[c-nsp] IPVPN and VRF Lite

Sultan Shaikh sultaans at hotmail.com
Wed Aug 24 21:57:07 EDT 2005 

Oliver,

Thanks for your reply, I understand now, I have revised the config, it is as 
follows:

**********
!
ip vrf vrf_blue
rd 65432:701
route-target export 65432:701
route-target import 65432:701
!
ip vrf vrf_mgmt
rd 65432:702
route-target export 65432:702
route-target import 65432:702
!
ip vrf vrf_red
rd 65432:700
route-target export 65432:700
route-target import 65432:700
!
!
!********************

!
interface Loopback0
ip address 172.16.1.1 255.255.255.255
!
interface FastEthernet0/0
description Connected to CPE1
ip vrf forwarding vrf_red
ip address 1.1.1.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
description "Connecting to CPCNet PE"
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.700
encapsulation dot1Q 700
ip vrf forwarding vrf_red
ip address 172.24.0.2 255.255.255.252
!
interface FastEthernet0/1.701
encapsulation dot1Q 701
ip vrf forwarding vrf_blue
ip address 172.24.0.6 255.255.255.252
!
interface FastEthernet0/1.702
encapsulation dot1Q 702
ip vrf forwarding vrf_mgmt
ip address 172.24.0.10 255.255.255.252
!
router bgp 65432
no synchronization
bgp log-neighbor-changes
no auto-summary
!
address-family ipv4
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf vrf_red
redistribute connected
redistribute static
neighbor 172.24.0.1 remote-as 4058
neighbor 172.24.0.1 activate
neighbor 172.24.0.1 send-community both
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf vrf_mgmt
redistribute connected
redistribute static
neighbor 172.24.0.9 remote-as 4058
neighbor 172.24.0.9 activate
neighbor 172.24.0.9 send-community both
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf vrf_blue
redistribute connected
redistribute static
neighbor 172.24.0.5 remote-as 4058
neighbor 172.24.0.5 activate
neighbor 172.24.0.5 send-community both
no auto-summary
no synchronization
exit-address-family
!
ip http server
ip classless
ip route 2.2.2.0 255.255.255.0 1.1.1.2
!
********************************

As evident, I have configured VRF-Lite on my CE2, with multiple C router 
"red" and "blue" connecting to it, I have created vrf_mgmt for management 
purposes only, will pull loopback into this vrf.

Also the PE configs at either side is as follows (Juniper)..

PE2 for Red VRF...
******************
show configuration routing-instances 3xxx1
description "XYZ NNI Test 1 (Red) (2005/08/22 by abc)";
instance-type vrf;
interface fe-0/1/0.700;
route-distinguisher 4xx8:3xxx1;
vrf-import 3xxx1-import;
vrf-export 3xxx1-export;
routing-options {
    router-id 172.24.0.1;
}
protocols {
    bgp {
        group XYZ {
            local-address 172.24.0.1;
            inactive: export remove-community;
            remove-private;
            peer-as 65432;
            neighbor 172.24.0.2 {
                local-address 172.24.0.1;
            }
        }

*****************

PE1 for Red VRF

**********************

description "ABC NNI Test 1 (Red) (2005/08/22 by xxx)";
instance-type vrf;
interface ds-0/2/0:1:1.0;
route-distinguisher 4xx8:1xx1;
vrf-import 1xx1-import;
vrf-export 1xx1-export;
routing-options {
    static {
        route 192.168.25.0/24 next-hop 10.xx.0.42;
        route 172.16.1.4/32 next-hop 10.xx.0.42;
    }
}
***************

I am not able to see the Intranet routes of CE2 at PE1 while I can see them 
at PE2....

Kindly help...

Thanks
sultan

>From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
>To: "Sultan Shaikh" <sultaans at hotmail.com>, <cisco-nsp at puck.nether.net>
>Subject: RE: [c-nsp] IPVPN and VRF Lite
>Date: Tue, 23 Aug 2005 09:27:24 +0200
>
>Sultan Shaikh <> wrote on Tuesday, August 23, 2005 9:00 AM:
>
> > Hi Folks,
> >
> > This is the setup...
> >
> > C1 - CE1 - PE1 - P - P - PE2 - CE2 - C2
> >
> > C - Customer router
> > CE - Customer Edge
> >
> > I have VRF Lite configured on CE routers (Cisco 3745, IOS 12.2), I am
> > peering with PE on either side with eBGP on 3 separate subinterfaces,
> > will be more clear from the configs of CE2 and PE2 (VRF and BGP only)
> > attached herein, I am not able to populate my vrf table.
>
>your eBGP sessions are not set-up in the VRF address-families, so they
>don't come up at all ("show ip bgp summary" should show them all as
>"Active"). Please remove the neighbors from the global ipv4 unicast
>context and set them up within the ipv4 vrf XXX context, i.e.
>
>router bgp 65432
>  no neighbor 172.24.0.1
>  no neighbor 172.24.0.5
>  no neighbor 172.24.0.9
>  !
>  address-family ipv4 vrf vrf_red
>   neighbor 172.24.0.1 remote-as 4058
>  exit-address-family
>  address-family ipv4 vrf vrf_blue
>   neighbor 172.24.0.5 remote-as 4058
>  exit-address-family
>  address-family ipv4 vrf vrf_mgmt
>   neighbor 172.24.0.9 remote-as 4058
>  exit-address-family
>
>But what are you planning to do with the vrf_blue and vrf_mgmt? I only
>see one interface (the PE-facing interface) within these VRFs, so the
>traffic will not go anywhere?
>
>	oli

_________________________________________________________________
NRIs, does your family in India need money? 
http://creative.mediaturf.net/creatives/icicibank/ICICI_NRI_ERA.htm Open an 
ICICI Bank NRI savings A/c

More information about the cisco-nsp mailing list