[c-nsp] vrf-lite and ipv6 / Cisco 6500/Sup720-3B SXI7

Sebastian Faerber faerber at gmail.com
Mon Nov 21 08:55:34 EST 2011 

Hi,

i'm trying to implement vrf-lite and route-leaking to separate some
traffic on a 6500/Sup720-3B running 12.2(33)SXI7.
What i'm trying to achieve is that all traffic from the customer1 VRF
is forced to go out via my default-route, it's ok that
incoming traffic is routed directly to the customer1 VRF.
IPv4 seems to work great but i'm having some problems with IPv6.
Is there some way to dynamically import my v6 default-route from the
global table into the vrf (like import ipv4 unicast)?
I'm currently using a static route but would like to change that if possible.

I also noticed that I can't reach (ping) the v6 IP on the customer1
VRF Interface (Vlan123) of the router from servers directly connected
to this routers global routing instance (Vlan5). v4 is working fine,
forwarding v6 Traffic works too, it seems only
packets generated directly by the router don't work.
I also tried to setup a BGP v6 Peering in the VRF customer1, but the
session stays Active, i assume because of the same problem.
Again, a v4 BGP Peering works as expected (even tried announcing v6
Prefixes over the v4 Session but didn't work).
Any hints or is this unsupported and i'm abusing the feature?

###
mls ipv6 vrf
vrf definition customer1
 rd 65000:123
 !
 address-family ipv4
 import ipv4 unicast 10 map import-default
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!

interface Vlan123
 vrf forwarding customer1
 ip address 192.0.2.61 255.255.255.192
 ip helper-address 192.168.0.1
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ipv6 address FE80::1 link-local
 ipv6 address 2001:DB8:0:101::999/64
 ipv6 enable
 no ipv6 unreachables
 ipv6 nd prefix default no-advertise
 ipv6 nd ra suppress
 no ipv6 redirects
 standby 18 ip 192.0.2.62
 standby 18 priority 255
 standby 18 preempt
end

interface Vlan5
 ipv6 address 2001:DB8:0:300::1/64
 ipv6 enable
 no ipv6 unreachables
 ipv6 nd prefix default no-advertise
 ipv6 nd ra suppress
 no ipv6 redirects
end

ip prefix-list import-defaultonly seq 10 permit 0.0.0.0/0
route-map import-default permit 10
 match ip address prefix-list import-defaultonly
!

ip route 192.0.2.0 255.255.255.192 Vlan123
ipv6 route vrf customer1 ::/0 TenGigabitEthernet1/1 2001:DB8:0:5::1
nexthop-vrf Default
ipv6 route 2001:DB8:0:101::/64 Vlan123 nexthop-vrf customer1

###


Regards,

Sebastian

More information about the cisco-nsp mailing list