[c-nsp] VRFs

Jason Berenson jason at pins.net
Mon Jul 14 13:38:47 EDT 2008 

R1#show ip route vrf priv

Routing Table: priv

Gateway of last resort is 209.212.66.1 to network 0.0.0.0

     209.212.64.0/29 is subnetted, 1 subnets
C       209.212.64.176 is directly connected, GigabitEthernet0/1.1000
S*   0.0.0.0/0 [1/0] via 209.212.66.1, GigabitEthernet0/1.1000

ip route 209.212.64.177 255.255.255.255 GigabitEthernet0/1.1000 
209.212.64.177
ip route vrf priv 0.0.0.0 0.0.0.0 GigabitEthernet0/1.1000 209.212.66.1 
global

interface GigabitEthernet0/1.1000
 description << Priv VRF for MON T1/DSL >>
 encapsulation dot1Q 1000
 ip vrf forwarding priv
 ip address 209.212.64.177 255.255.255.248
 no ip redirects
 no cdp enable

So for now I just want the vrf priv to route to the Internet via another 
router.  There's two routers in 209.212.64.176/29.  The other one has 
similar config except it's 209.212.64.178.

Right now a ping drops exactly half the packets:

R1#ping vrf priv 209.212.66.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.212.66.1, timeout is 2 seconds:
!.!.!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/2/4 ms

I will eventually add certain T1/DSL interfaces to the VRF priv in order 
to "move" them behind a traffic shaping device so diagnostics can be 
performed.

-Jason

dwinkworth at wi.rr.com wrote:
> What about the return path?  What did you do to get traffic back into the VRF?
>
> Also, what do you mean it does not work as the next hop?  Did the static route not appear in the routing table after you added it?  Can you give us some config output/"show ip route vrf" output?
>
> ---- Jason Berenson <jason at pins.net> wrote: 
>   
>> Oliver,
>>
>> I tried that but it doesn't seem to work.  The IP that exists in the 
>> global routing table (just an interface on the router) is not pingable 
>> from within the VRF.  It also does not work as a next hop.
>>
>> -Jason
>>
>> Oliver Boehmer (oboehmer) wrote:
>>     
>>> Jason Berenson <> wrote on Monday, July 14, 2008 7:37 AM:
>>>
>>>   
>>>       
>>>> Greetings,
>>>>
>>>> I know how to route leak between VRFs with BGP but is it possible to
>>>> set a default route within a VRF pointing to an IP in the global
>>>> routing table?  If so can anyone point me to some good documentation
>>>> or perhaps a sample snippit?
>>>>     
>>>>         
>>> ip route vrf FOO 0.0.0.0 0.0.0.0 <next-hop> global
>>>
>>> the next-hop must not be a local address of the PE..
>>>
>>> 	oli
>>>   
>>>       
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>     
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list