RE: [nsp] Configuring VPN Routing/Forwarding

From: Tay Chee Yong (tcy@pacific.net.sg)
Date: Mon Feb 11 2002 - 07:35:55 EST


Hi Duane,

Yes. These interfaces are on the same chassis.

If I were to redistribute the subnets with BGP, then it will be utilizing
the Serial Link (WAN Link). My customer's bandwidth is quite limited.
Inter-subnet traffic will cause the pipe to be used up pretty fast.

Please advise how can I redistribute the subnet with BGP. Thank you.

Regards,
Cheeyong

At 01:55 PM 2/11/02 +0200, Duane de Witt wrote:
>Are all of these interfaces on the same chassis? If so you are routing
>connected subnets which will cause problems.
>
>ip route vrf test1 200.200.200.0 255.255.255.0 10.10.10.2
>ip route vrf test2 100.100.100.0 255.255.255.0 10.10.10.1
>
>Both of these subnets are connected and should be redistributed by BGP.
>
>Am I interpreting this correctly?
>
>Regards
>
>Duane de Witt
>Network Engineer
>Siemens Business Services
>Tel. +27 11 380 4740
>Fax. +27 11 380 4710
>
>-----Original Message-----
>From: Tay Chee Yong [mailto:tcy@pacific.net.sg]
>Sent: Monday, February 11, 2002 12:38 PM
>To: Duane de Witt
>Cc: cisco-nsp@puck.nether.net
>Subject: RE: [nsp] Configuring VPN Routing/Forwarding
>
>Hi Duane,
>
>Here is my configuration, and some "show" statistics.
>Please advise.
>
>interface FastEthernet0/0
> no ip address
> duplex auto
> speed auto
>!
>interface FastEthernet0/0.1
> encapsulation isl 1
> ip vrf forwarding test2
> ip address 200.200.200.1 255.255.255.0
> no ip redirects
>!
>interface FastEthernet0/0.2
> encapsulation isl 2
> ip vrf forwarding test2
> ip address 10.10.10.2 255.255.255.0
> no ip redirects
>!
>interface Serial0/0
> ip vrf forwarding test1
> ip address 192.168.100.1 255.255.255.252
> no fair-queue
> clockrate 2000000
>!
>interface FastEthernet0/1
> no ip address
> duplex auto
> speed auto
>!
>interface FastEthernet0/1.1
> encapsulation isl 1
> ip vrf forwarding test1
> ip address 100.100.100.1 255.255.255.0
> no ip redirects
>!
>interface FastEthernet0/1.2
> encapsulation isl 2
> ip vrf forwarding test1
> ip address 10.10.10.1 255.255.255.0
> no ip redirects
>!
>interface Serial0/1
> ip vrf forwarding test2
> ip address 192.168.10.1 255.255.255.252
> clockrate 2000000
>!
>
>ip route vrf test1 200.200.200.0 255.255.255.0 10.10.10.2
>ip route vrf test2 100.100.100.0 255.255.255.0 10.10.10.1
>
>Router#traceroute vrf test1 200.200.200.1
>
>Type escape sequence to abort.
>Tracing the route to 200.200.200.1
>
> 1 * * *
> 2 *
>Router#sh ip route vrf test1 stati
>Router#sh ip route vrf test1 static
>S 200.200.200.0/24 [1/0] via 10.10.10.2
>
>Regards,
>Cheeyong
>
>At 12:03 PM 2/11/02 +0200, Duane de Witt wrote:
> >Try injecting the routes into both VRF's. If you do a traceroute vrf
>you
> >should see that the routing tables are causing the packets to take that
> >path.
> >
> >Regards
> >
> >Duane de Witt
> >Network Engineer
> >Siemens Business Services
> >Tel. +27 11 380 4740
> >Fax. +27 11 380 4710
> >
> >-----Original Message-----
> >From: Tay Chee Yong [mailto:tcy@pacific.net.sg]
> >Sent: Monday, February 11, 2002 12:03 PM
> >To: cisco-nsp@puck.nether.net
> >Subject: [nsp] Configuring VPN Routing/Forwarding
> >
> >Hi there,
> >
> >Have anyone out there configured the above with any of your customers
>or
> >
> >clients??
> >
> >I have this scenario over here, and need some advise.
> >
> > vrf1 | | vrf2
> > S1/0 | | S1/1
> > ---------------------------
> > | Cisco 7206 |
> > ---------------------------
> > F1/0 | | F2/0
> > vrf1 | | vrf 2
> >
> >I had configured 2 vrf on the router, as shown above. It seems that
> >whenever I want to reach F2/0 from F1/0, it will always go out by S1/0,
> >and
> >returned by S1/1 before reaching F2/0. This is bad, as it would consume
> >the
> >WAN Link's bandwidth. I would like to have the inter-vrf traffic to be
> >within the router. Any advise from you guys out there??
> >
> >Really appreciate it.
> >
> >Regards,
> >Cheeyong



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:32 EDT