VRF not working with OSPF

ankitohc · ‎02-08-2024

I am trying to configure the VRF and connectivity between common router and Tenant-A. Can somone please help me with configuration and find what mistake am I doing ?

Common#show run
Common#show running-config
Building configuration...

Current configuration : 3431 bytes
!
! Last configuration change at 03:03:06 UTC Fri Feb 9 2024
!
version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Common
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
ip vrf Tenant-A
!
ip vrf Tenant-B
!
ip vrf Tenant-C
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
ip vrf forwarding Tenant-A
ip address 192.0.2.1 255.255.255.252
!
interface GigabitEthernet0/0.3
encapsulation dot1Q 3
ip vrf forwarding Tenant-B
ip address 198.51.100.1 255.255.255.252
!
interface GigabitEthernet0/0.4
encapsulation dot1Q 4
ip vrf forwarding Tenant-C
ip address 203.0.113.1 255.255.255.252
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 1 vrf Tenant-A
router-id 1.1.1.1
network 0.0.0.0 255.255.255.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ipv6 ioam timestamp
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
!
line con 0
line aux 0
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end

______________________________________________

Tenant-A

Tenant-A#SHOW RUN
Tenant-A#SHOW RUNning-config
Building configuration...

Current configuration : 2999 bytes
!
! Last configuration change at 03:02:58 UTC Fri Feb 9 2024
!
version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Tenant-A
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 192.0.2.2 255.255.255.252
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ipv6 ioam timestamp
!
!
!

MHM Cisco World · ‎02-08-2024

capability vrf-lite <- this command need to add under ospf

MHM

ankitohc · ‎02-08-2024

I forgot to enable the trunk from router to switch interface - It worked now without adding capability vrf-lite

btw why we use capability vrf-lite

MHM Cisco World · ‎02-08-2024

did you check the prefix if it learn or not via OSPF ?
MHM

ankitohc · ‎02-09-2024

It did not show "O"

ankitohc · ‎02-09-2024

I can see the Tenant-A as a neighbor in database but showing in prefix why?

Harold Ritter · ‎02-10-2024

Hi @ankitohc ,

The only routes you currently have are the directly connected routes and they will not show as ospf routes in the VRF routing table, as they are already installed as connected routes (lower admin distance (AD)).

What are you trying to achieve?

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

ankitohc · ‎02-11-2024

You have already answered my question that directly connected routes will only show in routing table not OSPF routes.

that is what I was looking for..

MHM Cisco World · ‎02-11-2024

Direct connect not show in router originate these routes but other routers.

Can I see show ip route vrf xx of all routers.

MHM

ankitohc · ‎02-12-2024

MHM Cisco World · ‎02-12-2024

This show only link connected to common router (you don't show common router rib)

AS the topology you share there is two link in router one connected to common router (via central SW) and other to SW, the one to SW you don't specify IP.

The Common must redistribute prefix between tenant A, B, C?

Or you Need to totally isolated traffic via vrf?

MHM

ankitohc · ‎02-13-2024

No, I have not assigned any IP address to switch coming from common to A,B, C Tenant?

Yes Tenant A Can't reach to Tenant b or C

The challenge I am facing with OSPF in routing tables.. I will send you private message

Richard Burts · ‎02-14-2024

There have been several suggestions about OSPF running on connected interfaces but not having any other subnets/networks to advertise and so there are no "O" routes in the routing table. Is there still an active question here?

HTH

Rick

ankitohc · ‎02-14-2024

Yes it is an active question here

Richard Burts · ‎02-17-2024

Then please help me understand what the active question is. There are no O routes in the routing table because other than the subnets connectiing the OSPF neighbors there are no other subnets for OSPF to advertise. What is the active question?

HTH

Rick