http://mlaxlink.ru/info/
четверг, 15 октября 2015 г.
вторник, 6 октября 2015 г.
четверг, 1 октября 2015 г.
"IP VRF FORWARDING" vs "VRF FORWARDING"
Marco Rizzi Blog: "vrf definition" command, how to survive
as you may know, the old vrf definition commands are useful only for ipv4 vrfs.
for example:
Will create a ipv4 vrf only, you can see it with:
If we try to add an interface to vrf, with both ipv4 and ipv6 addresses, we notice also:
As expected, the vrf table is created only for ipv4 address-family, the ipv6 address still in the global table.
Starting from IOS 12.4(20)T (and 12.2(33)Sxx) the new command "vrf definition" was introduced.
According to the Doc-CD, the command creates both the virtual routing tables for ipv4 and ipv6 address-families, and can be used to specify global route-targets for both address-families and also specific route-targets.
So far so good, let's try this relatively new feature and see if it's working as documented:
Nice, as you can see, I have placed the route-targets globally, hoping that it will use for both address families.
In fact, this is not happening at all, because seems that the address-families aren't activated:
So if you try to add an interface to this vrf, the result is something strange:
Seems that the ipv6 address was rejected due the missing address-family activation, but the ipv4 was accepted.
Surprise! The ipv4 still in global routing table, not in the vrf table!
So let's activate the address families:
Yup! the ip address disappeared without notice!
Let's re-add both ip and ipv6 addresses
Finally it's all right, ip and ipv6 addresses are in the vrf routing table, I'm still asking myself what is the purpose of global route-targets...
:-)
Fortunately, seems that they have modified in the 15.0 IOS version. The above tests was on my 12.4T rack, when tryed with dynamips on 15.0...
Marco Rizzi Blog: "vrf definition" command, how to survive
"vrf definition" command, how to survive
Hi all,as you may know, the old vrf definition commands are useful only for ipv4 vrfs.
for example:
ip vrf OLD-FORMAT description old format for vrf definition rd 1:1 vpn id ABC:DEF route-target export 1:1 route-target import 1:1 route-target import 1:2
Will create a ipv4 vrf only, you can see it with:
Router(config-vrf)#do sh vrf detail VRF OLD-FORMAT; default RD 1:1; default VPNID ABC:DEF Description: old format for vrf definition No interfaces Address family ipv4 (Table ID = 0x1): Export VPN route-target communities RT:1:1 Import VPN route-target communities RT:1:1 RT:1:2 No import route-map No export route-map VRF label distribution protocol: not configured VRF label allocation mode: per-prefix Address family ipv6 not active.
If we try to add an interface to vrf, with both ipv4 and ipv6 addresses, we notice also:
Router(config)#do sh run int f 0/0 | b int interface FastEthernet0/0 ip vrf forwarding OLD-FORMAT ip address 10.0.0.1 255.255.255.0 duplex auto speed auto ipv6 address FC00:1234:CC13::1/64 Router(config)#do sh ip route vrf OLD-FORMAT | b Gate Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, FastEthernet0/0 Router(config)# Router(config)#do sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set Router(config)#do sh ipv6 route IPv6 Routing Table - Default - 3 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 C FC00:1234:CC13::/64 [0/0] via FastEthernet0/0, directly connected L FC00:1234:CC13::1/128 [0/0] via FastEthernet0/0, receive L FF00::/8 [0/0] via Null0, receive
As expected, the vrf table is created only for ipv4 address-family, the ipv6 address still in the global table.
Starting from IOS 12.4(20)T (and 12.2(33)Sxx) the new command "vrf definition" was introduced.
According to the Doc-CD, the command creates both the virtual routing tables for ipv4 and ipv6 address-families, and can be used to specify global route-targets for both address-families and also specific route-targets.
So far so good, let's try this relatively new feature and see if it's working as documented:
Router(config)#vrf definition NEW-FORMAT Router(config-vrf)#rd 2:2 Router(config-vrf)#? VPN Routing/Forwarding instance configuration commands: address-family Enter Address Family command mode context Associate SNMP context with this vrf default Set a command to its defaults description VRF specific description exit Exit from VRF configuration mode no Negate a command or set its defaults rd Specify Route Distinguisher route-target Specify Target VPN Extended Communities vpn Configure VPN ID as specified in rfc2685 Router(config-vrf)#route-target both 2:2 Router(config-vrf)#route-target import 100:100 Router(config-vrf)#do sh run vrf NEW-FORMAT Building configuration... Current configuration : 120 bytes vrf definition NEW-FORMAT rd 2:2 route-target export 2:2 route-target import 2:2 route-target import 100:100 ! end
Nice, as you can see, I have placed the route-targets globally, hoping that it will use for both address families.
In fact, this is not happening at all, because seems that the address-families aren't activated:
Router(config-vrf)#sh vrf detail NEW-FORMAT VRF NEW-FORMAT; default RD 2:2; default VPNID No interfaces Address family ipv4 not active. Address family ipv6 not active.
So if you try to add an interface to this vrf, the result is something strange:
Router(config)#int f 0/1 Router(config-if)#ip vrf forwarding NEW-FORMAT % Use 'vrf forwarding' command for VRF 'NEW-FORMAT' !-- note that the old format command is rejected Router(config-if)#vrf forwarding NEW-FORMAT Router(config-if)#ip add 10.2.2.2 255.255.255.0 Router(config-if)#ipv6 address fc00:2222:2222::2/64 %FastEthernet0/1 is linked to a VRF. Enable IPv6 on that VRF first. !-- IPv6 address is rejected too! Router(config-if)#do sh run int f 0/1 Building configuration... Current configuration : 120 bytes ! interface FastEthernet0/1 vrf forwarding NEW-FORMAT ip address 10.2.2.2 255.255.255.0 duplex auto speed auto end
Seems that the ipv6 address was rejected due the missing address-family activation, but the ipv4 was accepted.
Surprise! The ipv4 still in global routing table, not in the vrf table!
Router(config-if)#do sh ip route | beg Gate Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.2.2.0 is directly connected, FastEthernet0/1 Router(config-if)#do sh ip route vrf NEW-FORMAT Router(config-if)#
So let's activate the address families:
Router(config)#vrf definition NEW-FORMAT Router(config-vrf)#address-family ipv4 Router(config-vrf-af)#route-target both 2:2 Router(config-vrf-af)#exit Router(config-vrf)#address-family ipv6 Router(config-vrf-af)#route-target both 2:2 Router(config-vrf-af)#exit Router(config-vrf)#do sh run vrf NEW-FORMAT Building configuration... Current configuration : 409 bytes vrf definition NEW-FORMAT rd 2:2 route-target export 2:2 route-target import 2:2 route-target import 100:100 ! address-family ipv4 route-target export 2:2 route-target import 2:2 exit-address-family ! address-family ipv6 route-target export 2:2 route-target import 2:2 exit-address-family ! ! interface FastEthernet0/1 vrf forwarding NEW-FORMAT no ip address duplex auto speed auto ! ! end Router(config-vrf)#
Yup! the ip address disappeared without notice!
Let's re-add both ip and ipv6 addresses
Router(config-vrf)#int f 0/1 Router(config-if)#ip add 10.2.2.2 255.255.255.0 Router(config-if)#ipv add fc00:2222:2222::2/64 Router(config-if)#do sh run vrf NEW-FORMAT Building configuration... Current configuration : 464 bytes vrf definition NEW-FORMAT rd 2:2 route-target export 2:2 route-target import 2:2 route-target import 100:100 ! address-family ipv4 route-target export 2:2 route-target import 2:2 exit-address-family ! address-family ipv6 route-target export 2:2 route-target import 2:2 exit-address-family ! ! interface FastEthernet0/1 vrf forwarding NEW-FORMAT ip address 10.2.2.2 255.255.255.0 duplex auto speed auto ipv6 address FC00:2222:2222::2/64 ! ! end Router(config-if)#do sh ip route | beg Gate Gateway of last resort is not set Router(config-if)#do sh ip route vrf NEW-FORMAT Routing Table: NEW-FORMAT Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.2.2.0 is directly connected, FastEthernet0/1 Router(config-if)#do sh ipv6 route vrf NEW-FORMAT IPv6 Routing Table - NEW-FORMAT - 3 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 C FC00:2222:2222::/64 [0/0] via FastEthernet0/1, directly connected L FC00:2222:2222::2/128 [0/0] via FastEthernet0/1, receive L FF00::/8 [0/0] via Null0, receive Router(config-if)#
Finally it's all right, ip and ipv6 addresses are in the vrf routing table, I'm still asking myself what is the purpose of global route-targets...
:-)
Fortunately, seems that they have modified in the 15.0 IOS version. The above tests was on my 12.4T rack, when tryed with dynamips on 15.0...
RackVR1(config)#vrf definition TEST RackVR1(config-vrf)#rd 1:1 RackVR1(config-vrf)#route-target both 1:1 RackVR1(config)#int f 2/0 RackVR1(config-if)#vrf forwarding TEST % Cannot configure VRF forwarding since no address family configuration exists in this VRF TEST; Please configure address family first RackVR1(config-if)#do sh ver Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.0(1)M, RELEASE SOFTWARE (fc2) ...
Подписаться на:
Сообщения (Atom)