[c-nsp] cross-vrf tunnels

Manu Chao linux.yahoo at gmail.com
Mon Aug 10 11:51:22 EDT 2009 

You can do it just by using Routing Target Import / Export Communities

On Mon, Aug 10, 2009 at 2:43 PM, Tony <td_miles at yahoo.com> wrote:

> Hi all,
>
> I want to route traffic from one VRF to another VRF on the same router. I
> did some searching and came across a prior discussion of this very same
> topic:
>
> http://puck.nether.net/pipermail/cisco-nsp/2009-February/058594.html
>
> So I decided to create a tunnel between two VRF's on the same box using
> loopback addresses for the tunnels.
>
> I set it all up and I can ping from the IP of one end of the tunnel in one
> VRF to the other end of the tunnel in the second VRF.
>
> The problem I have is that traffic from other sources isn't going over the
> tunnel properly.
>
> The config looks something like this:
>
>  !
>  interface Loopback 501
>  ip address 10.1.41.201 255.255.255.255
>  !
>  interface Loopback 502
>  ip address 10.1.41.202 255.255.255.255
>  !
>  interface Tunnel 501
>  ip vrf forwarding vrf1
>  ip address 10.1.41.197 255.255.255.252
>  tunnel source Loopback 501
>  tunnel destination 10.1.41.202
>  !
>  interface Tunnel 502
>  ip vrf forward vrf2
>  ip address 10.1.41.198 255.255.255.252
>  tunnel source Loopback 502
>  tunnel destination 10.1.41.201
> !
>
> I setup a test lab with a 2611 router either side of a 7206 running
> 12.2(33)SRC (which is doing the VRF crossover). It's all ethernet, no BGP,
> just two local VRF's on the 7200, nothing fancy.
>
> When I attempt to ping the 2611 router on the other side (via my loopback
> tunnel crossover connection) I get no response.
>
> If I look at the stats on the tunnel interface it's as if the traffic isn't
> going into the tunnel. The input and output counters are all staying the
> same. This contrasts to when I ping directly from one end of the tunnel to
> the other as the counters do increase (and I get responses back).
>
> If I enable some debug, I get the following:
> * Tunnel502: adjacency fixup, 10.1.41.202->10.1.41.201, tos set to 0x0
> * CEF-Drop: Packet from 10.1.41.202 (Nu0) to 10.1.41.201, Unclassified
> reason
>
> Which shows that my packet across the tunnel is being dropped, but I don't
> know why.
>
> When I do the ping direct from one tunnel end IP to the other, I see the
> normal sequence of events I would expect (packet routed via RIB, packet goes
> into tunnel, GRE encap, packet from one loopback to other, GRE decap, etc).
>
> Is this supposed to work ? Does anyone else have it working ? What might I
> be doing wrong ?
>
> Many thanks,
> Tony.
>
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list