How to monitor(snmp) CE's in VRF's

mbellears2 · ‎02-27-2006

Just wondering if it is possible to somehow place a monitoring server on an Interface that has visibility into all VRF's?

pkhatri · ‎02-28-2006

Hi,

The typical way to do this is to create a management VRF. You would then inject routes for the management segments into each customer VRF (they would, of course, have to be non-conflicting with customer space, or you could use public address space). Then, configure a loopback address on each CE router and give it an address out of the management space. When exporting this route into MP-BGP, give it a route-target that is subsequently imported by the management VRF.

That way, the mangement VRF can be used to poll the loopbacks of all CE routers....

An example:

CE1:

-- Loopback: 10.1.1.1/32

-- Customer routes: 192.168.1.0/24

PE1:

-- exports CE1 loopback with the Mgmt RT

-- imports customer routes with the Cust RT

-- import routes with the MgmtSegment RT

On PE that is connected to management segmet:

-- import all routes bearing the Mgmt RT

-- export the management segment route with the MgmtSegment RT

Hope that helps - pls rate the post if it does.

Paresh

mbellears2 · ‎03-01-2006

Thanks for the reply.

So to inject the routes for management into customers vrf's, would I use a route-target import or an import map?

Regards,

MB

mheusinger · ‎03-01-2006

Hello,

you could use an export map. The config would look like this:

ip vrf NMS

rd 65000:161

export map NMS

route-target import 65000:162

ip vrf Customer

rd 65000:10000

route-target export 65000:10000

route-target import 65000:10000

route-target import 65000:161

export map ManagedCE

route-map NMS permit 10

match ip address prefix-list 20

set extcommunity 65000:161

route-map ManagedCE permit 10

match ip address 30

set extcommunity rt 65000:162 additive

ip prefix-list 20 seq 5 permit 10.161.0.0/24

access-list 30 permit host 192.168.1.100

This assumes, that the CE to be managed has a Loopback IP of 192.168.1.100/32 and is included in PE-CE routing. The admin LAN with NMS workstations is 10.161.0.0/24 in my example.

As a last remark: the VRF NMS needs not to be configured on every PE.

Hope this helps! PLease rate all posts.

Regards, Martin

mbellears2 · ‎03-27-2006

Thanks Martin - Works nicely!

You stated that VRF NMS needs not to be configured on every PE - How would I add an interface to vrf NMS if it doesn't exist on the PE?

Example:

(On PE without NMS configured):

#interface Loopback11

(config-if)# description NMS Test Interface

(config-if)# ip vrf forwarding NMS

% VRF NMS not configured.

Regards,

MB

pkhatri · ‎03-27-2006

Hi,

What Martin meant was that you don't need the NMS VRF defined on PEs that do not have any interfaces in the NMS VRF but you could still export routes targetted towards the VRF NMS on those PEs. In the example you posted, you do indeed have to define the NMS VRF.

Hope that helps - pls rate the post if it does.

Paresh

mbellears2 · ‎03-27-2006

Understood - Thanks for the clarification.