[c-nsp] Re: Interfacing between VRF and global across interface inone router

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Tue Jan 18 08:07:53 EST 2005 

joe,

you'll need to create static ARP entries (one in the VRF and one in the
global context) for the respective IP address for this to work. "debug
arp" shows why the ping between the two router interface addresses (one
in VRF, one in the global table)

A general comment: While connecting global and VRF via "crossover
cables" is a technically valid approach, I don't know if this approach
is so much easier than configuring "ip nat outside" on the interface. It
might make troubleshooting more difficult, but I don't know all the
requirements to really judge this..

	oli

Joe Maimon <> wrote on Tuesday, January 18, 2005 1:58 PM:

> Joe Maimon wrote:
> 
>> Does anybody know of a way to create an interface between two VRF's
>> or a VRF and the global table inside one router?
>> 
>> 
> But this does not appear to work
> 
> rt11#sh run int p1.17
> Building configuration...
> 
> Current configuration : 126 bytes
> !
> interface Port-channel1.17
>  encapsulation dot1Q 17
>  ip vrf forwarding CHL-PRIVATE
>  ip address 10.33.33.1 255.255.255.0
> end
> 
> rt11#sh run int p2.17
> Building configuration...
> 
> Current configuration : 95 bytes
> !
> interface Port-channel2.17
>  encapsulation dot1Q 17
>  ip address 10.33.33.2 255.255.255.0
> end
> 
> rt11#ping 10.33.33.1 re 2
> 
> Type escape sequence to abort.
> Sending 2, 100-byte ICMP Echos to 10.33.33.1, timeout is 2 seconds:
> 
> 003980: *Jan 18 12:55:39: IP: tableid=0, s=10.33.33.2 (local),
> d=10.33.33.1 (Port-channel2.17), routed via RIB
> 003981: *Jan 18 12:55:39: IP: s=10.33.33.2 (local), d=10.33.33.1
> (Port-channel2.17), len 100, sending
> 003982: *Jan 18 12:55:39: IP: s=10.33.33.2 (local), d=10.33.33.1
> (Port-channel2.17), len 100, encapsulation failed.
> 003983: *Jan 18 12:55:41: IP: tableid=0, s=10.33.33.2 (local),
> d=10.33.33.1 (Port-channel2.17), routed via RIB
> 003984: *Jan 18 12:55:41: IP: s=10.33.33.2 (local), d=10.33.33.1
> (Port-channel2.17), len 100, sending
> 003985: *Jan 18 12:55:41: IP: s=10.33.33.2 (local), d=10.33.33.1
> (Port-channel2.17), len 100, encapsulation failed.
> Success rate is 0 percent (0/2)
> rt11#ping 10.33.33.2 re 2
> 
> Type escape sequence to abort.
> Sending 2, 100-byte ICMP Echos to 10.33.33.2, timeout is 2 seconds:
> !!
> Success rate is 100 percent (2/2), round-trip min/avg/max = 1/2/4 ms
> rt11#
> 003986: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 (local),
> d=10.33.33.2 (Port-channel2.17), routed via RIB
> 003987: *Jan 18 12:55:48: IP: s=10.33.33.2 (local), d=10.33.33.2
> (Port-channel2.17), len 100, sending
> 003988: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2
> (Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
> 003989: *Jan 18 12:55:48: IP: s=10.33.33.2 (Port-channel2.17),
> d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
> 003990: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 (local),
> d=10.33.33.2 (Port-channel2.17), routed via RIB
> 003991: *Jan 18 12:55:48: IP: s=10.33.33.2 (local), d=10.33.33.2
> (Port-channel2.17), len 100, sending
> 003992: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2
> (Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
> 003993: *Jan 18 12:55:48: IP: s=10.33.33.2 (Port-channel2.17),
> d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
> 003994: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 (local),
> d=10.33.33.2 (Port-channel2.17), routed via RIB
> 003995: *Jan 18 12:55:48: IP: s=10.33.33.2 (local), d=10.33.33.2
> (Port-channel2.17), len 100, sending
> 003996: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2
> (Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
> 003997: *Jan 18 12:55:48: IP: s=10.33.33.2 (Port-channel2.17),
> d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
> 003998: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 (local),
> d=10.33.33.2 (Port-channel2.17), routed via RIB
> 003999: *Jan 18 12:55:48: IP: s=10.33.33.2 (local), d=10.33.33.2
> (Port-channel2.17), len 100, sending
> 004000: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2
> (Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
> 004001: *Jan 18 12:55:48: IP: s=10.33.33.2 (Port-channel2.17),
> d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
> noc08rt11#ping 10.33.33.3 re 2
> 
> Type escape sequence to abort.
> Sending 2, 100-byte ICMP Echos to 10.33.33.3, timeout is 2 seconds:
> !!
> Success rate is 100 percent (2/2), round-trip min/avg/max = 4/6/8 ms
> rt11#
> 004002: *Jan 18 12:55:57: IP: tableid=0, s=10.33.33.2 (local),
> d=10.33.33.3 (Port-channel2.17), routed via FIB
> 004003: *Jan 18 12:55:57: IP: s=10.33.33.2 (local), d=10.33.33.3
> (Port-channel2.17), len 100, sending
> 004004: *Jan 18 12:55:57: IP: tableid=0, s=10.33.33.3
> (Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
> 004005: *Jan 18 12:55:57: IP: s=10.33.33.3 (Port-channel2.17),
> d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
> 004006: *Jan 18 12:55:57: IP: tableid=0, s=10.33.33.2 (local),
> d=10.33.33.3 (Port-channel2.17), routed via FIB
> 004007: *Jan 18 12:55:57: IP: s=10.33.33.2 (local), d=10.33.33.3
> (Port-channel2.17), len 100, sending
> 004008: *Jan 18 12:55:57: IP: tableid=0, s=10.33.33.3
> (Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
> 004009: *Jan 18 12:55:57: IP: s=10.33.33.3 (Port-channel2.17),
> d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list