Help required on VRF

pokwan · ‎03-02-2006

I am trying to understand how the VRF works. Can someone please advice if the following configuration of the VRFs are correct?

Scenario:

vrf v1 is outside of a FWSM and vrf v2 is inside of a FWSM

Vlan 100 is assigned to the outside interface of the FWSM (100.100.100.2)

Vlan 200 is assigned to the inside interface of the FWSM (200.200.200.2)

VRF v1

ip vrf v1

rd 100:1

interface Vlan100

ip address 100.100.100.1 255.255.255.0

ip vrf forwording v1

interface Vlan110

ip address 110.110.110.1 255.255.255.0

ip vrf forwording v1

ip route vrf v1 220.220.220.0 255.255.255.0 100.100.100.2

VRF v2

ip vrf v2

rd 200:1

interface Vlan200

ip address 200.200.200.1 255.255.255.0

ip vrf forwording v2

interface Vlan110

ip address 220.220.220.1 255.255.255.0

ip vrf forwording v2

ip route vrf v2 110.110.110.0 255.255.255.0 200.200.200.2

TIA

PF

mheusinger · ‎03-02-2006

Hello,

there are some minor typos and (more important) the order of the commands is not correct. It should read:

ip vrf v1

rd 65000:1

interface Vlan100

ip vrf forwarding v1

ip address 100.100.100.1 255.255.255.0

interface Vlan110

ip vrf forwarding v1

ip address 110.110.110.1 255.255.255.0

ip route vrf v1 200.200.200.0 255.255.255.0 100.100.100.2

ip route vrf v1 220.220.220.0 255.255.255.0 100.100.100.2

ip vrf v2

rd 65000:2

interface Vlan200

ip vrf forwarding v2

ip address 200.200.200.1 255.255.255.0

interface Vlan220

ip vrf forwarding v2

ip address 220.220.220.1 255.255.255.0

ip route vrf v2 110.110.110.0 255.255.255.0 200.200.200.2

ip route vrf v2 100.100.100.0 255.255.255.0 200.200.200.2

The background is, that the "ip vrf forwarding ..." command will remove an existing IP address from the interface, when applied.

Hope this helps! Please rate all posts.

Regards, Martin

pokwan · ‎03-02-2006

Martin,

Thanks for the reply. Can you explain why the rd figure have to be

rd 65000:1 and rd 65000:2 instead of

rd 100:1 and rd 200:1 as what I have?

Thanks.

PF

mheusinger · ‎03-02-2006

Hello,

there is no strict technical background in your situation. But the RD is only removable by deleting the VRF. You might however find yourself in the situation of peering with MBGP and the full MPLS stuff somewhen down the road. Then 65000 (private AS) is most likely not such a problem compared to 100 (official AS). This said I would use 64578 because everyone (including me ;-) opts for 65000.

It´s more like the question: In case you would implement a brand new IP network, would you start with addressing from 10.0.0.0/8 or from an official IP network like 84.0.0.0/8, which is not yours?

The requirement might not be there, but still I would go for 10/8. Same story with official and private AS.

Hope this helps! Please rate all posts.

Regards, Martin

pokwan · ‎03-02-2006

Martin,

Thanks. I totally understand now. See I didn't think of public/private AS. I just picked a number!! Your help is much appreciated.

PF