[c-nsp] Can ASR920 handle ip vrf forwarding X combined with tunnel vrf Y on a tunnel interface?

Peter Olsson list-cisco-nsp at jyborn.se
Tue Aug 20 16:15:17 EDT 2019 

On Tue, Aug 20, 2019 at 07:54:13PM +0000, Nick Cutting wrote:
> Is the tunnel source and destination IP addresses in  vrf TEST, with routes? - Like a F-VRF.

The ASR920 has its BDI interface (10.50.3.2) in vrf TEST,
the other router doesn't use vrf:s, but is connected to
the same VLAN in the lab setup.

ping and telnet works fine both ways between 10.50.3.1 and 10.50.3.2.

Peter Olsson

> If this operates like an ASR/ISR4k - Then you can put the tunnel IP in whatever table you choose.
> 
> -----Original Message-----
> From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> On Behalf Of Peter Olsson
> Sent: Tuesday, August 20, 2019 3:47 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Can ASR920 handle ip vrf forwarding X combined with tunnel vrf Y on a tunnel interface?
> 
> This message originates from outside of your organisation.
> 
> Hello!
> 
> I have this configuration on a tunnel interface in an ASR920:
> 
> interface Tunnel0
>  ip address 192.168.154.2 255.255.255.0
>  keepalive 10 3
>  tunnel source 10.50.3.2
>  tunnel destination 10.50.3.1
> 
> Works fine, the tunnel between the ASR920 and the other router is connected.
> 
> Then I add both vrf lines with the same vrf, like this:
> 
> interface Tunnel0
>  ip address 192.168.154.2 255.255.255.0
>  ip vrf forwarding TEST
>  keepalive 10 3
>  tunnel source 10.50.3.2
>  tunnel destination 10.50.3.1
>  tunnel vrf TEST
> 
> And add vrf TEST to the 10.50.3.2 interface:
> interface BDI653
>  ip vrf forwarding TEST
>  ip address 10.50.3.2 255.255.255.0
> 
> This also works fine, the tunnel is connected.
> 
> But what we want to do is this:
> 
> interface Tunnel0
>  ip address 192.168.154.2 255.255.255.0
>  ip vrf forwarding OTHER_VRF
>  keepalive 10 3
>  tunnel source 10.50.3.2
>  tunnel destination 10.50.3.1
>  tunnel vrf TEST
> 
> This configuration doesn't work.
> What happens is that the tunnel in the ASR920 is up/line up, but the tunnel in the other router is up/line down.
> Both tunnels increase their packets input and packets output, probably because of keepalive, but there is no connection.
> Strange that the other routers both counters are increasing even though the tunnel in that router has line down?
> Maybe the traffic flows, but something is missing for activation?
> 
> It doesn't help if I remove either of the vrf lines, that also fails in the same way.
> 
> I don't know if network sniff could show something interesting, I will try that tomorrow when I'm at site.
> 
> But does anyone know if our wanted configuration is possible in ASR920?
> 
> The ASR920 is an ASR-920-24SZ-IM running asr920-universalk9_npe.16.12.01.SPA.bin
> 
> debug tunnel and debug tunnel events doesn't help, they look about the same to me in either configuration.
> 
> This is debug output with both vrf lines removed from the tunnel:
> *Aug 20 11:42:46.245: Tunnel0: GRE/IP (PS) to decaps 10.50.3.1->10.50.3.2 (tbl=0,"default" len=48 ttl=254) *Aug 20 11:42:46.245: Tunnel0: Pak Decapsulated on BDI653, ptype 0x800, nw start 0x784BD67E, mac start 0x784BD658, datagram size 24 link type 0x7 *Aug 20 11:42:46.245: Tunnel0: GRE decapsulated IP packet (linktype=7, len=24) *Aug 20 11:42:46.245: Tunnel0: GRE decapsulated IP packet (linktype=7, len=24) *Aug 20 11:42:52.614: Tunnel0: GRE/IP (PS) to decaps 10.50.3.1->10.50.3.2 (tbl=0,"default" len=68 ttl=254) *Aug 20 11:42:52.614: Tunnel0: Pak Decapsulated on BDI653, ptype 0x800, nw start 0x784C90BE, mac start 0x784C9098, datagram size 44 link type 0x7 *Aug 20 11:42:52.614: Tunnel0: GRE decapsulated IP packet (linktype=7, len=44) *Aug 20 11:42:52.614: Tunnel0: GRE decapsulated IP packet (linktype=7, len=44) *Aug 20 11:42:52.615: Tunnel0: GRE/IP encapsulated 10.50.3.2->10.50.3.1 (linktype=7, len=64)
> 
> This is debug output with "tunnel vrf TEST" in the tunnel:
> *Aug 20 11:48:36.957: Tunnel0: GRE/IP (PS) to decaps 10.50.3.1->10.50.3.2 (tbl=6,"TEST" len=48 ttl=254) *Aug 20 11:48:36.957: Tunnel0: Pak Decapsulated on BDI653, ptype 0x800, nw start 0x784927B2, mac start 0x7849278C, datagram size 24 link type 0x7 *Aug 20 11:48:36.957: Tunnel0: GRE decapsulated IP packet (linktype=7, len=24) *Aug 20 11:48:36.957: Tunnel0: GRE decapsulated IP packet (linktype=7, len=24) *Aug 20 11:48:44.084: Tunnel0: GRE/IP encapsulated 10.50.3.2->10.50.3.1 (linktype=7, len=48) *Aug 20 11:48:44.087: Tunnel0: GRE/IP (PS) to decaps 10.50.3.1->10.50.3.2 (tbl=6,"TEST" len=24 ttl=252) *Aug 20 11:48:46.955: Tunnel0: GRE/IP (PS) to decaps 10.50.3.1->10.50.3.2 (tbl=6,"TEST" len=48 ttl=254) *Aug 20 11:48:46.955: Tunnel0: Pak Decapsulated on BDI653, ptype 0x800, nw start 0x784A908E, mac start 0x784A9068, datagram size 24 link type 0x7 *Aug 20 11:48:46.956: Tunnel0: GRE decapsulated IP packet (linktype=7, len=24) *Aug 20 11:48:46.956: Tunnel0: GRE decapsulated IP packet (linktype=7, len=24)
> 
> Thanks!
> 
> --
> Peter Olsson
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list