[c-nsp] vrf newby question
David Freedman
david.freedman at uk.clara.net
Thu Aug 31 11:51:59 EDT 2006
All this is meaningless unless you have a "vpnv4" session between your
two PE routers.
The purpose of the VPNv4 session is to multiplex the routes learnt via
the VRF routing processes and transmit them to the remote PE.
The preferred way to do this is via BGP.
You should do :
!
router bgp <ASN>
<various other BGP bits>
!
!
neighbor x.x.x.x remote-as <AS>
neighbor x.x.x.x version 4
neighbor x.x.x.x description remote PE router
!
address-family vpnv4
neighbor x.x.x.x activate
neighbor x.x.x.x send-community extended
!
address-family ipv4 vrf VPN
redistribute eigrp 200
!
!
!Get the routes demultiplexed from remote PE back into
!local EIGRP process
router eigrp 200
no auto-summary
!
address-family ipv4 vrf VPN
redistribute bgp <X>
!
The purpose of this is to take routes learnt by the VPN instance of
eigrp 200 and attach the extended communities (the route-targets) to
then before sending to the remote PE router.
If you dont need EIGRP of course, and you only want to carry connected
and static in your vrf, just get rid of the eigrp 200 process
and put in redistribution commands for both static and connected into
your BGP "address-family ipv4 unicast" section.
Dave.
Ahmad Cheikh-Moussa wrote:
> Hi!
>
> I try to find out how to configure vrf.
> I have two routers connected via a crossover cable on
> the Gigethernet ports.
> I have configured two vrf instances on both, I can ping
> each other, but eigrp doesn't work.
>
> Any ideas ?
>
>
>
> Here the config of both router:
>
> Router1
>
> ip vrf VPN
> rd 200:10
> route-target export 200:10
> route-target import 200:10
> !
> ip vrf internet
> rd 100:10
> route-target export 100:10
> route-target import 100:10
> !
> !
> !
> !
> interface GigabitEthernet0
> no ip address
> duplex auto
> speed auto
> media-type rj45
> no negotiation auto
> no clns route-cache
> !
> interface GigabitEthernet0.10
> encapsulation dot1Q 10
> ip vrf forwarding internet
> ip address 10.0.0.1 255.255.255.0
> !
> interface GigabitEthernet0.20
> encapsulation dot1Q 20
> ip vrf forwarding VPN
> ip address 10.0.1.1 255.255.255.0
> !
> router eigrp 200
> no auto-summary
> !
> address-family ipv4 vrf VPN
> redistribute connected
> network 10.0.1.0 0.0.0.255
> no auto-summary
> exit-address-family
> !
> router eigrp 100
> no auto-summary
> !
> address-family ipv4 vrf internet
> redistribute connected
> network 10.0.0.0 0.0.0.255
> no auto-summary
> exit-address-family
>
>
>
>
> router 2
>
>
> ip vrf VPN
> rd 200:10
> route-target export 200:10
> route-target import 200:10
> !
> ip vrf internet
> rd 100:10
> route-target export 100:10
> route-target import 100:10
> !
> !
> !
> !
> interface GigabitEthernet0
> no ip address
> duplex auto
> speed auto
> media-type rj45
> no negotiation auto
> no clns route-cache
> !
> interface GigabitEthernet0.10
> encapsulation dot1Q 10
> ip vrf forwarding internet
> ip address 10.0.0.2 255.255.255.0
> !
> interface GigabitEthernet0.20
> encapsulation dot1Q 20
> ip vrf forwarding VPN
> ip address 10.0.1.2 255.255.255.0
> !
> router eigrp 200
> no auto-summary
> !
> address-family ipv4 vrf VPN
> redistribute connected
> network 10.0.1.0 0.0.0.255
> no auto-summary
> exit-address-family
> !
> router eigrp 100
> no auto-summary
> !
> address-family ipv4 vrf internet
> redistribute connected
> network 10.0.0.0 0.0.0.255
> no auto-summary
> exit-address-family
>
>
> mpls01#ping vrf VPN 10.0.1.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.0.1.2, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
> mpls01#
>
> Regards,
> Ahmad
>
>
>
>
More information about the cisco-nsp
mailing list