cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2630
Views
10
Helpful
7
Replies

VRF Leaking on the same router and line card.

Hello,

First time poster and was hoping to get a kick in the right direction with my problem.

I am attempting to route between two VRFs on the same Cisco 7606-S. Ex: VRF-1----Gi1/1----PE-1-----GIi1/2-------VRF-2

Is this suppose to work?

I believe that this is known as "VRF Leaking". I am doing this on a WS-X6724-SFP card. The supervisor is a RSP720-3CXL-10GE.

When I setup route leaking between two VRFs that use a loopback interface, I have no issues and can ping in both directions.

When I do the same test between two physical interfaces on the same router. The routes appear in the VRF table; however, traffic is dropped.

Attatched is a snippet of my config.

To help determine if it was a limitation of the line card. I have done the same test across two WS-X6724-SFP on the same 7600,

Gi1/1 to Gi3/1. Unfortunately the results were the same.

If anyone has any thoughts or opinions on what may be wrong, I would be extremely greatful.

Kind regards,

Tim

1 Accepted Solution

Accepted Solutions

rsimoni
Cisco Employee
Cisco Employee

Hi Tim,

the type of LC you use is not relevant as forwarding occurs at either PFC or DFC level (if your 6724 has a DFC).

The leaking config you used looks correct to me.

The only concern I can raise is the IP scheme you used for Gi1/1 and Gi1/2. What is the point of having a /32?

I suggest you to do 2 things:

1- change the subnet in a /24 (or something shorter than /32).

2- attach a L3 device to Gi1/1 and Gi1/2  and configure addresses within those subnets and do a ping from that device.

I am asking that as ping from/to locally configured addressed are handled by the MSFC and follow a different data path.

If you still have problem with the new config take:

show mls cef vrf Test-201 172.20.202.2 (provided you assigned .2 to the L3 device)

show mls cef vrf Test-202 172.20.201.2

and

show mls cef vrf Test-201 172.20.202.2 det

show mls cef vrf Test-202 172.20.201.2 det

Riccardo

View solution in original post

7 Replies 7

rsimoni
Cisco Employee
Cisco Employee

Hi Tim,

the type of LC you use is not relevant as forwarding occurs at either PFC or DFC level (if your 6724 has a DFC).

The leaking config you used looks correct to me.

The only concern I can raise is the IP scheme you used for Gi1/1 and Gi1/2. What is the point of having a /32?

I suggest you to do 2 things:

1- change the subnet in a /24 (or something shorter than /32).

2- attach a L3 device to Gi1/1 and Gi1/2  and configure addresses within those subnets and do a ping from that device.

I am asking that as ping from/to locally configured addressed are handled by the MSFC and follow a different data path.

If you still have problem with the new config take:

show mls cef vrf Test-201 172.20.202.2 (provided you assigned .2 to the L3 device)

show mls cef vrf Test-202 172.20.201.2

and

show mls cef vrf Test-201 172.20.202.2 det

show mls cef vrf Test-202 172.20.201.2 det

Riccardo

hi ricardo,

just curious here . you mentioned that ping from locally configured addresses follow a different path as they are handled by MFSC. so does that mean the pings wont work locallyeven if say you have a /24.? could you please shed some more light on this if you dont mind?.I know you are a guru when it comes to the 6k's 7600's etc.

Thanks

Regards, Kishore

Hi Kishore,

I wish I was a guru on cat6k and 7600 but thanks for praising me 

What i meant is that the ping is supposed to work even if locally handled by the MSFC and even with /32 addresses, but since there are particular considerations about traffic path when traffic is destined to the router itself on this platform I suggested to get out from this 'exception scenario' and try to see what happens for transit traffic.

In 2 words the data plane should be correctly programmed for glean adjacencies (destined to the router) as the PFC/DFC is not able o generate replies to control plane traffic or in general to traffic destined to the router itself.

To avoid troubleshooting issues in that area, which can occur, instead of the actual issue with vrf leaking I suggested to find a way to get this part out of the picture.

Hope I have been clearer now, if not please let me know.

Riccardo

Thanks Ricardo . Makes sense

Hi,

Is it possible for a CE to route between two VRF's or is this possible only via a L3 device attached to it as follows:

CE _g0/0<--dot1q-> g0/0_L3_LAN_sw

What I'm trying to accomplish is to allow connectivity from Customer_A at another site to reach Customer_B residing behind the LAN.

Thanks.

MGran

Hi Michael,

technically speaking it is possible to route between vrf's on the same box, one would just need to set MP-BGP up for that and poke around route-targets a bit, I am not too sure that practically speaking it is feasible to have that sort of config on a CE box. But I'll let you decide :)

Hope that clarified,

Ivan.

Riccardo,

Thank you so much for your explanation.

After further reading on how CFCs, DFCs, and PFCs work along with your explanation this makes much more sense.

I was using the /32s for testing, since at the time, I was remote to the equipment.

After plugging something into a physical port and assigning a /24 and using a similar leaking config, everything is working as one would expect.

-Tim