[c-nsp] Re: Interfacing between VRF and global across interface in one router

Joe Maimon jmaimon at ttec.com
Tue Jan 18 08:55:35 EST 2005 

Hello Rodney,

At first cut, I am trying to effect a seperation between the interfaces 
which need (overload)natting done and the ones that dont. Exactly what 
that will buy me in terms of nat problems, performance or logical 
correctness I am not quite certain yet.

As is currently, If it turn nat on for some interfaces on the router, I 
have to turn it on for all so that others dont see rfc1918 that they 
would not be expecting. Such is only proper.

Why nat? Well some customers like to link up a few of their sites with 
the cheapest CPE possible which supports the simplest network possible.

Joe

Rodney Dunn wrote:

>Can you explain again what you are trying
>to do?
>
>A diagram would help.  There is a new feature
>coming out for NAT that could possibly solve
>your problem if I understand what the problem
>is correctly.
>
>Rodney
>
>On Tue, Jan 18, 2005 at 07:57:42AM -0500, Joe Maimon wrote:
>  
>
>>Joe Maimon wrote:
>>
>>    
>>
>>>Does anybody know of a way to create an interface between two VRF's or 
>>>a VRF and the global table inside one router?
>>>
>>>
>>>      
>>>
>>But this does not appear to work
>>
>>rt11#sh run int p1.17
>>Building configuration...
>>
>>Current configuration : 126 bytes
>>!
>>interface Port-channel1.17
>> encapsulation dot1Q 17
>> ip vrf forwarding CHL-PRIVATE
>> ip address 10.33.33.1 255.255.255.0
>>end
>>
>>rt11#sh run int p2.17
>>Building configuration...
>>
>>Current configuration : 95 bytes
>>!
>>interface Port-channel2.17
>> encapsulation dot1Q 17
>> ip address 10.33.33.2 255.255.255.0
>>end
>>
>>rt11#ping 10.33.33.1 re 2
>>
>>Type escape sequence to abort.
>>Sending 2, 100-byte ICMP Echos to 10.33.33.1, timeout is 2 seconds:
>>
>>003980: *Jan 18 12:55:39: IP: tableid=0, s=10.33.33.2 (local), 
>>d=10.33.33.1 (Port-channel2.17), routed via RIB
>>003981: *Jan 18 12:55:39: IP: s=10.33.33.2 (local), d=10.33.33.1 
>>(Port-channel2.17), len 100, sending
>>003982: *Jan 18 12:55:39: IP: s=10.33.33.2 (local), d=10.33.33.1 
>>(Port-channel2.17), len 100, encapsulation failed.
>>003983: *Jan 18 12:55:41: IP: tableid=0, s=10.33.33.2 (local), 
>>d=10.33.33.1 (Port-channel2.17), routed via RIB
>>003984: *Jan 18 12:55:41: IP: s=10.33.33.2 (local), d=10.33.33.1 
>>(Port-channel2.17), len 100, sending
>>003985: *Jan 18 12:55:41: IP: s=10.33.33.2 (local), d=10.33.33.1 
>>(Port-channel2.17), len 100, encapsulation failed.
>>Success rate is 0 percent (0/2)
>>rt11#ping 10.33.33.2 re 2
>>
>>Type escape sequence to abort.
>>Sending 2, 100-byte ICMP Echos to 10.33.33.2, timeout is 2 seconds:
>>!!
>>Success rate is 100 percent (2/2), round-trip min/avg/max = 1/2/4 ms
>>rt11#
>>003986: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 (local), 
>>d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003987: *Jan 18 12:55:48: IP: s=10.33.33.2 (local), d=10.33.33.2 
>>(Port-channel2.17), len 100, sending
>>003988: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 
>>(Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003989: *Jan 18 12:55:48: IP: s=10.33.33.2 (Port-channel2.17), 
>>d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
>>003990: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 (local), 
>>d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003991: *Jan 18 12:55:48: IP: s=10.33.33.2 (local), d=10.33.33.2 
>>(Port-channel2.17), len 100, sending
>>003992: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 
>>(Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003993: *Jan 18 12:55:48: IP: s=10.33.33.2 (Port-channel2.17), 
>>d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
>>003994: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 (local), 
>>d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003995: *Jan 18 12:55:48: IP: s=10.33.33.2 (local), d=10.33.33.2 
>>(Port-channel2.17), len 100, sending
>>003996: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 
>>(Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003997: *Jan 18 12:55:48: IP: s=10.33.33.2 (Port-channel2.17), 
>>d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
>>003998: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 (local), 
>>d=10.33.33.2 (Port-channel2.17), routed via RIB
>>003999: *Jan 18 12:55:48: IP: s=10.33.33.2 (local), d=10.33.33.2 
>>(Port-channel2.17), len 100, sending
>>004000: *Jan 18 12:55:48: IP: tableid=0, s=10.33.33.2 
>>(Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
>>004001: *Jan 18 12:55:48: IP: s=10.33.33.2 (Port-channel2.17), 
>>d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
>>noc08rt11#ping 10.33.33.3 re 2
>>
>>Type escape sequence to abort.
>>Sending 2, 100-byte ICMP Echos to 10.33.33.3, timeout is 2 seconds:
>>!!
>>Success rate is 100 percent (2/2), round-trip min/avg/max = 4/6/8 ms
>>rt11#
>>004002: *Jan 18 12:55:57: IP: tableid=0, s=10.33.33.2 (local), 
>>d=10.33.33.3 (Port-channel2.17), routed via FIB
>>004003: *Jan 18 12:55:57: IP: s=10.33.33.2 (local), d=10.33.33.3 
>>(Port-channel2.17), len 100, sending
>>004004: *Jan 18 12:55:57: IP: tableid=0, s=10.33.33.3 
>>(Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
>>004005: *Jan 18 12:55:57: IP: s=10.33.33.3 (Port-channel2.17), 
>>d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
>>004006: *Jan 18 12:55:57: IP: tableid=0, s=10.33.33.2 (local), 
>>d=10.33.33.3 (Port-channel2.17), routed via FIB
>>004007: *Jan 18 12:55:57: IP: s=10.33.33.2 (local), d=10.33.33.3 
>>(Port-channel2.17), len 100, sending
>>004008: *Jan 18 12:55:57: IP: tableid=0, s=10.33.33.3 
>>(Port-channel2.17), d=10.33.33.2 (Port-channel2.17), routed via RIB
>>004009: *Jan 18 12:55:57: IP: s=10.33.33.3 (Port-channel2.17), 
>>d=10.33.33.2 (Port-channel2.17), len 100, rcvd 3
>>
>>
>>
>>_______________________________________________
>>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>    
>>
>
>
>  
>

More information about the cisco-nsp mailing list