Solved: Re: Vrf Loopback Interface Into Global Table

Asemmoqbel · ‎09-30-2017

I'm doing a Lab and it's very simple. it's just like I need to confirm some commands but I'm really getting upset.

here is my lab. I configured a vrf and a loopback interface which I apply it under the vrf. the loopback has been disappeared from the global table and it's inserted in the vrf table. so I added a static route to be able to ping the interface from the global table. Now I can see the loopback interface in the global table inserted as static but i can't ping it.

I feel there is something silly missing becasue everything seems ok and it should work. the output of my router configuratuion is shown below:

!
ip vrf HQ
rd 40:30
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!

archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback1
ip vrf forwarding HQ
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 1.1.1.1 255.255.255.255 Loopback1
!
!
no ip http server
no ip http secure-server
!

HQ#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
S 1.1.1.1 is directly connected, Loopback1
HQ#

HQ#sh ip route vrf HQ

Routing Table: HQ
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
HQ#

I really need someone to enlighten me with this..

Thank you ,,,

Georg Pauwen · ‎10-01-2017

Hello,

odd, I am using the exact same configuration in GNS3, and ping works fine. What device is this on ? Can you try a 15.x IOS ?

Here is my config:

Current configuration : 1659 bytes
!
! Last configuration change at 00:36:19 UTC Sun Oct 1 2017
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
ip vrf HQ
rd 40:30
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
ip tcp synwait-time 5
!
interface Loopback1
ip vrf forwarding HQ
ip address 1.1.1.1 255.255.255.255
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 1.1.1.1 255.255.255.255 Loopback1
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
end

R1#sh ip route vrf HQ

Routing Table: HQ
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1

R1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

R1#ping vrf HQ 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

View solution in original post

Georg Pauwen · ‎09-30-2017

Hello,

odd indeed, I labbed your config in GNS3 and I can ping 1.1.1.1 just fine. Can you post the full config of your router ?

Asemmoqbel · ‎10-01-2017

Hi,

Just for confirmation. I need to ping the loopback interface from the glopal table not from within the VRF. it's really annoying me.

it's very simple configuration no trick in there.

Below the full configuration with pinging results

Building configuration...

Current configuration : 1169 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HQ
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
ip source-route
ip cef
!
!
ip vrf HQ
rd 40:30
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface Loopback1
ip vrf forwarding HQ
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
negotiation auto
!
ip forward-protocol nd
ip route 1.1.1.1 255.255.255.255 Loopback1
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end

HQ#

HQ#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
S 1.1.1.1 is directly connected, Loopback1
HQ#sh ip ro

HQ#sh ip route vrf HQ

Routing Table: HQ
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
HQ#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

HQ#ping vrf HQ 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
HQ#

Georg Pauwen · ‎10-01-2017

Hello,

odd, I am using the exact same configuration in GNS3, and ping works fine. What device is this on ? Can you try a 15.x IOS ?

Here is my config:

Current configuration : 1659 bytes
!
! Last configuration change at 00:36:19 UTC Sun Oct 1 2017
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
ip vrf HQ
rd 40:30
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
ip tcp synwait-time 5
!
interface Loopback1
ip vrf forwarding HQ
ip address 1.1.1.1 255.255.255.255
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 1.1.1.1 255.255.255.255 Loopback1
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
end

R1#sh ip route vrf HQ

Routing Table: HQ
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1

R1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

R1#ping vrf HQ 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Asemmoqbel · ‎10-01-2017

Wow. it worked with you just like that.

you know maybe it's the IOS because I'm using 12.4. I will download 15.2 and update you with the results.

Thanks

Asemmoqbel · ‎10-01-2017

It works just fine now when I downloaded 15.2 version. I think there is a bug in 12.4 IOS which cause this issue.

thank you so much..

Asemmoqbel · ‎10-01-2017

Hey, georg

a quick query if you don't mind. now I ping the interface from the global all good and I assume the inserted interface in the global table as static is a real route, does it?

What I mean for example if I want to ping from different router can I ping it or if I want to redistribute it by a dynamic protocol will it be redistributed and be pingable or is it only locally route?

because I'm trying to ping the interface from different router but I can't which seems odds again

I hope my query is clear

Georg Pauwen · ‎10-02-2017

Hello,

quick question: is this a lab setup or a live environment ? The easiest way to get this to work is to create two OSPF VRFs and then redistribute between those. Would that be an option, or are you limited to just that one VRF ?

Asemmoqbel · ‎10-02-2017

Hi,

Actually, this is a side part of quiet long setup. I configured this small lab only for test purpose here just to confirm that it's working.

So now I'm stuck at this point and I'm scratching my head how should this work since everything seem ok. the route is injected in the second router via ospf so when pinging the packet arrive HQ router loopback interface and then I guess it's dropped there but why since the source is the exit ip interface of second router and it's already in the table as point-to-point connected route.

What am I missing?

Here is the configuration

First Router whcih having the loobpack interface as static

Current configuration : 1131 bytes
!
! Last configuration change at 00:33:48 UTC Mon Oct 2 2017
upgrade fpd auto
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HQ
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
ip vrf HQ
rd 40:30
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip vrf forwarding HQ
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.1.1 255.0.0.0
duplex full
!
router ospf 1
redistribute static subnets
network 10.1.1.1 0.0.0.0 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 1.1.1.1 255.255.255.255 Loopback1
!
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input all
!
!
end

HQ#

HQ#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
S 1.1.1.1 is directly connected, Loopback1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/8 is directly connected, FastEthernet0/0
L 10.1.1.1/32 is directly connected, FastEthernet0/0
HQ#

Second Router

Current configuration : 961 bytes
!
! Last configuration change at 00:33:36 UTC Mon Oct 2 2017
upgrade fpd auto
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname branch
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.2.2.2 255.0.0.0
duplex full
!
router ospf 1
network 10.2.2.2 0.0.0.0 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input all
!
!
end

branch#

branch#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/20] via 10.1.1.1, 00:06:38, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/8 is directly connected, FastEthernet0/0
L 10.2.2.2/32 is directly connected, FastEthernet0/0
branch#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
branch#

Georg Pauwen · ‎10-02-2017

Hello,

the only way I get this to work is with the VRF receive feature. Add the two lines in bold to the FastEthernet0/0 configuration on the first router:

interface FastEthernet0/0
ip address 10.1.1.1 255.0.0.0
ip vrf select source
ip vrf receive HQ
duplex full

Depending on your IOS version, your router may or may not support this command. You also can remove the 'redistribute static suubnets' from your OSPF process, as this is not needed anymore...

Asemmoqbel · ‎10-02-2017

Hi,

Unfortunately, GNS3 IOS doesn't support these commands to see how it works. But why can't we ping the interface since the route shown in the table and everything seems ok. Do you think it's an issue related to IOS same like the old one??

Georg Pauwen · ‎10-02-2017

Actually, I am doing this in GNS3. I am using the 7200 router and the image below:

R1#sh ver
Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 15.2(4)S5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Thu 20-Feb-14 06:51 by prod_rel_team

ROM: ROMMON Emulation Microcode
BOOTLDR: 7200 Software (C7200-ADVIPSERVICESK9-M), Version 15.2(4)S5, RELEASE SOFTWARE (fc1)

Asemmoqbel · ‎10-05-2017

Hi, George

I hope you are good.

there is a solution provided by an engineer to only add one more static route in the vrf HQ router in my original setup as following :

ip route vrf HQ 10.0.0.0 255.0.0.0 10.2.2.2.2 global

To leak the route from global table into VRF and it amazingly worked and now I can ping the loopback interface. but at the same time I couldn't understand why I need to add this route but it worked!!!

Bharat Negi · ‎04-12-2018

Hi Asemmoqbel

As you already know, routing happens on per-hop basis. Hence, for ping to work, each hop, need to know how to forward query and how to return the response.

So, from branch router, you are able to send query to HQ router and then to HQ VRF. But HQ VRF, doesn't have route to return the query. If you remove "ip route vrf HQ 10.0.0.0 255.0.0.0 10.2.2.2.2 global" and do "sh ip route vrf HQ 10.0.0.0", you will get nothing.

Hence adding "ip route vrf HQ 10.0.0.0 255.0.0.0 10.2.2.2.2 global" completes the return path for ICMP query.

HTH.

Regards

Bharat