Best way to failover traffic from 1 VRF/circuit to another

CiscoBrownBelt · ‎11-30-2021

Lets say you have one vrf (call vrf A) on a 6500 or 4500K Cat that connects to a circuit, and you now want to use a different vrf (lets call vrf B) or new circuit for all that same traffic. What would be the simpliest way to failover traffic.

I was just thinking creating a new vrf, configuring all the same routes under that vrf, then shutting down the old vrf A. So in this scenerio, the topology has no redundancy:

| vrf A >>>>>>>>>>>>>>>>PE 1 Circuit 1

Core Switch>>>

| vrf B >>>>>>>>>>>>>>>>>PE 2 Circuit 2

paul driver · ‎11-30-2021

Hello

New isp circuit usually means new ip addressing so If you have spare interfaces create the new vrf on these and as/when you are ready just disconnect the old connections and test the new ones.

This however all depends on your current setup and how complex it is - just try to make it as simple as possible -also this way if you experience any issue you can just reverses the connections and backout

Lastly suggest to arrange some downtime with your client

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

CiscoBrownBelt · ‎12-01-2021

yes correct, new VRF, SVI assigned to VRF, GWs, etc would all have new addresses.

New routes would be added.

Old routes remain for mean time = ip route vrf A 1.1.1.0 255.255.255.0 vlan A 100.1.1.1

new routes added = ip route vrf B 1.1.1.0 255.255.255.0 vlan B 200.1.1.1

Would shut down old circuit connection/port on switch, then enable new port/connection for new circuit.

Also, once connecting to PE transport device for EPL or circuit, you should get an UP/UP port even if the distant end is not set up yet correct given you are still connecting directly to another device and should get UP/UP port correct?

paul driver · ‎12-01-2021

Hello
What you could also do is establish a connection to this new circuit, just basic tcp connectivity and soak test for a few days checking for interface errors or intermittent drops etc...
Could even go as far as establishing igp/bgp connection and filter all traffic for the soak test period which is what we’ve done in the past.
And the best thing about this approach is when you cutover to this new connection and if fails you can just pull the plug and reattach old circuit and you should have backed out in a short period of time

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

CiscoBrownBelt · ‎12-02-2021

So even if distant end device is not connected I should see UP port on my device connecting to Transport PE for the EPL circuit correct?

I though EPL will make the distant end device appear directly connected?

MHM Cisco World · ‎12-01-2021

PE1-Core SW
Core SW no need VRF the vrf is config only in PE1,
remember that the packet don't have include any info. about the VRF ID. the vrf is local.

paul driver · ‎12-01-2021

Hello

@MHM Cisco World wrote:

PE1-Core SW
Core SW no need VRF the vrf is config only in PE1,
remember that the packet don't have include any info. about the VRF ID. the vrf is local.

Doesn't mean you cannot use a vrf on the CE rtrs, they can be in differing vrfs to the PE and should still be able to communicate,

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

CiscoBrownBelt · ‎12-02-2021

VRFs would be on CORE given it has many other connections going to different circuits and want to segregate the traffic.

Connecting directly to PE1, even if it is for a EPL circuit, I should see an UP port if connection to PE is good correct?