[c-nsp] VRF & Hairpin Routing?

David Prall dcp at dcptech.com
Thu Apr 6 15:22:17 EDT 2006 

Need a static arp entry. Both in the global for the vrf, and in the vrf for
the global. I have no clue if this is a bug/feature/safety mechanism. It
just works.

--
David C Prall dcp at dcptech.com http://dcp.dcptech.com
  

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Bruce Pinsky
> Sent: Thursday, April 06, 2006 3:09 PM
> To: Sean Watkins
> Cc: 'cisco-nsp at puck.nether.net'
> Subject: Re: [c-nsp] VRF & Hairpin Routing?
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Sean Watkins wrote:
> > Hi,
> > 
> > Is there anyway one can use a VRF to hairpin route some 
> traffic in and out
> > of a router on fast ethernet interfaces?
> > 
> > I have got what I believe a good config, but IOS doesn't 
> like to see a
> > packet from itself going to itself?
> > 
> > Here is important snippits of my config
> > 
> > 
> > ip vrf Customers
> >  rd 1:1
> > !
> > ip cef
> > 
> > interface FastEthernet0/0.11
> >  encapsulation dot1Q 11
> >  ip vrf forwarding Customers
> >  ip address 10.10.1.2 255.255.255.0
> >  no snmp trap link-status
> > !
> > 
> > interface FastEthernet0/1.10
> >  encapsulation dot1Q 10
> >  ip address 10.10.1.1 255.255.255.0
> >  no snmp trap link-status
> > !
> > interface FastEthernet0/1.12
> >  encapsulation dot1Q 12
> >  ip vrf forwarding Customers
> >  ip address 10.12.1.1 255.255.255.0
> >  no snmp trap link-status
> > !
> > 
> > ip route vrf Customers 0.0.0.0 0.0.0.0 10.10.1.1
> > 
> > 
> > 
> > Vlans 10 & 11 are connected together in an upstream switch  
> via a crossover
> > cable.
> > 
> > 
> > I get these error messages on debug arp;
> > 
> > 
> > 1d00h: IP ARP: sent req src 10.10.1.1 0003.fdcb.ec06,
> >                  dst 10.10.1.2 0000.0000.0000 FastEthernet0/1.10
> > 
> > 1d00h: IP ARP req filtered src 10.10.1.1 0003.fdcb.ec06, 
> dst 10.10.1.2
> > 0000.0000.0000 it's our address
> > 
> > 
> > 
> > Any ideas?
> > 
> 
> Why are you trying to do this?  What's the objective?
> 
> - --
> =========
> bep
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFENWdXE1XcgMgrtyYRAgoXAKDvuSSlMrzlN22tkMgM87fUfzHSQwCdFKJ2
> f1H67SLimXsosFIxljMHWLc=
> =phgB
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list