[c-nsp] Re: Interfacing between VRF and global across interface inone router

Joe Maimon jmaimon at ttec.com
Tue Jan 18 08:46:00 EST 2005 

Oliver,

Yes that worked perfectly. Thank you. I have told TAC to close the case.

I am testing this approach because conceptualy, it seems better to treat 
inter vrf<->vrf or vrf<->global traffic on the same router as transiting 
a routed interface in each routing table. Seems like a waste of physical 
interfaces, however. To minimize that I am using dot1q portchannels.

Practically speaking, at first cut, I am hoping to be able to cut out 
hundreds of "ip nat outside" statements, to see if that eliminates some 
nat overhead.

Also being able to run RIP2 over this makes it an easy way to configure 
dynamic routing between vrf's. That has some interesting potential uses.

Plus that should integrate nicely with MPLS once I puzzle that out.

Joe

Oliver Boehmer (oboehmer) wrote:

>joe,
>
>you'll need to create static ARP entries (one in the VRF and one in the
>global context) for the respective IP address for this to work. "debug
>arp" shows why the ping between the two router interface addresses (one
>in VRF, one in the global table)
>
>A general comment: While connecting global and VRF via "crossover
>cables" is a technically valid approach, I don't know if this approach
>is so much easier than configuring "ip nat outside" on the interface. It
>might make troubleshooting more difficult, but I don't know all the
>requirements to really judge this..
>
>	oli
>
>Joe Maimon <> wrote on Tuesday, January 18, 2005 1:58 PM:
>
>  
>
>>Joe Maimon wrote:
>>
>>    
>>
>>>Does anybody know of a way to create an interface between two VRF's
>>>or a VRF and the global table inside one router?
>>>
>>>
>>>      
>>>
>>But this does not appear to work
>>
>>rt11#sh run int p1.17
>>Building configuration...
>>
>>Current configuration : 126 bytes
>>!
>>interface Port-channel1.17
>> encapsulation dot1Q 17
>> ip vrf forwarding CHL-PRIVATE
>> ip address 10.33.33.1 255.255.255.0
>>end
>>
>>rt11#sh run int p2.17
>>Building configuration...
>>
>>Current configuration : 95 bytes
>>!
>>interface Port-channel2.17
>> encapsulation dot1Q 17
>> ip address 10.33.33.2 255.255.255.0
>>end
>>
>>rt11#ping 10.33.33.1 re 2
>>
>>Type escape sequence to abort.
>>Sending 2, 100-byte ICMP Echos to 10.33.33.1, timeout is 2 seconds:
>>
>>003980: *Jan 18 12:55:39: IP: tableid=0, s=10.33.33.2 (local),
>>d=10.33.33.1 (Port-channel2.17), routed via RIB
>>003981: *Jan 18 12:55:39: IP: s=10.33.33.2 (local), d=10.33.33.1
>>(Port-channel2.17), len 100, sending
>>003982: *Jan 18 12:55:39: IP: s=10.33.33.2 (local), d=10.33.33.1
>>(Port-channel2.17), len 100, encapsulation failed.
>>003983: *Jan 18 12:55:41: IP: tableid=0, s=10.33.33.2 (local),
>>d=10.33.33.1 (Port-channel2.17), routed via RIB
>>003984: *Jan 18 12:55:41: IP: s=10.33.33.2 (local), d=10.33.33.1
>>(Port-channel2.17), len 100, sending
>>003985: *Jan 18 12:55:41: IP: s=10.33.33.2 (local), d=10.33.33.1
>>(Port-channel2.17), len 100, encapsulation failed.
>>Success rate is 0 percent (0/2)
>>rt11#ping 10.33.33.2 re 2
>>
>>Type escape sequence to abort.
>>Sending 2, 100-byte ICMP Echos to 10.33.33.2, timeout is 2 seconds:
>>!!
>>Success rate is 100 percent (2/2), round-trip min/avg/max = 1/2/4 ms
>>rt11#
>>003986: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 (local),
>>d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003987: *Jan 18 12:55:48: IP: s=10.33.33.2 (local), d=10.33.33.2
>>(Port-channel2.17), len 100, sending
>>003988: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2
>>(Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003989: *Jan 18 12:55:48: IP: s=10.33.33.2 (Port-channel2.17),
>>d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
>>003990: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 (local),
>>d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003991: *Jan 18 12:55:48: IP: s=10.33.33.2 (local), d=10.33.33.2
>>(Port-channel2.17), len 100, sending
>>003992: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2
>>(Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003993: *Jan 18 12:55:48: IP: s=10.33.33.2 (Port-channel2.17),
>>d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
>>003994: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 (local),
>>d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003995: *Jan 18 12:55:48: IP: s=10.33.33.2 (local), d=10.33.33.2
>>(Port-channel2.17), len 100, sending
>>003996: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2
>>(Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003997: *Jan 18 12:55:48: IP: s=10.33.33.2 (Port-channel2.17),
>>d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
>>003998: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 (local),
>>d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003999: *Jan 18 12:55:48: IP: s=10.33.33.2 (local), d=10.33.33.2
>>(Port-channel2.17), len 100, sending
>>004000: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2
>>(Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
>>004001: *Jan 18 12:55:48: IP: s=10.33.33.2 (Port-channel2.17),
>>d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
>>noc08rt11#ping 10.33.33.3 re 2
>>
>>Type escape sequence to abort.
>>Sending 2, 100-byte ICMP Echos to 10.33.33.3, timeout is 2 seconds:
>>!!
>>Success rate is 100 percent (2/2), round-trip min/avg/max = 4/6/8 ms
>>rt11#
>>004002: *Jan 18 12:55:57: IP: tableid=0, s=10.33.33.2 (local),
>>d=10.33.33.3 (Port-channel2.17), routed via FIB
>>004003: *Jan 18 12:55:57: IP: s=10.33.33.2 (local), d=10.33.33.3
>>(Port-channel2.17), len 100, sending
>>004004: *Jan 18 12:55:57: IP: tableid=0, s=10.33.33.3
>>(Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
>>004005: *Jan 18 12:55:57: IP: s=10.33.33.3 (Port-channel2.17),
>>d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
>>004006: *Jan 18 12:55:57: IP: tableid=0, s=10.33.33.2 (local),
>>d=10.33.33.3 (Port-channel2.17), routed via FIB
>>004007: *Jan 18 12:55:57: IP: s=10.33.33.2 (local), d=10.33.33.3
>>(Port-channel2.17), len 100, sending
>>004008: *Jan 18 12:55:57: IP: tableid=0, s=10.33.33.3
>>(Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
>>004009: *Jan 18 12:55:57: IP: s=10.33.33.3 (Port-channel2.17),
>>d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
>>
>>
>>
>>_______________________________________________
>>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>    
>>
>
>
>  
>

More information about the cisco-nsp mailing list