cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1275
Views
0
Helpful
12
Replies
Highlighted
Beginner

VRFs not working properly between core routers

Hello All,

     I have this problem when I'm working with VRFs on GNS3 ..

     If I have only 1 core router, the VRF works fine. But when I add another Core router, the VRF doesn't work

NOTE: I'm using 2691 routers.

This is the topology that works:

1.png

And this is the one that doesn't work:

2.png

This is the VRF configuration on both Core routers:

Core1:

ip vrf C1

rd 100:1000

route-target export 100:1000

route-target import 100:1000

!

ip vrf C2

rd 200:2000

route-target export 200:2000

route-target import 200:2000

!

Core2:

ip vrf C1

rd 100:1000

route-target export 100:1000

route-target import 100:1000

!

ip vrf C2

rd 200:2000

route-target export 200:2000

route-target import 200:2000

!

Need advise

Everyone's tags (3)
12 REPLIES 12
Highlighted
Contributor

Re: VRFs not working properly between core routers

do you have a vpnv4 neighbor relation ship established between core 1 and core2.

if you want communication between all the routers then the rds must be impoted accordingly. Hope u understood.

Please rate the post if it is informative.

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Highlighted
Beginner

VRFs not working properly between core routers

I'm using static routes .. sorry for not stating that earlier

Highlighted
Contributor

Re: VRFs not working properly between core routers

Hello,

Do you mean PE-CE rpotocol is static routing.

What about PE-PE protocol, is it also a static routing.

In your second case you must have a way to deliver your vpn routes to other core routers. You can achieve this by MPBGP or in your static routing case you must be able to play with tunneling.

I mean define two tunnels between two core routers, place each of them in different vrfs, I am not sure but it must work.

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Highlighted
Beginner

VRFs not working properly between core routers

Everything is running static .. I'm using static just for the sake of testing ...

So as I understood, I should use tunnels between the PEs? Can you show me how?

Highlighted
Beginner

VRFs not working properly between core routers

If you are using VRF, then PE to PE should be MPBGP otherwise it wont work.

Highlighted
Rising star

VRFs not working properly between core routers

Hello Islam,

You do not need to tun MPBGP, as you said, you have configured static routing, I think that will be problem, could you post configuration of both Core routers.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions
Highlighted
Beginner

VRFs not working properly between core routers

here are the config:

Core1:

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname Core1

boot-start-marker

boot-end-marker

no aaa new-model

memory-size iomem 5

ip cef

ip vrf C1

rd 100:1000

route-target export 100:1000

route-target import 100:1000

ip vrf C2

rd 200:2000

route-target export 200:2000

route-target import 200:2000

no ip domain lookup

ip domain name lab.local

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

interface FastEthernet0/0

description -- UNUSED --

no ip address

shutdown

duplex auto

speed auto

interface Serial0/0

description to Core2

ip address 192.168.0.1 255.255.255.0

clock rate 2000000

interface FastEthernet0/1

description -- UNUSED --

no ip address

shutdown

duplex auto

speed auto

interface Serial0/1

description to A1

ip vrf forwarding C1

ip address 192.168.2.1 255.255.255.0

clock rate 2000000

interface Serial0/2

description to B1

ip vrf forwarding C2

ip address 192.168.4.1 255.255.255.0

clock rate 2000000

interface Serial0/3

no ip address

shutdown

clock rate 2000000

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Serial0/0

ip route vrf C1 0.0.0.0 0.0.0.0 Serial0/0

ip route vrf C2 0.0.0.0 0.0.0.0 Serial0/0

no ip http server

no ip http secure-server

control-plane

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

line vty 0 4

login

end

========================

Core2:

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname Core2

boot-start-marker

boot-end-marker

no aaa new-model

memory-size iomem 5

ip cef

ip vrf C1

rd 100:1000

route-target export 100:1000

route-target import 100:1000

ip vrf C2

rd 200:2000

route-target export 200:2000

route-target import 200:2000

ip domain name lab.local

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

interface FastEthernet0/0

description -- UNUSED --

no ip address

shutdown

duplex auto

speed auto

interface Serial0/0

description to Core1

ip address 192.168.0.2 255.255.255.0

clock rate 2000000

interface FastEthernet0/1

description -- UNUSED --

no ip address

shutdown

duplex auto

speed auto

interface Serial0/1

description to A2

ip vrf forwarding C1

ip address 192.168.3.1 255.255.255.0

clock rate 2000000

interface Serial0/2

description to B2

ip vrf forwarding C2

ip address 192.168.5.1 255.255.255.0

clock rate 2000000

interface Serial0/3

no ip address

shutdown

clock rate 2000000

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Serial0/0

ip route vrf C1 0.0.0.0 0.0.0.0 Serial0/0

ip route vrf C2 0.0.0.0 0.0.0.0 Serial0/0

ip http server

no ip http secure-server

control-plane

line con 0

logging synchronous

line aux 0

line vty 0 4

login

end

As for the CE routers, only the Serial0/0 interfaces configured with the appropriate IPs, and a static default route pointing to the Serial0/0

ip route 0.0.0.0 0.0.0.0 Serial0/0

Highlighted
Participant

VRFs not working properly between core routers

If all you want to achieve is to extend your VRFs to Core2 without inter-VRF-communication than VRF lite is the way to go. Basicly all you have to do is create subinterfaces on s0/0 and assign these subinterfaces to their respective VRF. Remember that you could technically use identical IP-adresses / subnets on all subinterfaces, as these remain within each VRF.

If you need inter-VRF-connectivity than MP-BGP is needed. The tunnel construction already mentioned might work, but I have never seen that or tested myself so I don't know for sure.

Regards.

Highlighted
Beginner

VRFs not working properly between core routers

Any config samples would be great

Highlighted
Participant

VRFs not working properly between core routers

Highlighted
Contributor

Re: VRFs not working properly between core routers

Hello Nadeem,

Here is your configuration, I was planning to do a test scenario, however you helped me out to learn and show this.

Please find the scenario and the attachments.

Please rate the post and mark it answered if you feel it answered.

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Highlighted
Rising star

VRFs not working properly between core routers

Hello,

As pille said, if you use vrf-lite you need to connect Core1 and Core2 with links in respective VRFs. VRF is local to both routers and you connected them with link S0/0 <-> S0/0 in global routing table.

Solution ->

1) create second link between Core1 and Core2, existing link will be added to first VRF and new link to second VRF, that way each vrf can communicate via restective link.

2) leave configuration as it is and create two GRE tunnels via existing link, one tunnel for one VRF.

Core1

interface Tunnel 1

ip vrf forwarding C1

ip address 10.0.0.1 255.255.255.0

tunnel source s0/0

tunnel destination 192.168.0.2

interface Tunnel 2

ip vrf forwarding C2

ip address 10.0.0.1 255.255.255.0

tunnel source s0/0

tunnel destination 192.168.0.2

Core2

interface Tunnel 1

ip vrf forwarding C1

ip address 10.0.0.2 255.255.255.0

tunnel source s0/0

tunnel destination 192.168.0.1

interface Tunnel 2

ip vrf forwarding C2

ip address 10.0.0.2 255.255.255.0

tunnel source s0/0

tunnel destination 192.168.0.1

Traffic from particular VRFs will be transported between Core1 and Core2 thanks to GRE tunnels. Do not forget to configure static routing to work this properly.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here