RE: [nsp] Configuring VPN Routing/Forwarding

From: Tay Chee Yong (tcy@pacific.net.sg)
Date: Mon Feb 11 2002 - 05:37:49 EST


Hi Duane,

Here is my configuration, and some "show" statistics.
Please advise.

interface FastEthernet0/0
  no ip address
  duplex auto
  speed auto
!
interface FastEthernet0/0.1
  encapsulation isl 1
  ip vrf forwarding test2
  ip address 200.200.200.1 255.255.255.0
  no ip redirects
!
interface FastEthernet0/0.2
  encapsulation isl 2
  ip vrf forwarding test2
  ip address 10.10.10.2 255.255.255.0
  no ip redirects
!
interface Serial0/0
  ip vrf forwarding test1
  ip address 192.168.100.1 255.255.255.252
  no fair-queue
  clockrate 2000000
!
interface FastEthernet0/1
  no ip address
  duplex auto
  speed auto
!
interface FastEthernet0/1.1
  encapsulation isl 1
  ip vrf forwarding test1
  ip address 100.100.100.1 255.255.255.0
  no ip redirects
!
interface FastEthernet0/1.2
  encapsulation isl 2
  ip vrf forwarding test1
  ip address 10.10.10.1 255.255.255.0
  no ip redirects
!
interface Serial0/1
  ip vrf forwarding test2
  ip address 192.168.10.1 255.255.255.252
  clockrate 2000000
!

ip route vrf test1 200.200.200.0 255.255.255.0 10.10.10.2
ip route vrf test2 100.100.100.0 255.255.255.0 10.10.10.1

Router#traceroute vrf test1 200.200.200.1

Type escape sequence to abort.
Tracing the route to 200.200.200.1

   1 * * *
   2 *
Router#sh ip route vrf test1 stati
Router#sh ip route vrf test1 static
S 200.200.200.0/24 [1/0] via 10.10.10.2

Regards,
Cheeyong

At 12:03 PM 2/11/02 +0200, Duane de Witt wrote:
>Try injecting the routes into both VRF's. If you do a traceroute vrf you
>should see that the routing tables are causing the packets to take that
>path.
>
>Regards
>
>Duane de Witt
>Network Engineer
>Siemens Business Services
>Tel. +27 11 380 4740
>Fax. +27 11 380 4710
>
>-----Original Message-----
>From: Tay Chee Yong [mailto:tcy@pacific.net.sg]
>Sent: Monday, February 11, 2002 12:03 PM
>To: cisco-nsp@puck.nether.net
>Subject: [nsp] Configuring VPN Routing/Forwarding
>
>Hi there,
>
>Have anyone out there configured the above with any of your customers or
>
>clients??
>
>I have this scenario over here, and need some advise.
>
> vrf1 | | vrf2
> S1/0 | | S1/1
> ---------------------------
> | Cisco 7206 |
> ---------------------------
> F1/0 | | F2/0
> vrf1 | | vrf 2
>
>I had configured 2 vrf on the router, as shown above. It seems that
>whenever I want to reach F2/0 from F1/0, it will always go out by S1/0,
>and
>returned by S1/1 before reaching F2/0. This is bad, as it would consume
>the
>WAN Link's bandwidth. I would like to have the inter-vrf traffic to be
>within the router. Any advise from you guys out there??
>
>Really appreciate it.
>
>Regards,
>Cheeyong



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:32 EDT