[c-nsp] Problem with ip vrf receive command

adam vitkovsky adam.vitkovsky at swan.sk
Thu Aug 9 10:55:08 EDT 2012


If I understood it correctly than "ip vrf receive VTC" makes all the
interface addresses belong to the VRF VTC
Additionally you've specified a list of source addresses in ACL 100 -for
which the destination lookups should be done in the VTC VRF -in accordance
to the PC_TO_VTC route-map

Now I don't understand where does the "need to insert a route in the general
routing table and in a VRF" falls in
Would you please clarify what would you like to accomplish


adam

-----Original Message-----
From: Luca Tortiglione [mailto:luca.tortiglione at gmail.com] 
Sent: Thursday, August 09, 2012 4:27 PM
To: Aaron
Cc: adam vitkovsky; cisco-nsp
Subject: Re: [c-nsp] Problem with ip vrf receive command

I know RD and route-target are used only by BGP.

2012/8/9 Aaron <aaron1 at gvtc.com>:
> Doesn't a vrf require an rd to even be functional?
>
> Aaron
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Luca 
> Tortiglione
> Sent: Thursday, August 09, 2012 4:05 AM
> To: adam vitkovsky
> Cc: cisco-nsp
> Subject: Re: [c-nsp] Problem with ip vrf receive command
>
> I have
>
> ip route vrf VTC 10.208.0.0 255.255.255.0 10.210.0.5 and ip route vrf 
> VTC
> 10.210.3.0 255.255.255.0 10.210.0.6
>
>
> and the other sources are directly connected networks, so no need to 
> add any other routes.
>
>
> 2012/8/9 adam vitkovsky <adam.vitkovsky at swan.sk>:
>> Does the VTC vrf has a route for your ping source please?
>>
>> adam
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net 
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Luca 
>> Tortiglione
>> Sent: Thursday, August 09, 2012 10:39 AM
>> To: cisco-nsp
>> Subject: [c-nsp] Problem with ip vrf receive command
>>
>> Good morning,
>> I need to insert a route in the general routing table and in a VRF.
>>
>> Reading on Internet,
>> I thought to use ip vrf receive command on the interface.
>>
>>
>>
>> this is CS router :
>>
>> hostname CS
>> !
>> boot-start-marker
>> boot-end-marker
>> !
>> ip cef
>> !
>> !
>> !
>> !
>> ip vrf VTC
>> !
>> interface Loopback1021030
>>  ip vrf receive VTC
>>  ip address 10.210.3.1 255.255.255.255  ip policy route-map PC_TO_VTC 
>> !
>> interface FastEthernet0/0
>>  no ip address
>>  duplex auto
>>  speed auto
>> !
>> interface FastEthernet0/1
>>  ip vrf receive VTC
>>  ip address 10.210.0.6 255.255.255.252  ip policy route-map PC_TO_VTC 
>> speed auto  full-duplex !
>> !
>>
>> !
>> ip forward-protocol nd
>> ip route vrf VTC 10.208.0.0 255.255.255.0 10.210.0.5 !
>> !
>> no ip http server
>> no ip http secure-server
>> !
>> access-list 100 permit ip 10.210.3.0 0.0.0.255 10.208.0.0 0.0.0.255 
>> access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.3.0 0.0.0.255 
>> access-list 100 permit ip 10.210.0.0 0.0.0.255 10.208.0.0 0.0.0.255 
>> access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.0.0 0.0.0.255 !
>> route-map PC_TO_VTC permit 1
>>  match ip address 100
>>  set vrf VTC
>>
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>
>>
>> and this is border router :
>>
>>
>> hostname Border_VTC
>> !
>> boot-start-marker
>> boot-end-marker
>> !
>> !
>> no aaa new-model
>>
>> ip cef
>>
>> ip vrf VTC
>>
>> interface Loopback1
>>  ip vrf forwarding VTC
>>  ip address 10.208.0.1 255.255.255.255 !
>> interface FastEthernet0/0
>>  ip vrf forwarding VTC
>>  ip address 10.210.0.2 255.255.255.252  duplex auto  speed auto !
>> interface FastEthernet0/1
>>  ip vrf forwarding VTC
>>  ip address 10.210.0.5 255.255.255.252  speed auto  full-duplex
>>
>> ip forward-protocol nd
>> ip route vrf VTC 10.210.3.0 255.255.255.0 10.210.0.6
>>
>> !
>>
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>
>> Trying to ping I have
>>
>> CS#ping vrf VTC 10.208.0.1 source fastEthernet 0/1
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
>> Packet sent with a source address of 10.210.0.6 !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max = 
>> 56/100/189 ms CS# *Mar  1 00:08:13.404: ICMP: echo reply rcvd, src 
>> 10.208.0.1, dst
>> 10.210.0.6 *Mar  1 00:08:13.593: ICMP: echo reply rcvd, src 
>> 10.208.0.1, dst
>> 10.210.0.6 *Mar  1 00:08:13.673: ICMP: echo reply rcvd, src 
>> 10.208.0.1, dst
>> 10.210.0.6 *Mar  1 00:08:13.749: ICMP: echo reply rcvd, src 
>> 10.208.0.1, dst
>> 10.210.0.6 *Mar  1 00:08:13.813: ICMP: echo reply rcvd, src 
>> 10.208.0.1, dst
>> 10.210.0.6 CS#ping vrf VTC 10.208.0.1 source Loopback1021030
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
>> Packet sent with a source address of 10.210.3.1 .....
>>
>> On this failed ping i get
>>
>> Border_VTC#
>> *Mar  1 00:08:33.810: ICMP: echo reply sent, src 10.208.0.1, dst
>> 10.210.3.1 *Mar  1 00:08:35.757: ICMP: echo reply sent, src 
>> 10.208.0.1, dst 10.210.3.1 *Mar  1 00:08:37.764: ICMP: echo reply 
>> sent, src 10.208.0.1, dst 10.210.3.1 *Mar  1 00:08:39.752: ICMP: echo 
>> reply sent, src 10.208.0.1, dst 10.210.3.1 *Mar  1 00:08:41.767: ICMP:
>> echo reply sent, src 10.208.0.1, dst 10.210.3.1
>>
>>
>> Trying ping on other router i get
>>
>>
>> Border_VTC#ping vrf VTC 10.210.3.1 source fastEthernet 0/1
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
>> Packet sent with a source address of 10.210.0.5 .....
>> Success rate is 0 percent (0/5)
>> Border_VTC#ping vrf VTC 10.210.3.1 source loopback 1
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
>> Packet sent with a source address of 10.208.0.1 .....
>> Success rate is 0 percent (0/5)
>> Border_VTC#
>>
>>
>> Any suggestion ?
>>
>> --
>>
>>
>>
>>
>> L.
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>
>
> --
>
>
>
>
> L.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



-- 




L.



More information about the cisco-nsp mailing list