Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1457
Views
0
Helpful
6
Replies

SM-SRE and VRF

Arvyr
Level 1
Level 1

‎01-20-2019 03:16 PM - edited ‎03-05-2019 11:11 AM

Hello,

 

I recently added a SM-SRE-910 to my collection of lab equipment.

I got a question regarding vrfs.

So I set up a loopback interface, put it in a vrf and used this as ip unnumbered for the embedded-service-engine (cimce) and sm (esxi) interface. 

What's strange is, that the loopback's ip is in the correct routing table, whereas the emb and sm interfaces are in the global one.

In my scenario I want the managemant traffic separated from voice and other data, so I created a couple of sub-interfaces on gi0/0. 

 

Part of the config:

interface Loopback0
 description *** MGMT-GW + NTP SOURCE ***
 vrf forwarding mgmt
 ip address 10.20.4.1 255.255.0.0 secondary
 ip address 10.20.0.1 255.255.0.0
end

interface Embedded-Service-Engine0/0
 description *** CIMC-E INTERFACE ***
 vrf forwarding mgmt
 ip unnumbered Loopback0
 service-module ip address 10.20.3.1 255.255.0.0
 service-module ip default-gateway 10.20.0.1
 service-module enable
end

interface SM1/0
 description description *** UCS-E INTERFACE ***
 vrf forwarding mgmt
 ip unnumbered Loopback0
 service-module ip address 10.20.1.1 255.255.0.0
 !Application: VMware ESXi 5.1.0 build-1065491 running on SRE
 service-module ip default-gateway 10.20.0.1
end

interface GigabitEthernet0/0.21
 description *** MGMT-ACC INTERFACE VLAN21 ***
 encapsulation dot1Q 21
 vrf forwarding mgmt
 ip address 10.21.0.1 255.255.0.0
 ip virtual-reassembly in
end

ip route 10.20.1.1 255.255.255.255 SM1/0
ip route 10.20.3.1 255.255.255.255 Embedded-Service-Engine0/0

 

So when I try to ping either of these 2 interfaces via a device coming from gi0/0.21, I cannot reach them.

Pinging the loopback interface however works perfectly.

 

So what's the solution here? I tried it with bgp route leak or whatever. I might got something wrong there or it's not supposed to work like that.

 

All I want is both static routes to be found in the correct mgmt vrf.

Any help is much appreciated.

 

#show ip route:

 10.20.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 10.20.0.0/16 is directly connected, Embedded-Service-Engine0/0
S 10.20.1.1/32 is directly connected, SM1/0
L 10.20.3.1/32 is directly connected, Embedded-Service-Engine0/0

#show ip route vrf mgmt:

 10.20.0.0/32 is subnetted, 2 subnets
C 10.20.0.1 is directly connected, Loopback0
C 10.20.4.1 is directly connected, Loopback0
 10.21.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 10.21.0.0/16 is directly connected, GigabitEthernet0/0.21
L 10.21.0.1/32 is directly connected, GigabitEthernet0/0.21

 

Labels:
0 Helpful
6 Replies 6

Deepak Kumar
VIP Alumni
VIP Alumni

‎01-20-2019 09:32 PM

Hi,

Your static routes are configured in global VRF. 

Your route commands must be as

 

ip route vrf mgnt 10.20.1.1 255.255.255.255 SM1/0
ip route vrf mgnt 10.20.3.1 255.255.255.255 Embedded-Service-Engine0/0

Thanks,

Deepak Kumar 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Arvyr
Level 1
Level 1
In response to Deepak Kumar

‎01-21-2019 05:27 AM

Hi,

 

I already tried that one, but it doesn't work with the interfaces in question.

Erorr message says

% For VPN or topology routes, must specify a next hop IP address if not a point-to-point interface

I wouldn't ask, if it were that easy ;) 

0 Helpful

paul driver
VIP
VIP

‎01-21-2019 01:13 AM - edited ‎01-21-2019 01:14 AM

Hello

FYI - Any subnet assigned to a VRF will ONLY be seen in that vrf table, As your aware by default the vrf table and the global routing table are separate so will not be able to reach each other.

 

So if you need for the vrf routes to reach a subnet residing outside it own vrf table lets say in the global rib then you need to tell the rtr how to reach it.

 

Example
172.16.10.0/24 VRF mgt - int fa0/0
10.10.10.0/24 global rib:
ip route vrf mgt 10.10.10.0 255.255.255 (xxx next hop)  global
ip route 172.16.10.0 255.255.255.0 fa0/0

:


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Arvyr
Level 1
Level 1
In response to paul driver

‎01-21-2019 05:32 AM - edited ‎01-21-2019 05:33 AM

Hello,

 

since the routes are needed to access specific interfaces, i cannot specify another next hop but another one on the router, wich doesn't work.

 

I cannot use ip route 10.20.1.1 255.255.255.255 SM1/0 global (that statement isn't available here)  nor give a next hop such as ip route 10.20.1.1 255.255.255.255 10.20.0.1 because it's the same router.

0 Helpful

paul driver
VIP
VIP
In response to Arvyr

‎01-21-2019 06:37 AM

Hello

maybe I have misunderstood- please confirm you are wanting to access subnets in different vrfs on the same router


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Arvyr
Level 1
Level 1
In response to paul driver

‎01-21-2019 09:52 AM

Yes, that is exactly what i want to do.

But it's more like, the same subnet, wich seems to be on different vrfs due to the fact, that the command 

service-module ip address x.x.x.x y.y.y.y

automatically puts this address into global vrf, even though the smx/y interface itself and the loopback I use as unnumbered is in the correct mgmt vrf.

 

There's no way to use something like "service-module vrf mgmt ip address" ...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card