01-29-2004 03:19 AM
Hi,
I've one router 7200 with 12.3(5b) Enterprise
I'm using VRF lite for 2 customer (A and B)
customer A have eigrp (static to B)
customer B have static (default route to A)
SRV1---customerA---7200----customerB---PC
I don't known why PC can't ping SRV1
!
ip vrf B
rd 1:5
route-target export 1:5
route-target export 1:4
route-target import 1:4
route-target import 1:5
!
ip vrf A
rd 1:4
route-target export 1:4
route-target export 1:5
route-target import 1:4
route-target import 1:5
!
ip cef
!
interface GigabitEthernet0/1
ip vrf forwarding A
!
interface GigabitEthernet0/3
description TRUNK DOT1Q
!
interface GigabitEthernet0/3.1
encapsulation dot1Q 36
ip vrf forwarding B
!
router eigrp 3000
no auto-summary
!
address-family ipv4 vrf A
network x.y.z.k
distance 255 192.168.230.4 0.0.0.0
no auto-summary
autonomous-system 1799
exit-address-family
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
!
address-family ipv4 vrf A
redistribute connected
redistribute static
redistribute eigrp 1799 metric 200
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf B
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
ip route vrf BANCA3 0.0.0.0 0.0.0.0 GigabitEthernet0/1 192.168.230.1
ip route vrf CEDACRI 192.168.222.0 255.255.255.0 GigabitEthernet0/3.1 192.168.222.1
!
01-29-2004 05:16 AM
Is this the full configuration? The two VRF interfaces are missing IP addresses.
01-29-2004 06:34 AM
This is the real conf:
ip vrf B
rd 1:5
route-target export 1:5
route-target export 1:4
route-target import 1:4
route-target import 1:5
!
ip vrf A
rd 1:4
route-target export 1:4
route-target export 1:5
route-target import 1:4
route-target import 1:5
!
ip cef
!
interface GigabitEthernet0/1
ip address x.y.z.k
ip vrf forwarding A
!
interface GigabitEthernet0/3
description TRUNK DOT1Q
!
interface GigabitEthernet0/3.1
ip address 192.168.222.2 255.255.255.0
encapsulation dot1Q 36
ip vrf forwarding B
standby use-bia scope interface
standby 1 ip 192.168.222.1
standby 1 priority 110
standby 1 preempt
standby 1 name B
!
router eigrp 3000
no auto-summary
!
address-family ipv4 vrf A
network x.y.z.k
distance 255 192.168.230.4 0.0.0.0
no auto-summary
autonomous-system 1799
exit-address-family
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
!
address-family ipv4 vrf A
redistribute connected
redistribute static
redistribute eigrp 1799 metric 200
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf B
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
ip route vrf B 0.0.0.0 0.0.0.0 GigabitEthernet0/1 192.168.230.1
ip route vrf A 192.168.222.0 255.255.255.0 GigabitEthernet0/3.1 192.168.222.1
!
7204B_NAT#sh ip ro vrf B
Routing Table: B
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.230.1 to network 0.0.0.0
C 192.168.222.0/24 is directly connected, GigabitEthernet0/3.1
S* 0.0.0.0/0 [1/0] via 192.168.230.1, GigabitEthernet0/1
7204B_NAT#sh ip ro vrf A
Routing Table: A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.230.0/27 is subnetted, 1 subnets
C 192.168.230.0 is directly connected, GigabitEthernet0/1
10.0.0.0/8 is variably subnetted, 19 subnets, 5 masks
D EX 10.99.3.64/27
[170/540160] via 192.168.230.2, 01:08:26, GigabitEthernet0/1
[170/540160] via 192.168.230.1, 01:08:26, GigabitEthernet0/1
D EX 10.99.3.32/27
[170/540160] via 192.168.230.2, 01:08:26, GigabitEthernet0/1
[170/540160] via 192.168.230.1, 01:08:26, GigabitEthernet0/1
S 192.168.222.0/24 [1/0] via 192.168.222.1, GigabitEthernet0/3.1
7204B_NAT#sh ip vrf
Name Default RD Interfaces
B 1:5 GigabitEthernet0/3.1
A 1:4 GigabitEthernet0/1
VRF B; default RD 1:5; default VPNID
Interfaces:
GigabitEthernet0/3.1
Connected addresses are not in global routing table
Export VPN route-target communities
RT:1:4 RT:1:9
Import VPN route-target communities
RT:1:4 RT:1:9
No import route-map
No export route-map
VRF A; default RD 1:4; default VPNID
Interfaces:
GigabitEthernet0/1
Connected addresses are not in global routing table
Export VPN route-target communities
RT:1:4 RT:1:5 RT:1:9
Import VPN route-target communities
RT:1:4 RT:1:5 RT:1:9
No import route-map
No export route-map
01-29-2004 09:55 AM
The VRF tables look like they should provide connectivity between the client PC and the server assuming that they are directly connected. Are these two devices directly connected and configured with a default gateway pointing to the router?
01-30-2004 12:18 AM
The PC (customer B) is directly connected to router
The Server (customer A) isn't directly connected but eigrp in vrf A is working fine.
***PC****
7204B_NAT#ping vrf B 192.168.222.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.222.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
*****SERVER******
7204B_NAT#ping vrf A 10.99.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.99.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
7204B_NAT#traceroute vrf A ip
Target IP address: 10.99.3.1
Source address: 192.168.230.3
Numeric display [n]:
Resolve AS number in (G)lobal table, (V)RF or(N)one [G]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 10.99.3.1
1 192.168.230.1 0 msec
192.168.230.2 0 msec
192.168.230.1 0 msec
2 10.99.3.1 0 msec 4 msec 0 msec
01-30-2004 04:16 AM
Given the server is not connected you need to redistribute the static route for ip route vrf A 192.168.222.0/24 in eigrp then. Make sure you have you include the default-metric statement for the redistribution to work properly.
Hope this helps,
01-30-2004 05:12 AM
Hi,
thanks but I didn't understand your sentence.
Where do I have to apply the default-metric command ?
under bgp vrf A or under eigrp vrf A ?
I've two (static routes):
ip route vrf A 192.168.222.0 255.255.255.0 GigabitEthernet0/3.1 192.168.222.1
ip route vrf B 0.0.0.0 0.0.0.0 GigabitEthernet0/1 192.168.230.1
with sh ip route vrf command I can see both statics:
7204B_NAT#sh ip ro vrf A
Routing Table: A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.230.0/27 is subnetted, 1 subnets
C 192.168.230.0 is directly connected, GigabitEthernet0/1
10.0.0.0/8 is variably subnetted, 19 subnets, 5 masks
D EX 10.99.3.0/28
[170/540160] via 192.168.230.2, 23:46:33,
S 192.168.222.0/24 [1/0] via 192.168.222.1, GigabitEthernet0/3.1
AND
7204B_NAT#sh ip ro vrf B
Routing Table: B
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.230.1 to network 0.0.0.0
C 192.168.222.0/24 is directly connected, GigabitEthernet0/3.1
S* 0.0.0.0/0 [1/0] via 192.168.230.1, GigabitEthernet0/1
01-30-2004 05:39 AM
Sorry for the nebulous message, early in the morning ;o)
You have to include the default-metric under eigrp as well as the redistribute static.
At the moment your server or the router it connects to propably don't know the path back to 192.168.222.0/24.
Let me know if that works for you.
01-30-2004 06:00 AM
Hi,
I made.
With traceroute from server the stop is the router vrf
With traceroute from pc the stop is the same router vrf
follow the conf:
!
no ip domain lookup
!
ip vrf B
rd 1:9
route-target export 1:4
route-target export 1:9
route-target import 1:4
route-target import 1:9
ip vrf A
rd 1:4
route-target export 1:4
route-target import 1:4
route-target import 1:9
route-target export 1:9
!
ip cef
!
interface GigabitEthernet0/1
ip vrf forwarding A
ip address 192.168.230.3 255.255.255.224
standby 4 ip 192.168.230.5
standby 4 priority 110
standby 4 preempt
standby 4 track GigabitEthernet0/3 20
!
interface GigabitEthernet0/3
description - TRUNK DOT1Q
no ip address
duplex auto
speed 100
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/3.1
encapsulation dot1Q 36
ip vrf forwarding B
ip address 192.168.222.2 255.255.255.0
standby use-bia scope interface
standby 1 ip 192.168.222.1
standby 1 priority 110
standby 1 preempt
standby 1 name B
!
router eigrp 3000
no auto-summary
!
address-family ipv4 vrf A
redistribute static
network 192.168.230.0
default-metric 100000 100 255 1 1500
distance 255 192.168.230.4 0.0.0.0
no auto-summary
autonomous-system 1799
exit-address-family
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
!
address-family ipv4
redistribute connected
redistribute eigrp 1799
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf A
redistribute connected
redistribute static
redistribute eigrp 1799 metric 200
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf B
redistribute connected
redistribute static
no auto-summary
no synchronization
network 192.168.222.0
exit-address-family
!
ip classless
ip route vrf A 192.168.222.0 255.255.255.0 GigabitEthernet0/3.1 192.168.222.1
ip route vrf B 0.0.0.0 0.0.0.0 GigabitEthernet0/1 192.168.230.1
no ip http server
!
ip bgp-community new-format
01-30-2004 10:19 AM
The only thing I can see is that the static route in vrf A is pointing at the HSRP address (192.168.222.1) instead of the next-hop 192.168.222.10. Could you try changing that and see if that solves the issue.
01-30-2004 10:54 AM
One more thought,
Ultimately, you should even need to define a static route for 192.168.222.0 in vrf A since that route should be imported from vrf B to vrf A. But if you want to configure a static route, then I would suggest not to use a next-hop and just to point to the physical interface as follow:
ip route vrf A 192.168.222.0 255.255.255.0 GigabitEthernet0/3.1
Let me know if that works for you.
01-30-2004 12:15 PM
I meant you shouldn't even need to define a static route...
Sorry for the confusion.
01-31-2004 02:46 AM
Hi,
I fond the problem !!!
After command "clear int gi0/3" the vrf-lite feature and bgp process stop run; so I can't see bgp routes redistributed into VRFs A and B.
I due:
no ip cef and after I lose the vrf's configuration only on trunk under giga0/3 but not under giga0/1.
So I reloaded the router and I reconfigured ip cef and VRF on trunk under giga0/3.1.
Now it's working.
After I typed "clear int gi0/3" and I seen SAME PROBLEM !!!!
I think a BUG !!!
02-03-2004 05:10 AM
Have you tried changing your static route as follow:
ip route vrf A 192.168.222.0 255.255.255.0 GigabitEthernet0/3.1
I'm not sure pointing the next-hop at the local HSRP address is actually supported.
02-03-2004 06:22 AM
Hi,
I found this problem:
The real problem is related on BGP. The BGP don't work correctly because we don't see bgp routes inside VRF but only inside bgp table (show ip bgp vpnv4 all) !!!
After every reload the bgp table isn't populated correctly (routes are valid (*) only but not best (>); so the VRF lite don't work because the bgp don't install routes inside of vrf.
To work fine BGP I MUST unconfigure and configure one VRF interface.
After this practice the bgp see the routes valid and best (*>) and install the routes inside vrf.
I don't known why ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide