Solved: Allow network reachability to vrf interface over OSPF

Kenneth Goh · ‎08-30-2023

Please help, what configuration is required so that I am able to ping from R3's

192.168.0.2 to R2's interface Gi1

that is running in

VRF INET

with IP address

192.168.1.1/30

Thanks in advanced.

Harold Ritter · ‎09-01-2023

Hi @Kenneth Goh ,

Please add the following to R2:

ip route 192.168.0.0 255.255.255.252 192.168.2.1

This should fix it.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

M02@rt37 · ‎08-30-2023

Hello @Kenneth Goh,

I don't understand the two

default routes

on R3 and R4.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Kenneth Goh · ‎08-30-2023

You may ignore the

default routes

if it is not required , how can the objective be achieved?

M02@rt37 · ‎08-30-2023

Ok @Kenneth Goh,

Please share outputs of

#sh ip route

command for all 4 routers.

Add R1

#sh run

please.

Thanks.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

balaji.bandi · ‎08-30-2023

As Long as R1 and R2 routing ok with VRF aware OSPF confiuation

that should be reachable (still an issue) - post

show run

all the devices and

show ip route, show ip ospf neigh

Other note why do you need to 2 Static routes in R3 and R4 ? if you want to only

172.x.x.x network

to be used bnetwen R3 and R4 you need more specific router rather static route any.(i know you added some value 10 in each side).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Giuseppe Larosa · ‎08-30-2023

Hello @Kenneth Goh ,

just to understand the link between R1 : GE2 and R2:GE2 is in the global routing table or it is in the

VRF INET

?

in the first case you have an issue, also that link has to be in

VRF INET

in order to build a VRF lite end to end connectivity.

Of course, there is little else we can say until you add the config on the routers in txt attachement files as noted by others.

Hope to help

Giuseppe

Kenneth Goh · ‎08-30-2023

The link between R1 & R2 (both interface Gi2) is in the global routing table while both R1 & R2 (both interface Gi1) is in

vrf inet

Infact there isn't much configuration to share, please help provide any configuration change to make it work, you need not have to use ospf. Thanks

Harold Ritter · ‎08-30-2023

Hi @Kenneth Goh ,

The simplest would be to configure the R3 -> R4 -> R2 path with static routes as follow:

R3:

ip route 192.168.1.0 255.255.255.252 172.16.0.2

R4:

ip route 192.168.0.0 255.255.255.252 172.16.0.1

R2:

ip route vrf inet 192.168.0.0 255.255.255.252 192.168.1.2

On R3, you can then ping 192.168.1.1 source 192.168.0.2

If you wanted the traffic to go through the R3 -> R1 -> R2 path, you would need to configure a tunnel between R1 and R2 with the tunnel source and destination in the global routing table (GRT), put this tunnel in

VRF inet

and configure the appropriate static routes. Another option would be to configure MPLS between R1 and R2 (more work but more fun).

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Kenneth Goh · ‎08-31-2023

For R3 -> R1 -> R2 path would route leaking alone work?

For option 2, upon configured tunnel interface, I am not sure about the routes to add.

R1#sh run int tunnel 1
Building configuration...

Current configuration : 142 bytes
!
interface Tunnel1
vrf forwarding inet
ip address 10.0.0.1 255.255.255.252
tunnel source 192.168.2.1
tunnel destination 192.168.2.2

R2#sh run int tunnel 1
Building configuration...

Current configuration : 142 bytes
!
interface Tunnel1
vrf forwarding inet
ip address 10.0.0.2 255.255.255.252
tunnel source 192.168.2.2
tunnel destination 192.168.2.1

Lastly for option 3, please help elaborate more, my understanding is to just enable mpls on Gi2 on both R1 & R2?

Harold Ritter · ‎08-31-2023

Hi @Kenneth Goh ,

> For R3 -> R1 -> R2 path would route leaking alone work?

Good point. This would work too.

> For option 2, upon configured tunnel interface, I am not sure about the routes to add.

For path R3->R1->R2 with the tunnels, you would need the following static routes.

R3:

ip route 192.168.1.0 255.255.255.252 192.168.0.1

R1:

ip route vrf inet 192.168.1.0 255.255.255.252 10.0.0.2

R2:

ip route vrf inet 192.168.0.0 255.255.255.252 10.0.0.1

> Lastly for option 3, please help elaborate more, my understanding is to just enable mpls on Gi2 on both R1 & R2?

For this option, you need to enable LDP between R1 and R2, configure a route distinguisher (RD) and route target (RT) for R1 and R2, run MP-BGP (VPNv4) between R1 and R2, redistributed connected and static in BGP for the inet VRF. As I mentioned before, this is a bit more complex than the other options.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Kenneth Goh · ‎08-31-2023

Hi @Harold Ritter

For R3 -> R1 -> R2 path route leaking, below is what I did, not sure why is it not working?

R1#sh run | in ip route
ip route 192.168.2.2 255.255.255.255 GigabitEthernet2
ip route vrf inet 192.168.1.0 255.255.255.252 192.168.2.2 global

R1#show ip route vrf inet | in S
S 192.168.1.0 [1/0] via 192.168.2.2

R2#show run | in ip route
ip route 192.168.2.1 255.255.255.255 GigabitEthernet2
ip route vrf inet 192.168.0.0 255.255.255.252 192.168.2.1 global
R2#sh ip route vrf inet | in S
S 192.168.0.0 [1/0] via 192.168.2.1

R3#traceroute 192.168.1.1
Type escape sequence to abort.
Tracing the route to 192.168.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.0.1 4 msec 12 msec 8 msec
2 * * *

Harold Ritter · ‎08-31-2023

Hi @Kenneth Goh ,

Try the following instead:

R1:

ip route 192.168.0.0 255.255.255.252 GigabitEthernet0/1
ip route vrf inet 192.168.1.0 255.255.255.252 GigabitEthernet0/0 192.168.2.2

R2:

ip route 192.168.1.0 255.255.255.252 GigabitEthernet0/1
ip route vrf inet 192.168.0.0 255.255.255.252 GigabitEthernet0/0 192.168.2.1

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Kenneth Goh · ‎09-01-2023

Hi @Harold Ritter

Still no luck, by the way I change

GigabitEthernet0/0 to GigabitEthernet2 and GigabitEthernet0/1 to GigabitEthernet1

instead as both R1 & R2 do not have interface

GigabitEthernet0/0 and GigabitEthernet0/1

R1#show run | in ip route
ip route 192.168.0.0 255.255.255.252 GigabitEthernet1
ip route vrf inet 192.168.1.0 255.255.255.252 GigabitEthernet2 192.168.2.2
R1#show ip route vrf inet

Routing Table: inet
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.0.0/30 is directly connected, GigabitEthernet1
L 192.168.0.1/32 is directly connected, GigabitEthernet1
192.168.1.0/30 is subnetted, 1 subnets
S 192.168.1.0 [1/0] via 192.168.2.2, GigabitEthernet2




R2#show run | in ip route
ip route 192.168.1.0 255.255.255.252 GigabitEthernet1
ip route vrf inet 192.168.0.0 255.255.255.252 GigabitEthernet2 192.168.2.1
R2#show ip route vrf inet

Routing Table: inet
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

192.168.0.0/30 is subnetted, 1 subnets
S 192.168.0.0 [1/0] via 192.168.2.1, GigabitEthernet2
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/30 is directly connected, GigabitEthernet1
L 192.168.1.1/32 is directly connected, GigabitEthernet1

Type escape sequence to abort.
Tracing the route to 192.168.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.0.1 4 msec 8 msec 8 msec
2 * * *

Harold Ritter · ‎09-01-2023

Hi @Kenneth Goh ,

Can you please provide a

show ip route

for the global routing table (GRT) from both R1 and R2?

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Kenneth Goh · ‎09-01-2023

Hi @Harold Ritter

R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

192.168.0.0/30 is subnetted, 1 subnets
S 192.168.0.0 is directly connected, GigabitEthernet1
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/30 is directly connected, GigabitEthernet2
L 192.168.2.1/32 is directly connected, GigabitEthernet2

R2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

192.168.1.0/30 is subnetted, 1 subnets
S 192.168.1.0 is directly connected, GigabitEthernet1
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/30 is directly connected, GigabitEthernet2
L 192.168.2.2/32 is directly connected, GigabitEthernet2