Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
541
Views
0
Helpful
0
Replies

router odr in vrf

telelvisjr
Level 1
Level 1

‎05-30-2013 10:55 PM - edited ‎03-04-2019 08:04 PM

Hello,

We got multiple sites connected to central office, topology is exactly as here http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfodr.html

Every site has its own gre tunnel to the central Cisco 1841 with c1841-advipservicesk9-mz.124-25d.bin

where it is put in non-default vrf.

Equipment in remote sites is an entry-level Cisco 861 with no routing protocols available, except maybe rip.

To simplify configuration in future large scale deployment, I choose to go for router odr, to be able to exchange routes from stub remote routers about their directly connected lan. And it's only route to specific lan I needed, so directly connected wan network should have been filtered by distribute-list statement.

The problem is - when interface tunnel on C1841 is attached to vrf, distribute-list statement is no longer working. All directly connected networks from remote site installed in vrf routing table.

As soon as vrf removed, routing updates are being filtered as expected.

Complete config

C1841:

interface Tunnel16820

ip vrf forwarding untrusted

ip addre 169.254.0.89 255.255.255.252

cdp enable

tunnel source 10.111.2.21

tunnel dest 10.109.106.254

router odr

distribute-list prefix untrusted-in in

ip prefix-list untrusted-in seq 5 permit 10.109.64.0/19 le 32

ip prefix-list untrusted-in seq 10 deny 0.0.0.0/0 le 32

C861

interface Tunnel1

ip addre 169.254.0.90 255.255.255.252

cdp ena

tunnel dest 10.111.2.21

tunnel source 10.109.106.254

cdp run

Relevant "debug cdp ip" on Cisco1841 looking exactly the same for both vrf and non-vrf cases, but final result is different

May 31 05:47:32.302: CDP-IP: Reading prefix 10.109.76.128/25 source 169.254.0.90 via Tunnel16820

May 31 05:47:32.302: CDP-IP: Updating prefix 10.109.76.128/25 in routing table

May 31 05:47:32.302: CDP-IP: Reading prefix 10.109.106.128/25 source 169.254.0.90 via Tunnel16820

May 31 05:47:32.302: CDP-IP: Updating prefix 10.109.106.128/25 in routing table

May 31 05:47:32.302: CDP-IP: Reading prefix 195.190.98.196/30 source 169.254.0.90 via Tunnel16820

May 31 05:47:32.302: CDP-IP: Updating prefix 195.190.98.196/30 in routing table

Result with enabled vrf

rumosro03(config)#do sh ip ro vrf untrusted | i 16820

C       169.254.0.88 is directly connected, Tunnel16820

o       10.109.106.128/25 [160/1] via 169.254.0.90, 00:00:05, Tunnel16820

o       10.109.76.128/25 [160/1] via 169.254.0.90, 00:00:05, Tunnel16820

o       195.190.98.196 [160/1] via 169.254.0.90, 00:00:05, Tunnel16820

Result with disabled vrf:

rumosro03(config-if)#do sh ip ro | i 16820

C       169.254.0.88 is directly connected, Tunnel16820

o       10.109.76.128/25 [160/1] via 169.254.0.90, 00:00:11, Tunnel16820

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card