
router ospf 1
log-adjacency-changes
redistribute bgp 100 metric 2 subnets
network 1.1.1.1 0.0.0.0 area 0
network 165.148.121.0 0.0.0.3 area 0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
network 165.148.120.0 mask 255.255.255.252
redistribute ospf 1 metric 2
neighbor 165.148.120.2 remote-as 100
no auto-summary
!
What must I do for router 1&4 to be able to ping all other routers. Is it good practice for me to advertise all other networks in OSPF for router R2&R3?
03-10-2009 12:55 PM
now I can configure address-families, my other problem is I have configured bgp on my ce routers(R1&R4). and R1 neighbor is R4 on BGP and vice versa. vpnv4 is configured between the two PE router's(R2&R3).
Do I need to configure adress-families between R1&R2 and between R3&R4? is there another simple understandable method of creating multiple vpn
03-10-2009 12:59 PM
Lawrence,
You do not need to configure a BGP session between R1 and R4. You rather need to run a BGP session between R1 and R2 and another one between R3 and R4. These session would be in the VRF context (address-family ipv4 vrf xxx).
Regards
03-10-2009 01:06 PM
You need to advertise routes to the PE routers from both R1 and R4. You can choose any routing protool like ospf/ eigrp or BGP.
Best option would be to use BGP between the CE and the PE.
If you have followed the configurations i have posted then you can create multiple VPNs over the MPLS.. All you need to do is to create multiple VRFs in the PE routers and have subinterfaces towards the CE routers (each subinterface being part of a different vrf)
Narayan
03-11-2009 03:20 AM
on the configs that you sent didn't you forget the neighbor statements on the PE's pointing towards the ce's?
there is communication between the PE and CE, I thought they will see each other from the address-family config that is on the PE's where the neighbor is specified.
right now only the PE's can see each other.
03-11-2009 03:33 AM
I am not sure whether u r using the same configs as i supplied
These are BGP configs between CE and PE
CE - R0
router bgp 2
no synchronization
bgp log-neighbor-changes
network 100.100.100.0 mask 255.255.255.0
redistribute connected
neighbor 172.16.100.1 remote-as 1
no auto-summary
PE1 - R1
address-family ipv4 vrf abc
redistribute connected
neighbor 172.16.100.2 remote-as 2
neighbor 172.16.100.2 activate
neighbor 172.16.100.2 as-override
no auto-summary
no synchronization
exit-address-family
HTH
Narayan
03-11-2009 04:32 AM
on the PE1 under the router bgp 1, shouldn't there be a neighbor statement?
e.g
router bgp 1
neighbor 172.16.100.2 remote-as 2
03-11-2009 04:37 AM
Nope... it will have only the BGP session to the PE
The CE-PE BGP sessions shud be under the address-family
Narayan
03-11-2009 05:14 AM
i used all your configs besides the ip addressing..
PE1
!
ip vrf VPN1:Mpho
rd 2:101
route-target export 2:101
route-target import 2:101
!
!
interface ATM1/0.100 point-to-point
ip address 165.148.122.2 255.255.255.252
ip ospf network broadcast
no atm enable-ilmi-trap
pvc 1/100
encapsulation aal5snap
!
!
interface ATM1/0.200 point-to-point
ip vrf forwarding VPN1:Mpho
ip address 10.0.0.2 255.255.255.252
no atm enable-ilmi-trap
pvc 1/200
encapsulation aal5snap
!
!
router ospf 1
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 165.148.120.0 0.0.0.3 area 0
network 165.148.122.0 0.0.0.3 area 0
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 4.4.4.4 mask 255.255.255.255
redistribute connected
neighbor 1.1.1.1 remote-as 200
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
exit-address-family
!
!
address-family ipv4 vrf VPN1:Mpho
no auto-summary
no synchronization
exit-address-family
!
CE1
ip vrf VPN1:Mpho:Aggr
rd 2:2002
route-target export 2:2002
route-target import 2:2002
!
!
interface ATM3/0.100 point-to-point
ip address 165.148.122.1 255.255.255.252
ip ospf network broadcast
pvc 1/100
encapsulation aal5snap
!
!
interface ATM3/0.200 point-to-point
ip vrf forwarding VPN1:Mpho:Aggr
ip address 10.0.0.1 255.255.255.252
pvc 1/200
encapsulation aal5snap
!
!
!
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 165.148.122.0 0.0.0.3 area 0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
redistribute connected
neighbor 165.148.122.2 remote-as 200
no auto-summary
!
03-11-2009 08:39 AM
Hello Lawrence,
just a moment
for the Ce router the BGP session needs to be in the global routing unless it is a multi VRF CE
if it is a multi VRF CE the neighbor sessions have to be configured on both devices under address-family ipv4 vrf-name
what decides what to here is the table where the link between the two stay:
VPN1:Mpho on Pe side
VPN1:Mpho:Aggr on CE side
the neighbor are 10.0.0.2 for PE and 10.0.0.1 on the CE side
Hope to help
Giuseppe
03-11-2009 02:01 PM
right now I only need to get a single vrf up and running so at this stage it's not a multi vrf. I am going to take an hour nap, I will be back in an hour..
I have removed the other sub interface with that 10.x.x.x ip. I only left the sub-int with 165. ip add. my worry is i think I have done everything correctly but just when I apply the ip vrf on that sub-inter, she dont like it and she drops. both ce's.
03-12-2009 09:50 AM
I still can't get it right.. I tried all the methods but I truly don't know what is it that I am doing wrong...
I need to know this if they say "if BGP is the routing protocol" and "if bgp is not the routing protocol" how do you differentiate between the two in my case?
if you need to refer here is the url where I got this statements.. http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/vrflitsb.html
03-12-2009 11:07 AM
Hello Lawrence,
with multi VRF CE you use a dedicated link in VRF between the multi VRF CE and the PE.
A multi VRF CE has a subset of PE features and functionalities: actually it allows to define VRFs to associate interfaces to different VRFs and to run routing protocols in the VRF -aware version.
With a dedicated link a VRF defined on the PE is put in communication with a VRF defined on the CE and VRF segregation is extended to a shared CE (shared by different customers)
What is the protocol you are going to use on the link PE-CE ?
if it is BGP you need to follow the EBGP PE-CE model on both sides:
actually the CE will be a neighbor in VRF PE_VRF
router bgp 100
address-family ipv4 vrf PE_VRF
neigh 165.1.1.2 remote-as 65000
neigh 165.1.1.2 activate
neigh 165.1.1.2 send-community
red conn
red static
the link must be associated to VRF PE_VRF on the PE
int atm x/y/z.m
ip vrf forwarding PE_VRF
ip address 165.1.1.1 255.255.255.252
on the CE as a mirror the PE is seen as a CE:
ip vrf CE_VRF
rd 65000:100
int atm x/y/z.m
ip vrf forward CE_VRF
ip address 165.1.1.2 255.255.255.252
router bgp 65000
address-family ipv4 vrf CE_VRF
red conn
red static
neigh 165.1.1.1 remote-as 100
neigh 165.1.1.1 activate
neigh 165.1.1.1 send-community
I would suggest you to start from a normal CE without any VRF defined on it and then you can move to this
As a third step you can try to use OSPF as the PE-CE protocol in multi-VRF context but this comes later
clean up all the config from ospf commands and other options
Very important note:
when you associate an interface to a VRF its ip address is removed and you need to retype it, even if you want to keep the same address it had in global routing table
Hope to help
Giuseppe
03-12-2009 12:05 PM
I want a ce to be a customer at this stage, then I will run multi vrf at a later stage no vrf configuration on the ce at this stage. I will attach my configs on one side meaning from PE to CE on one end. Please see if you can spot any mistake or problem. the ip address 1.1.1.1 is for R3(PE)
The only problem is once I configure IP vrf forwading on the interface towards the ce(ATM1/0.100) the bgp drops on that link and the ce is not pingable until I remove that command.
R2(PE)
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface ATM1/0.100 point-to-point
ip address 165.148.122.2 255.255.255.252
no atm enable-ilmi-trap
mpls bgp forwarding
pvc 1/100
encapsulation aal5snap
!
!
interface ATM3/0.100 point-to-point
ip address 165.148.120.2 255.255.255.252
no atm enable-ilmi-trap
mpls label protocol ldp
mpls ip
pvc 1/100
encapsulation aal5snap
!
!
router ospf 1
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 165.148.120.0 0.0.0.3 area 0
!
router bgp 1000
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1000
neighbor 1.1.1.1 update-source Loopback0
neighbor 165.148.122.1 remote-as 6500
!
address-family ipv4
redistribute ospf 1
neighbor 1.1.1.1 activate
neighbor 165.148.122.1 activate
no auto-summary
no synchronization
network 4.4.4.4 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN1:Mpho
redistribute connected
neighbor 165.148.122.1 remote-as 6500
neighbor 165.148.122.1 activate
neighbor 165.148.122.1 send-community
no auto-summary
no synchronization
exit-address-family
!
R1(CE)
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface ATM3/0.100 point-to-point
ip address 165.148.122.1 255.255.255.252
pvc 1/100
encapsulation aal5snap
!
router bgp 6500
no synchronization
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
redistribute connected
neighbor 165.148.122.2 remote-as 1000
no auto-summary
!
03-12-2009 12:29 PM
Lawrence,
You don't need "mpls bgp forwarding" on ATM1/0.100 but you absolutely need the "ip vrf forwarding
router bgp 1000
address-family ipv4
no neighbor 165.148.122.1 activate
If you want to see the bgp session to the PE, do a "show ip bgp v a summ".
You say that the PE is not pingable, did you try ping vrf
Regards
03-12-2009 12:58 PM
no the CE is not pingable., and remember there is no vrf configured on the CE...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: