Re: Import IPv6 prefixes from Global into VRF - platform limitation Catalyst 3750x?

andrew.butterworth · ‎02-18-2021

I am in the process of building a SD Access Lab. My Fusion routers are Cisco Catalyst 3750X's running the latest IOS 15.2(4)E10 with IP Services Licenses and the dual IPv4, IPv6 SDM template (sdm prefer dual-ipv4-and-ipv6 default).

We currently have three routing tables - the GRT and two VRFs; one for Shared-Services and one for the Underlay. There is a link to a firewall in the GRT that has IPv4 & IPv6 addresses. The IPv4 is NAT'd by the Firewall but the IPv6 address is unique (we have a /56 prefix and the link to the firewall uses a /64 from this).

We seem to have hit a platform limitation with the Catalyst 3750X in that it can't import IPv6 prefixes from the GRT to the VRF like we can with IPv4.

If you look at the following snippet of config:

vrf definition SHARED-SERVICES
 rd 111:111
 route-target export 111:111
 route-target import 111:111
 route-target import 222:222
 !
 address-family ipv4
  import ipv4 unicast map GLOBAL-TO-VRF
  export ipv4 unicast map VRF-TO-GLOBAL
 exit-address-family
 !
 address-family ipv6
  import map GLOBAL-TO-VRF-IPv6
  export ipv6 unicast map VRF-TO-GLOBAL-IPv6
 exit-address-family
!
vrf definition UNDERLAY
 rd 222:222
 route-target export 222:222
 route-target import 222:222
 route-target import 111:111
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family

Under the address-family ipv6 for the VRF SHARED-SERVICES we can add 'export ipv6 unicast map xxx', however for the import there is no option for 'ipv6', there is just the 'map' option. Se we can export IPv6 prefixes from this VRF to the GRT but can't import them.

With IPv4 we have the option to import and export 'ipv4'.

I have tried this on a Catalyst 3650 and the 'import ipv6 map xxx' command is available under the address-family ipv6 so I'm pretty sure it is a platform limitation.

Other than putting the link to the firewall in another VRF is there a way around this?

Cheers

Andy

ngkin2010 · ‎02-28-2021

Hi,

How about using static route like:

ipv6 route vrf A ::/0 2000::1 nexthop-vrf default

mitracy · ‎01-22-2024

I found this online IPv6 does not support inserting static routes into virtual routing and forwarding (VRF) tables. This sucks. I tried it and it appears to be true, I tried

ipv6 route vrf VRFA 2001:3::/64 GigabitEthernet0/0/1 and ipv6 route vrf VRFA 2001:3::/64 GigabitEthernet0/0/1 nexthop-vrf default

Neither command added 2001:3:: to VRFA's ipv6 routing table.

There also does not seem to be a mechanism to replicate IPv6 routes into the VRF (like in IPv4)

Harold Ritter · ‎01-22-2024

Hi @mitracy ,

I am not sure what that statement about IPv6 not inserting static routes in a VRF means. I have been configuring ipv6 static routes in a VRF for a while and it certainly works.

R1#sh vers | i Amsterdam
Cisco IOS Software [Amsterdam], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.3.4a, RELEASE SOFTWARE (fc3)

R1#sh runn | sec ipv6 ro
ipv6 route vrf test 2001:DB8:12FF::2/128 2001:DB8:12FF:12::2
ipv6 route vrf test 2001:DB8:12FF:23::/64 GigabitEthernet1

R1#sh ipv6 ro vrf test static
IPv6 Routing Table - test - 5 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter
OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1
ON2 - OSPF NSSA ext 2, la - LISP alt, lr - LISP site-registrations
ld - LISP dyn-eid, lA - LISP away, le - LISP extranet-policy
lp - LISP publications, a - Application, m - OMP
S 2001:DB8:12FF::2/128 [1/0]
via 2001:DB8:12FF:12::2
S 2001:DB8:12FF:23::/64 [1/0]
via GigabitEthernet1, directly connected

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

andrew.butterworth · ‎01-23-2024

Hi Harold, you are looking at IOS-XE on I guess a C9x00 series switch? This question was specific to C3750X/3560X series. This appears to be a platform limitation on a EoL switch. My workaround was to not use the global table at all and create a VRF for it instead. The command was then available.

Harold Ritter · ‎01-23-2024

Hi @andrew.butterworth ,

My response was to @mitracy and more specifically about the statement in found online:

"IPv6 does not support inserting static routes into virtual routing and forwarding (VRF) tables."

This statement comes from the following IOS-XE document:

https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-xml/ios/iproute_pi/configuration/xe-16-11/iri-xe-16-11-book/ip6-route-static-xe.html.xml#:~:text=IPv6%20does%20not%20support%20inserting,disconnects%20and%20recon....

This statement is wrong or incomplete, as it is certainly possible to configure static routes in a VRF under IOS-XE.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México