четверг, 1 октября 2015 г.

"IP VRF FORWARDING" vs "VRF FORWARDING"

Marco Rizzi Blog: "vrf definition" command, how to survive

"vrf definition" command, how to survive

Hi all,

as you may know, the old vrf definition commands are useful only for ipv4 vrfs.

for example:
ip vrf OLD-FORMAT
 description old format for vrf definition
 rd 1:1
 vpn id ABC:DEF
 route-target export 1:1
 route-target import 1:1
 route-target import 1:2


Will create a ipv4 vrf only, you can see it with:
Router(config-vrf)#do sh vrf detail
VRF OLD-FORMAT; default RD 1:1; default VPNID ABC:DEF
  Description: old format for vrf definition
  No interfaces
Address family ipv4 (Table ID = 0x1):
  Export VPN route-target communities
    RT:1:1
  Import VPN route-target communities
    RT:1:1                   RT:1:2
  No import route-map
  No export route-map
  VRF label distribution protocol: not configured
  VRF label allocation mode: per-prefix
Address family ipv6 not active.


If we try to add an interface to vrf, with both ipv4 and ipv6 addresses, we notice also:
Router(config)#do sh run int f 0/0 | b int
interface FastEthernet0/0
 ip vrf forwarding OLD-FORMAT
 ip address 10.0.0.1 255.255.255.0
 duplex auto
 speed auto
 ipv6 address FC00:1234:CC13::1/64


Router(config)#do sh ip route vrf OLD-FORMAT | b Gate
Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/0
Router(config)#

Router(config)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

Router(config)#do sh ipv6 route
IPv6 Routing Table - Default - 3 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
       I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
       EX - EIGRP external
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C   FC00:1234:CC13::/64 [0/0]
     via FastEthernet0/0, directly connected
L   FC00:1234:CC13::1/128 [0/0]
     via FastEthernet0/0, receive
L   FF00::/8 [0/0]
     via Null0, receive


As expected, the vrf table is created only for ipv4 address-family, the ipv6 address still in the global table.

Starting from IOS 12.4(20)T (and 12.2(33)Sxx) the new command "vrf definition" was introduced.
According to the Doc-CD, the command creates both the virtual routing tables for ipv4 and ipv6 address-families, and can be used to specify global route-targets for both address-families and also specific route-targets.

So far so good, let's try this relatively new feature and see if it's working as documented:

Router(config)#vrf definition NEW-FORMAT
Router(config-vrf)#rd 2:2
Router(config-vrf)#?
VPN Routing/Forwarding instance configuration commands:
  address-family  Enter Address Family command mode
  context         Associate SNMP context with this vrf
  default         Set a command to its defaults
  description     VRF specific description
  exit            Exit from VRF configuration mode
  no              Negate a command or set its defaults
  rd              Specify Route Distinguisher
  route-target    Specify Target VPN Extended Communities
  vpn             Configure VPN ID as specified in rfc2685

Router(config-vrf)#route-target both 2:2
Router(config-vrf)#route-target import 100:100
Router(config-vrf)#do sh run vrf NEW-FORMAT
Building configuration...

Current configuration : 120 bytes
vrf definition NEW-FORMAT
 rd 2:2
 route-target export 2:2
 route-target import 2:2
 route-target import 100:100
!
end


Nice, as you can see, I have placed the route-targets globally, hoping that it will use for both address families.
In fact, this is not happening at all, because seems that the address-families aren't activated:
Router(config-vrf)#sh vrf detail NEW-FORMAT
VRF NEW-FORMAT; default RD 2:2; default VPNID 
  No interfaces
Address family ipv4 not active.
Address family ipv6 not active.


So if you try to add an interface to this vrf, the result is something strange:
Router(config)#int f 0/1
Router(config-if)#ip vrf forwarding NEW-FORMAT
% Use 'vrf forwarding' command for VRF 'NEW-FORMAT' !-- note that the old format command is rejected
Router(config-if)#vrf forwarding NEW-FORMAT
Router(config-if)#ip add 10.2.2.2 255.255.255.0
Router(config-if)#ipv6 address fc00:2222:2222::2/64
%FastEthernet0/1 is linked to a VRF. Enable IPv6 on that VRF first.  !-- IPv6 address is rejected too! 
Router(config-if)#do sh run int f 0/1
Building configuration...

Current configuration : 120 bytes
!
interface FastEthernet0/1
 vrf forwarding NEW-FORMAT
 ip address 10.2.2.2 255.255.255.0
 duplex auto
 speed auto
end


Seems that the ipv6 address was rejected due the missing address-family activation, but the ipv4 was accepted.

Surprise! The ipv4 still in global routing table, not in the vrf table!
Router(config-if)#do sh ip route | beg Gate
Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets
C       10.2.2.0 is directly connected, FastEthernet0/1

Router(config-if)#do sh ip route vrf NEW-FORMAT

Router(config-if)#


So let's activate the address families:
Router(config)#vrf definition NEW-FORMAT
Router(config-vrf)#address-family ipv4
Router(config-vrf-af)#route-target both 2:2
Router(config-vrf-af)#exit
Router(config-vrf)#address-family ipv6
Router(config-vrf-af)#route-target both 2:2
Router(config-vrf-af)#exit
Router(config-vrf)#do sh run vrf NEW-FORMAT
Building configuration...

Current configuration : 409 bytes
vrf definition NEW-FORMAT
 rd 2:2
 route-target export 2:2
 route-target import 2:2
 route-target import 100:100
 !
 address-family ipv4
 route-target export 2:2
 route-target import 2:2
 exit-address-family
 !
 address-family ipv6
 route-target export 2:2
 route-target import 2:2
 exit-address-family
!
!
interface FastEthernet0/1
 vrf forwarding NEW-FORMAT
 no ip address
 duplex auto
 speed auto
!
!
end

Router(config-vrf)#

Yup! the ip address disappeared without notice!

Let's re-add both ip and ipv6 addresses
Router(config-vrf)#int f 0/1
Router(config-if)#ip add 10.2.2.2 255.255.255.0
Router(config-if)#ipv add fc00:2222:2222::2/64
Router(config-if)#do sh run vrf NEW-FORMAT
Building configuration...

Current configuration : 464 bytes
vrf definition NEW-FORMAT
 rd 2:2
 route-target export 2:2
 route-target import 2:2
 route-target import 100:100
 !
 address-family ipv4
 route-target export 2:2
 route-target import 2:2
 exit-address-family
 !
 address-family ipv6
 route-target export 2:2
 route-target import 2:2
 exit-address-family
!
!
interface FastEthernet0/1
 vrf forwarding NEW-FORMAT
 ip address 10.2.2.2 255.255.255.0
 duplex auto
 speed auto
 ipv6 address FC00:2222:2222::2/64
!
!
end

Router(config-if)#do sh ip route | beg Gate
Gateway of last resort is not set

Router(config-if)#do sh ip route vrf NEW-FORMAT

Routing Table: NEW-FORMAT
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets
C       10.2.2.0 is directly connected, FastEthernet0/1
Router(config-if)#do sh ipv6  route vrf NEW-FORMAT
IPv6 Routing Table - NEW-FORMAT - 3 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
       I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
       EX - EIGRP external
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C   FC00:2222:2222::/64 [0/0]
     via FastEthernet0/1, directly connected
L   FC00:2222:2222::2/128 [0/0]
     via FastEthernet0/1, receive
L   FF00::/8 [0/0]
     via Null0, receive
Router(config-if)#


Finally it's all right, ip and ipv6 addresses are in the vrf routing table, I'm still asking myself what is the purpose of global route-targets...

:-)
Fortunately, seems that they have modified in the 15.0 IOS version. The above tests was on my 12.4T rack, when tryed with dynamips on 15.0...
RackVR1(config)#vrf definition TEST
RackVR1(config-vrf)#rd 1:1 
RackVR1(config-vrf)#route-target both 1:1

RackVR1(config)#int f 2/0
RackVR1(config-if)#vrf forwarding TEST
% Cannot configure VRF forwarding since no address family configuration exists in this VRF TEST; Please configure address family first
RackVR1(config-if)#do sh ver  
Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.0(1)M, RELEASE SOFTWARE (fc2)
...


Комментариев нет:

Отправить комментарий

Примечание. Отправлять комментарии могут только участники этого блога.