Hi Mohammed,

Thanks for your response, the reason I asked is that in some of the Cisco documents I have come across I saw conflicting statements to the same.

Some say it is supported, some say it isn't.

Hence wanted to know of platform specific limitations, if any.

Waiting for your response.

Thanks and Regards..

Hi Nakul,

You might have hit outdated documents, or platform having specific limitations. We can discuss the statements you've found if you like, what platforms and interfaces are we talking about, for example the below is a VRF applied under an Ethernet subinterface:

!

interface FastEthernet0/1.1

encapsulation dot1Q 100

ip vrf forwarding test

ip address 1.1.1.1 255.255.255.0

BR,

Mohammed Mahmoud.

Hi,

Though practically speaking we can configure different VRFs on the subinterface level, but what I have seen we need to disable CEF for the same, saw this on 7200 platform. Disabling CEF would mean we cannot run MPLS isn't it. So I can see this usage in cases we are using VRF without MPLS.

What are your thoughts.

Thanks

Cheers

~sultan

Hi Sultan,

I work for a service provider, we do provide MPLS VPNs, and we do configure VRF per-subinterfaces on our PEs per each customer site, we do this on ATM and GE subinterfaces, moreover the most common platform that we use is the 7200 (NPE-G1), can you elaborate more on the case you are talking about.

BR,

Mohammed Mahmoud.

Hi Mohammed,

Thanks for your response, my response was on that basis of one test I had done a few months back (haven't checked recently though), i.e.: VRF per sub-interface per customer via dot1q encapsulation.

While giving IP address to that subinterface I got a message stating that CEP needs to be disabled.

So my conclusion, based on my limited knowledge, was that if I am disabling CEF my MPLS won't work, hence I did not, at that time, consider this option.

Please reply..

Thanks

Cheers

~sultan

Can you calrify that to me please.

Hi Sultan,

You are very welcomed, i'd be more than glade to help you out your confusion, below is the output of one of my lab PEs, and moreover i've in production customers running with this setup, i've never faced the issue you are describing, if you can regenerate the test you are describing we can elaborate on it:

!

interface FastEthernet0/0

no ip address

!

interface FastEthernet0/0.1

encapsulation dot1Q 101

ip vrf forwarding a

ip address 101.101.101.1 255.255.255.252

!

interface FastEthernet0/0.2

encapsulation dot1Q 202

ip vrf forwarding b

ip address 202.202.202.1 255.255.255.252

This is a 7200VXR (NPE-300) running "c7200-p-mz.122-25.S14.bin".

BR,

Mohammed Mahmoud.

Hello Mohammed,

Thanks for your response. I agree with you, even I am doing that configuration. My point is that when I completed the encapsulation part and am giving the IP Address I get an error message saying that "CEF needs to be disabled to give IP address", though the IP is accepted.

I hope this is clear, I don't have the logs or the exact message or IOS version with me as I saw this a few months ago. I can though try and check whether I can replicate this again.

Thanks

Cheers

~sultan

I think wat ur running into..is a diff between vrf and vrf lite..wat Mahmoud has configured is vrf lite...vrf lite is configured on sub interfaces..and does not support mpls because it has “no cef...if u want to configure vrf u have to do it on an svi...vrf lite has scale limitations because of the max amount of sub interface u can create on the router..but full vrf does not operate on subinterface..u create an svi..and one svi can hold all vrf routes.. 

You can generally configure VRF forwarding on subinterface in the context of both VRF lite and MPLS L3 VPN. There might be exceptions for some platforms, but these platforms are most probably old and end of life.

Regards,