04-09-2010 12:51 AM - edited 03-04-2019 08:05 AM
Good day,
I want to isolate a voice network from the data and control planes by using a separate VRF. It all works perfectly except at one point: A router which has a PRI connected needs to send/receive voice traffic to/from a dial-peer which is in the voice VRF.
The dial-peer is on a connected route on an Ethernet sub-interface (dot1q VLAN)
The network between router and the peer is built with L2 switches which are not VRF-aware (Cat29xx).
The problem is that the router doesn't send traffic to the dial-peer if I configure ip vrf forwarding name on the outgoing interface to the dial-peer.
There seems to be no way on IOS to specify that a certain dial-peer is on a given VRF, at least on what we're running (2800s with 12.4(22)T)
I have tried to import the interface route to the VRF, but for some reason it doesn't (though in all fairness, VRF/MPLS is not one of my strong subjects)
This is the dial-peer:
dial-peer voice 1010 voip
description Incoming
preference 1
service session
destination-pattern 5555555
progress_ind setup enable 3
progress_ind progress enable 8
session protocol sipv2
session target ipv4:10.10.10.10
session transport udp
incoming called-number .
dtmf-relay rtp-nte
codec g711ulaw
no vad
This is the interface (w/o ip vrf forwarding so it can do the job for now):
interface FastEthernet0/1.201
description Voice
encapsulation dot1Q 201
ip address 10.10.10.3 255.255.255.0
ip verify unicast source reachable-via rx
no ip redirects
no ip proxy-arp
ip ospf message-digest-key 1 md5 7 5555555555555555555
vrrp 1 ip 10.10.10.1
vrrp 1 authentication md5 key-string 7 5555555555555555555
This is the VRF:
ip vrf Voz
rd 65000:1
(config slightly edited to protect the guilty)
Any hint, idea or pointer appreciated. TIA.
Solved! Go to Solution.
04-09-2010 06:11 AM
Hi,
I don't think dial-peer vrf aware is supported. Because the session target is directly connected you can't configure any static route in the GRT pointing to the VRF but you can configure the router so the interface will be both in the GRT and in the VRF:
interface FastEthernet0/1.201
ip vrf select source
ip vrf receive Voz
!
HTH
Laurent.
09-13-2010 05:51 AM
Actually H323 and SIP Gateway functionality are now VRF-Aware. Configure as described in this document:
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t15/stork.html#wp1031373
Essentially, you can use the "voice vrf vrf-name" global command.
04-09-2010 06:11 AM
Hi,
I don't think dial-peer vrf aware is supported. Because the session target is directly connected you can't configure any static route in the GRT pointing to the VRF but you can configure the router so the interface will be both in the GRT and in the VRF:
interface FastEthernet0/1.201
ip vrf select source
ip vrf receive Voz
!
HTH
Laurent.
04-11-2010 02:46 PM
Thanks, that helped. The 2811 doesn't have vrf receive (at least on this version of IOS) so I had to do it the other way:
interface FastEthernet0/1.201
ip vrf receive Voz
ip policy route-map RedDeVoz
!
route-map RedDeVoz permit 10
match ip address prefix-list RedVoz
set vrf Voz
I have, however, ran into another problem. The interface route is not distributed via OSPF. It is shown on a show ip route vrf Voz as a connected route as it should. Other connected routes on the same VRF show up happily on the network but not this one. I have of course double-checked the OSPF configuration. Any ideas?
TIA.
04-12-2010 06:12 AM
Hi,
If none of the network statement cover the subnet of your interface, you need to configure a resdistribute connected subnet.
HTH
Laurent.
04-12-2010 08:40 AM
Yes it's covered (I checked), still it doesn't show up on OSPF.
With BGP I can do a show ip bgp neighbor advertised-routes but OSPF seems to lack that functionality (which I always missed).
Anyway, OSPF turns up all other routes for the VRF but not this one. Maybe related to the way it is inserted in the Voz VRF?
It wouldn't matter much to me anyway if it wasn't because it's not just OSPF, the servers on that subnet are not reachable from within the VRF even if I add statics in the VRF :-?
I think I'm getting into troubled waters here... Maybe time to start over and look for a simpler solution. Unfortunately, given the requirements and resources I can't see any other way.
04-12-2010 08:02 PM
Hi,
Unfortunately, it seems working only for BGP from what I tested. If you do a sh ip vrf, you will see the interface doesn't really belong to the vrf. What I suggest is to configure a summary route in the VRF VoZ pointing to null 0 that could be redistributed into OSPF.
HTH
Laurent.
09-13-2010 05:51 AM
Actually H323 and SIP Gateway functionality are now VRF-Aware. Configure as described in this document:
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t15/stork.html#wp1031373
Essentially, you can use the "voice vrf vrf-name" global command.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide