Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Cisco: NSP

Problem with ip vrf receive command

  

 
Cisco nsp RSS feed   Index | Next | Previous | View Threaded


luca.tortiglione at gmail

Aug 9, 2012, 1:38 AM

Post #1 of 8 (632 views)
Permalink
Problem with ip vrf receive command
Good morning,
I need to insert a route in the general routing table and in a VRF.

Reading on Internet,
I thought to use ip vrf receive command on the interface.



this is CS router :

hostname CS
!
boot-start-marker
boot-end-marker
!
ip cef
!
!
!
!
ip vrf VTC
!
interface Loopback1021030
ip vrf receive VTC
ip address 10.210.3.1 255.255.255.255
ip policy route-map PC_TO_VTC
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1
ip vrf receive VTC
ip address 10.210.0.6 255.255.255.252
ip policy route-map PC_TO_VTC
speed auto
full-duplex
!
!

!
ip forward-protocol nd
ip route vrf VTC 10.208.0.0 255.255.255.0 10.210.0.5
!
!
no ip http server
no ip http secure-server
!
access-list 100 permit ip 10.210.3.0 0.0.0.255 10.208.0.0 0.0.0.255
access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.3.0 0.0.0.255
access-list 100 permit ip 10.210.0.0 0.0.0.255 10.208.0.0 0.0.0.255
access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.0.0 0.0.0.255
!
route-map PC_TO_VTC permit 1
match ip address 100
set vrf VTC

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


and this is border router :


hostname Border_VTC
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model

ip cef

ip vrf VTC

interface Loopback1
ip vrf forwarding VTC
ip address 10.208.0.1 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding VTC
ip address 10.210.0.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip vrf forwarding VTC
ip address 10.210.0.5 255.255.255.252
speed auto
full-duplex

ip forward-protocol nd
ip route vrf VTC 10.210.3.0 255.255.255.0 10.210.0.6

!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Trying to ping I have

CS#ping vrf VTC 10.208.0.1 source fastEthernet 0/1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.210.0.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/100/189 ms
CS#
*Mar 1 00:08:13.404: ICMP: echo reply rcvd, src 10.208.0.1, dst 10.210.0.6
*Mar 1 00:08:13.593: ICMP: echo reply rcvd, src 10.208.0.1, dst 10.210.0.6
*Mar 1 00:08:13.673: ICMP: echo reply rcvd, src 10.208.0.1, dst 10.210.0.6
*Mar 1 00:08:13.749: ICMP: echo reply rcvd, src 10.208.0.1, dst 10.210.0.6
*Mar 1 00:08:13.813: ICMP: echo reply rcvd, src 10.208.0.1, dst 10.210.0.6
CS#ping vrf VTC 10.208.0.1 source Loopback1021030

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.210.3.1
.....

On this failed ping i get

Border_VTC#
*Mar 1 00:08:33.810: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1
*Mar 1 00:08:35.757: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1
*Mar 1 00:08:37.764: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1
*Mar 1 00:08:39.752: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1
*Mar 1 00:08:41.767: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1


Trying ping on other router i get


Border_VTC#ping vrf VTC 10.210.3.1 source fastEthernet 0/1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
Packet sent with a source address of 10.210.0.5
.....
Success rate is 0 percent (0/5)
Border_VTC#ping vrf VTC 10.210.3.1 source loopback 1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
Packet sent with a source address of 10.208.0.1
.....
Success rate is 0 percent (0/5)
Border_VTC#


Any suggestion ?

--




L.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


adam.vitkovsky at swan

Aug 9, 2012, 2:01 AM

Post #2 of 8 (595 views)
Permalink
Re: Problem with ip vrf receive command [In reply to]
Does the VTC vrf has a route for your ping source please?

adam
-----Original Message-----
From: cisco-nsp-bounces [at] puck
[mailto:cisco-nsp-bounces [at] puck] On Behalf Of Luca Tortiglione
Sent: Thursday, August 09, 2012 10:39 AM
To: cisco-nsp
Subject: [c-nsp] Problem with ip vrf receive command

Good morning,
I need to insert a route in the general routing table and in a VRF.

Reading on Internet,
I thought to use ip vrf receive command on the interface.



this is CS router :

hostname CS
!
boot-start-marker
boot-end-marker
!
ip cef
!
!
!
!
ip vrf VTC
!
interface Loopback1021030
ip vrf receive VTC
ip address 10.210.3.1 255.255.255.255
ip policy route-map PC_TO_VTC
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1
ip vrf receive VTC
ip address 10.210.0.6 255.255.255.252
ip policy route-map PC_TO_VTC
speed auto
full-duplex
!
!

!
ip forward-protocol nd
ip route vrf VTC 10.208.0.0 255.255.255.0 10.210.0.5 !
!
no ip http server
no ip http secure-server
!
access-list 100 permit ip 10.210.3.0 0.0.0.255 10.208.0.0 0.0.0.255
access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.3.0 0.0.0.255
access-list 100 permit ip 10.210.0.0 0.0.0.255 10.208.0.0 0.0.0.255
access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.0.0 0.0.0.255 !
route-map PC_TO_VTC permit 1
match ip address 100
set vrf VTC

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


and this is border router :


hostname Border_VTC
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model

ip cef

ip vrf VTC

interface Loopback1
ip vrf forwarding VTC
ip address 10.208.0.1 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding VTC
ip address 10.210.0.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip vrf forwarding VTC
ip address 10.210.0.5 255.255.255.252
speed auto
full-duplex

ip forward-protocol nd
ip route vrf VTC 10.210.3.0 255.255.255.0 10.210.0.6

!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Trying to ping I have

CS#ping vrf VTC 10.208.0.1 source fastEthernet 0/1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.210.0.6 !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/100/189 ms
CS# *Mar 1 00:08:13.404: ICMP: echo reply rcvd, src 10.208.0.1, dst
10.210.0.6 *Mar 1 00:08:13.593: ICMP: echo reply rcvd, src 10.208.0.1, dst
10.210.0.6 *Mar 1 00:08:13.673: ICMP: echo reply rcvd, src 10.208.0.1, dst
10.210.0.6 *Mar 1 00:08:13.749: ICMP: echo reply rcvd, src 10.208.0.1, dst
10.210.0.6 *Mar 1 00:08:13.813: ICMP: echo reply rcvd, src 10.208.0.1, dst
10.210.0.6 CS#ping vrf VTC 10.208.0.1 source Loopback1021030

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.210.3.1 .....

On this failed ping i get

Border_VTC#
*Mar 1 00:08:33.810: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1
*Mar 1 00:08:35.757: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1
*Mar 1 00:08:37.764: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1
*Mar 1 00:08:39.752: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1
*Mar 1 00:08:41.767: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1


Trying ping on other router i get


Border_VTC#ping vrf VTC 10.210.3.1 source fastEthernet 0/1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
Packet sent with a source address of 10.210.0.5 .....
Success rate is 0 percent (0/5)
Border_VTC#ping vrf VTC 10.210.3.1 source loopback 1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
Packet sent with a source address of 10.208.0.1 .....
Success rate is 0 percent (0/5)
Border_VTC#


Any suggestion ?

--




L.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


luca.tortiglione at gmail

Aug 9, 2012, 2:05 AM

Post #3 of 8 (590 views)
Permalink
Re: Problem with ip vrf receive command [In reply to]
I have

ip route vrf VTC 10.208.0.0 255.255.255.0 10.210.0.5
and
ip route vrf VTC 10.210.3.0 255.255.255.0 10.210.0.6


and the other sources are directly connected networks, so no need to
add any other routes.


2012/8/9 adam vitkovsky <adam.vitkovsky [at] swan>:
> Does the VTC vrf has a route for your ping source please?
>
> adam
> -----Original Message-----
> From: cisco-nsp-bounces [at] puck
> [mailto:cisco-nsp-bounces [at] puck] On Behalf Of Luca Tortiglione
> Sent: Thursday, August 09, 2012 10:39 AM
> To: cisco-nsp
> Subject: [c-nsp] Problem with ip vrf receive command
>
> Good morning,
> I need to insert a route in the general routing table and in a VRF.
>
> Reading on Internet,
> I thought to use ip vrf receive command on the interface.
>
>
>
> this is CS router :
>
> hostname CS
> !
> boot-start-marker
> boot-end-marker
> !
> ip cef
> !
> !
> !
> !
> ip vrf VTC
> !
> interface Loopback1021030
> ip vrf receive VTC
> ip address 10.210.3.1 255.255.255.255
> ip policy route-map PC_TO_VTC
> !
> interface FastEthernet0/0
> no ip address
> duplex auto
> speed auto
> !
> interface FastEthernet0/1
> ip vrf receive VTC
> ip address 10.210.0.6 255.255.255.252
> ip policy route-map PC_TO_VTC
> speed auto
> full-duplex
> !
> !
>
> !
> ip forward-protocol nd
> ip route vrf VTC 10.208.0.0 255.255.255.0 10.210.0.5 !
> !
> no ip http server
> no ip http secure-server
> !
> access-list 100 permit ip 10.210.3.0 0.0.0.255 10.208.0.0 0.0.0.255
> access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.3.0 0.0.0.255
> access-list 100 permit ip 10.210.0.0 0.0.0.255 10.208.0.0 0.0.0.255
> access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.0.0 0.0.0.255 !
> route-map PC_TO_VTC permit 1
> match ip address 100
> set vrf VTC
>
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
>
> and this is border router :
>
>
> hostname Border_VTC
> !
> boot-start-marker
> boot-end-marker
> !
> !
> no aaa new-model
>
> ip cef
>
> ip vrf VTC
>
> interface Loopback1
> ip vrf forwarding VTC
> ip address 10.208.0.1 255.255.255.255
> !
> interface FastEthernet0/0
> ip vrf forwarding VTC
> ip address 10.210.0.2 255.255.255.252
> duplex auto
> speed auto
> !
> interface FastEthernet0/1
> ip vrf forwarding VTC
> ip address 10.210.0.5 255.255.255.252
> speed auto
> full-duplex
>
> ip forward-protocol nd
> ip route vrf VTC 10.210.3.0 255.255.255.0 10.210.0.6
>
> !
>
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
> Trying to ping I have
>
> CS#ping vrf VTC 10.208.0.1 source fastEthernet 0/1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
> Packet sent with a source address of 10.210.0.6 !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 56/100/189 ms
> CS# *Mar 1 00:08:13.404: ICMP: echo reply rcvd, src 10.208.0.1, dst
> 10.210.0.6 *Mar 1 00:08:13.593: ICMP: echo reply rcvd, src 10.208.0.1, dst
> 10.210.0.6 *Mar 1 00:08:13.673: ICMP: echo reply rcvd, src 10.208.0.1, dst
> 10.210.0.6 *Mar 1 00:08:13.749: ICMP: echo reply rcvd, src 10.208.0.1, dst
> 10.210.0.6 *Mar 1 00:08:13.813: ICMP: echo reply rcvd, src 10.208.0.1, dst
> 10.210.0.6 CS#ping vrf VTC 10.208.0.1 source Loopback1021030
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
> Packet sent with a source address of 10.210.3.1 .....
>
> On this failed ping i get
>
> Border_VTC#
> *Mar 1 00:08:33.810: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1
> *Mar 1 00:08:35.757: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1
> *Mar 1 00:08:37.764: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1
> *Mar 1 00:08:39.752: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1
> *Mar 1 00:08:41.767: ICMP: echo reply sent, src 10.208.0.1, dst 10.210.3.1
>
>
> Trying ping on other router i get
>
>
> Border_VTC#ping vrf VTC 10.210.3.1 source fastEthernet 0/1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
> Packet sent with a source address of 10.210.0.5 .....
> Success rate is 0 percent (0/5)
> Border_VTC#ping vrf VTC 10.210.3.1 source loopback 1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
> Packet sent with a source address of 10.208.0.1 .....
> Success rate is 0 percent (0/5)
> Border_VTC#
>
>
> Any suggestion ?
>
> --
>
>
>
>
> L.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



--




L.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


aaron1 at gvtc

Aug 9, 2012, 7:06 AM

Post #4 of 8 (585 views)
Permalink
Re: Problem with ip vrf receive command [In reply to]
Doesn't a vrf require an rd to even be functional?

Aaron

-----Original Message-----
From: cisco-nsp-bounces [at] puck
[mailto:cisco-nsp-bounces [at] puck] On Behalf Of Luca Tortiglione
Sent: Thursday, August 09, 2012 4:05 AM
To: adam vitkovsky
Cc: cisco-nsp
Subject: Re: [c-nsp] Problem with ip vrf receive command

I have

ip route vrf VTC 10.208.0.0 255.255.255.0 10.210.0.5 and ip route vrf VTC
10.210.3.0 255.255.255.0 10.210.0.6


and the other sources are directly connected networks, so no need to add any
other routes.


2012/8/9 adam vitkovsky <adam.vitkovsky [at] swan>:
> Does the VTC vrf has a route for your ping source please?
>
> adam
> -----Original Message-----
> From: cisco-nsp-bounces [at] puck
> [mailto:cisco-nsp-bounces [at] puck] On Behalf Of Luca
> Tortiglione
> Sent: Thursday, August 09, 2012 10:39 AM
> To: cisco-nsp
> Subject: [c-nsp] Problem with ip vrf receive command
>
> Good morning,
> I need to insert a route in the general routing table and in a VRF.
>
> Reading on Internet,
> I thought to use ip vrf receive command on the interface.
>
>
>
> this is CS router :
>
> hostname CS
> !
> boot-start-marker
> boot-end-marker
> !
> ip cef
> !
> !
> !
> !
> ip vrf VTC
> !
> interface Loopback1021030
> ip vrf receive VTC
> ip address 10.210.3.1 255.255.255.255 ip policy route-map PC_TO_VTC
> !
> interface FastEthernet0/0
> no ip address
> duplex auto
> speed auto
> !
> interface FastEthernet0/1
> ip vrf receive VTC
> ip address 10.210.0.6 255.255.255.252 ip policy route-map PC_TO_VTC
> speed auto full-duplex !
> !
>
> !
> ip forward-protocol nd
> ip route vrf VTC 10.208.0.0 255.255.255.0 10.210.0.5 !
> !
> no ip http server
> no ip http secure-server
> !
> access-list 100 permit ip 10.210.3.0 0.0.0.255 10.208.0.0 0.0.0.255
> access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.3.0 0.0.0.255
> access-list 100 permit ip 10.210.0.0 0.0.0.255 10.208.0.0 0.0.0.255
> access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.0.0 0.0.0.255 !
> route-map PC_TO_VTC permit 1
> match ip address 100
> set vrf VTC
>
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
>
> and this is border router :
>
>
> hostname Border_VTC
> !
> boot-start-marker
> boot-end-marker
> !
> !
> no aaa new-model
>
> ip cef
>
> ip vrf VTC
>
> interface Loopback1
> ip vrf forwarding VTC
> ip address 10.208.0.1 255.255.255.255 !
> interface FastEthernet0/0
> ip vrf forwarding VTC
> ip address 10.210.0.2 255.255.255.252 duplex auto speed auto !
> interface FastEthernet0/1
> ip vrf forwarding VTC
> ip address 10.210.0.5 255.255.255.252 speed auto full-duplex
>
> ip forward-protocol nd
> ip route vrf VTC 10.210.3.0 255.255.255.0 10.210.0.6
>
> !
>
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
> Trying to ping I have
>
> CS#ping vrf VTC 10.208.0.1 source fastEthernet 0/1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
> Packet sent with a source address of 10.210.0.6 !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 56/100/189
> ms CS# *Mar 1 00:08:13.404: ICMP: echo reply rcvd, src 10.208.0.1,
> dst
> 10.210.0.6 *Mar 1 00:08:13.593: ICMP: echo reply rcvd, src
> 10.208.0.1, dst
> 10.210.0.6 *Mar 1 00:08:13.673: ICMP: echo reply rcvd, src
> 10.208.0.1, dst
> 10.210.0.6 *Mar 1 00:08:13.749: ICMP: echo reply rcvd, src
> 10.208.0.1, dst
> 10.210.0.6 *Mar 1 00:08:13.813: ICMP: echo reply rcvd, src
> 10.208.0.1, dst
> 10.210.0.6 CS#ping vrf VTC 10.208.0.1 source Loopback1021030
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
> Packet sent with a source address of 10.210.3.1 .....
>
> On this failed ping i get
>
> Border_VTC#
> *Mar 1 00:08:33.810: ICMP: echo reply sent, src 10.208.0.1, dst
> 10.210.3.1 *Mar 1 00:08:35.757: ICMP: echo reply sent, src
> 10.208.0.1, dst 10.210.3.1 *Mar 1 00:08:37.764: ICMP: echo reply
> sent, src 10.208.0.1, dst 10.210.3.1 *Mar 1 00:08:39.752: ICMP: echo
> reply sent, src 10.208.0.1, dst 10.210.3.1 *Mar 1 00:08:41.767: ICMP:
> echo reply sent, src 10.208.0.1, dst 10.210.3.1
>
>
> Trying ping on other router i get
>
>
> Border_VTC#ping vrf VTC 10.210.3.1 source fastEthernet 0/1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
> Packet sent with a source address of 10.210.0.5 .....
> Success rate is 0 percent (0/5)
> Border_VTC#ping vrf VTC 10.210.3.1 source loopback 1
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
> Packet sent with a source address of 10.208.0.1 .....
> Success rate is 0 percent (0/5)
> Border_VTC#
>
>
> Any suggestion ?
>
> --
>
>
>
>
> L.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



--




L.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


luca.tortiglione at gmail

Aug 9, 2012, 7:27 AM

Post #5 of 8 (590 views)
Permalink
Re: Problem with ip vrf receive command [In reply to]
I know RD and route-target are used only by BGP.

2012/8/9 Aaron <aaron1 [at] gvtc>:
> Doesn't a vrf require an rd to even be functional?
>
> Aaron
>
> -----Original Message-----
> From: cisco-nsp-bounces [at] puck
> [mailto:cisco-nsp-bounces [at] puck] On Behalf Of Luca Tortiglione
> Sent: Thursday, August 09, 2012 4:05 AM
> To: adam vitkovsky
> Cc: cisco-nsp
> Subject: Re: [c-nsp] Problem with ip vrf receive command
>
> I have
>
> ip route vrf VTC 10.208.0.0 255.255.255.0 10.210.0.5 and ip route vrf VTC
> 10.210.3.0 255.255.255.0 10.210.0.6
>
>
> and the other sources are directly connected networks, so no need to add any
> other routes.
>
>
> 2012/8/9 adam vitkovsky <adam.vitkovsky [at] swan>:
>> Does the VTC vrf has a route for your ping source please?
>>
>> adam
>> -----Original Message-----
>> From: cisco-nsp-bounces [at] puck
>> [mailto:cisco-nsp-bounces [at] puck] On Behalf Of Luca
>> Tortiglione
>> Sent: Thursday, August 09, 2012 10:39 AM
>> To: cisco-nsp
>> Subject: [c-nsp] Problem with ip vrf receive command
>>
>> Good morning,
>> I need to insert a route in the general routing table and in a VRF.
>>
>> Reading on Internet,
>> I thought to use ip vrf receive command on the interface.
>>
>>
>>
>> this is CS router :
>>
>> hostname CS
>> !
>> boot-start-marker
>> boot-end-marker
>> !
>> ip cef
>> !
>> !
>> !
>> !
>> ip vrf VTC
>> !
>> interface Loopback1021030
>> ip vrf receive VTC
>> ip address 10.210.3.1 255.255.255.255 ip policy route-map PC_TO_VTC
>> !
>> interface FastEthernet0/0
>> no ip address
>> duplex auto
>> speed auto
>> !
>> interface FastEthernet0/1
>> ip vrf receive VTC
>> ip address 10.210.0.6 255.255.255.252 ip policy route-map PC_TO_VTC
>> speed auto full-duplex !
>> !
>>
>> !
>> ip forward-protocol nd
>> ip route vrf VTC 10.208.0.0 255.255.255.0 10.210.0.5 !
>> !
>> no ip http server
>> no ip http secure-server
>> !
>> access-list 100 permit ip 10.210.3.0 0.0.0.255 10.208.0.0 0.0.0.255
>> access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.3.0 0.0.0.255
>> access-list 100 permit ip 10.210.0.0 0.0.0.255 10.208.0.0 0.0.0.255
>> access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.0.0 0.0.0.255 !
>> route-map PC_TO_VTC permit 1
>> match ip address 100
>> set vrf VTC
>>
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>
>>
>> and this is border router :
>>
>>
>> hostname Border_VTC
>> !
>> boot-start-marker
>> boot-end-marker
>> !
>> !
>> no aaa new-model
>>
>> ip cef
>>
>> ip vrf VTC
>>
>> interface Loopback1
>> ip vrf forwarding VTC
>> ip address 10.208.0.1 255.255.255.255 !
>> interface FastEthernet0/0
>> ip vrf forwarding VTC
>> ip address 10.210.0.2 255.255.255.252 duplex auto speed auto !
>> interface FastEthernet0/1
>> ip vrf forwarding VTC
>> ip address 10.210.0.5 255.255.255.252 speed auto full-duplex
>>
>> ip forward-protocol nd
>> ip route vrf VTC 10.210.3.0 255.255.255.0 10.210.0.6
>>
>> !
>>
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>
>> Trying to ping I have
>>
>> CS#ping vrf VTC 10.208.0.1 source fastEthernet 0/1
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
>> Packet sent with a source address of 10.210.0.6 !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max = 56/100/189
>> ms CS# *Mar 1 00:08:13.404: ICMP: echo reply rcvd, src 10.208.0.1,
>> dst
>> 10.210.0.6 *Mar 1 00:08:13.593: ICMP: echo reply rcvd, src
>> 10.208.0.1, dst
>> 10.210.0.6 *Mar 1 00:08:13.673: ICMP: echo reply rcvd, src
>> 10.208.0.1, dst
>> 10.210.0.6 *Mar 1 00:08:13.749: ICMP: echo reply rcvd, src
>> 10.208.0.1, dst
>> 10.210.0.6 *Mar 1 00:08:13.813: ICMP: echo reply rcvd, src
>> 10.208.0.1, dst
>> 10.210.0.6 CS#ping vrf VTC 10.208.0.1 source Loopback1021030
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
>> Packet sent with a source address of 10.210.3.1 .....
>>
>> On this failed ping i get
>>
>> Border_VTC#
>> *Mar 1 00:08:33.810: ICMP: echo reply sent, src 10.208.0.1, dst
>> 10.210.3.1 *Mar 1 00:08:35.757: ICMP: echo reply sent, src
>> 10.208.0.1, dst 10.210.3.1 *Mar 1 00:08:37.764: ICMP: echo reply
>> sent, src 10.208.0.1, dst 10.210.3.1 *Mar 1 00:08:39.752: ICMP: echo
>> reply sent, src 10.208.0.1, dst 10.210.3.1 *Mar 1 00:08:41.767: ICMP:
>> echo reply sent, src 10.208.0.1, dst 10.210.3.1
>>
>>
>> Trying ping on other router i get
>>
>>
>> Border_VTC#ping vrf VTC 10.210.3.1 source fastEthernet 0/1
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
>> Packet sent with a source address of 10.210.0.5 .....
>> Success rate is 0 percent (0/5)
>> Border_VTC#ping vrf VTC 10.210.3.1 source loopback 1
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
>> Packet sent with a source address of 10.208.0.1 .....
>> Success rate is 0 percent (0/5)
>> Border_VTC#
>>
>>
>> Any suggestion ?
>>
>> --
>>
>>
>>
>>
>> L.
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>
>
> --
>
>
>
>
> L.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



--




L.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


adam.vitkovsky at swan

Aug 9, 2012, 7:55 AM

Post #6 of 8 (584 views)
Permalink
Re: Problem with ip vrf receive command [In reply to]
If I understood it correctly than "ip vrf receive VTC" makes all the
interface addresses belong to the VRF VTC
Additionally you've specified a list of source addresses in ACL 100 -for
which the destination lookups should be done in the VTC VRF -in accordance
to the PC_TO_VTC route-map

Now I don't understand where does the "need to insert a route in the general
routing table and in a VRF" falls in
Would you please clarify what would you like to accomplish


adam

-----Original Message-----
From: Luca Tortiglione [mailto:luca.tortiglione [at] gmail]
Sent: Thursday, August 09, 2012 4:27 PM
To: Aaron
Cc: adam vitkovsky; cisco-nsp
Subject: Re: [c-nsp] Problem with ip vrf receive command

I know RD and route-target are used only by BGP.

2012/8/9 Aaron <aaron1 [at] gvtc>:
> Doesn't a vrf require an rd to even be functional?
>
> Aaron
>
> -----Original Message-----
> From: cisco-nsp-bounces [at] puck
> [mailto:cisco-nsp-bounces [at] puck] On Behalf Of Luca
> Tortiglione
> Sent: Thursday, August 09, 2012 4:05 AM
> To: adam vitkovsky
> Cc: cisco-nsp
> Subject: Re: [c-nsp] Problem with ip vrf receive command
>
> I have
>
> ip route vrf VTC 10.208.0.0 255.255.255.0 10.210.0.5 and ip route vrf
> VTC
> 10.210.3.0 255.255.255.0 10.210.0.6
>
>
> and the other sources are directly connected networks, so no need to
> add any other routes.
>
>
> 2012/8/9 adam vitkovsky <adam.vitkovsky [at] swan>:
>> Does the VTC vrf has a route for your ping source please?
>>
>> adam
>> -----Original Message-----
>> From: cisco-nsp-bounces [at] puck
>> [mailto:cisco-nsp-bounces [at] puck] On Behalf Of Luca
>> Tortiglione
>> Sent: Thursday, August 09, 2012 10:39 AM
>> To: cisco-nsp
>> Subject: [c-nsp] Problem with ip vrf receive command
>>
>> Good morning,
>> I need to insert a route in the general routing table and in a VRF.
>>
>> Reading on Internet,
>> I thought to use ip vrf receive command on the interface.
>>
>>
>>
>> this is CS router :
>>
>> hostname CS
>> !
>> boot-start-marker
>> boot-end-marker
>> !
>> ip cef
>> !
>> !
>> !
>> !
>> ip vrf VTC
>> !
>> interface Loopback1021030
>> ip vrf receive VTC
>> ip address 10.210.3.1 255.255.255.255 ip policy route-map PC_TO_VTC
>> !
>> interface FastEthernet0/0
>> no ip address
>> duplex auto
>> speed auto
>> !
>> interface FastEthernet0/1
>> ip vrf receive VTC
>> ip address 10.210.0.6 255.255.255.252 ip policy route-map PC_TO_VTC
>> speed auto full-duplex !
>> !
>>
>> !
>> ip forward-protocol nd
>> ip route vrf VTC 10.208.0.0 255.255.255.0 10.210.0.5 !
>> !
>> no ip http server
>> no ip http secure-server
>> !
>> access-list 100 permit ip 10.210.3.0 0.0.0.255 10.208.0.0 0.0.0.255
>> access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.3.0 0.0.0.255
>> access-list 100 permit ip 10.210.0.0 0.0.0.255 10.208.0.0 0.0.0.255
>> access-list 100 permit ip 10.208.0.0 0.0.0.255 10.210.0.0 0.0.0.255 !
>> route-map PC_TO_VTC permit 1
>> match ip address 100
>> set vrf VTC
>>
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>
>>
>> and this is border router :
>>
>>
>> hostname Border_VTC
>> !
>> boot-start-marker
>> boot-end-marker
>> !
>> !
>> no aaa new-model
>>
>> ip cef
>>
>> ip vrf VTC
>>
>> interface Loopback1
>> ip vrf forwarding VTC
>> ip address 10.208.0.1 255.255.255.255 !
>> interface FastEthernet0/0
>> ip vrf forwarding VTC
>> ip address 10.210.0.2 255.255.255.252 duplex auto speed auto !
>> interface FastEthernet0/1
>> ip vrf forwarding VTC
>> ip address 10.210.0.5 255.255.255.252 speed auto full-duplex
>>
>> ip forward-protocol nd
>> ip route vrf VTC 10.210.3.0 255.255.255.0 10.210.0.6
>>
>> !
>>
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>
>> Trying to ping I have
>>
>> CS#ping vrf VTC 10.208.0.1 source fastEthernet 0/1
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
>> Packet sent with a source address of 10.210.0.6 !!!!!
>> Success rate is 100 percent (5/5), round-trip min/avg/max =
>> 56/100/189 ms CS# *Mar 1 00:08:13.404: ICMP: echo reply rcvd, src
>> 10.208.0.1, dst
>> 10.210.0.6 *Mar 1 00:08:13.593: ICMP: echo reply rcvd, src
>> 10.208.0.1, dst
>> 10.210.0.6 *Mar 1 00:08:13.673: ICMP: echo reply rcvd, src
>> 10.208.0.1, dst
>> 10.210.0.6 *Mar 1 00:08:13.749: ICMP: echo reply rcvd, src
>> 10.208.0.1, dst
>> 10.210.0.6 *Mar 1 00:08:13.813: ICMP: echo reply rcvd, src
>> 10.208.0.1, dst
>> 10.210.0.6 CS#ping vrf VTC 10.208.0.1 source Loopback1021030
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 10.208.0.1, timeout is 2 seconds:
>> Packet sent with a source address of 10.210.3.1 .....
>>
>> On this failed ping i get
>>
>> Border_VTC#
>> *Mar 1 00:08:33.810: ICMP: echo reply sent, src 10.208.0.1, dst
>> 10.210.3.1 *Mar 1 00:08:35.757: ICMP: echo reply sent, src
>> 10.208.0.1, dst 10.210.3.1 *Mar 1 00:08:37.764: ICMP: echo reply
>> sent, src 10.208.0.1, dst 10.210.3.1 *Mar 1 00:08:39.752: ICMP: echo
>> reply sent, src 10.208.0.1, dst 10.210.3.1 *Mar 1 00:08:41.767: ICMP:
>> echo reply sent, src 10.208.0.1, dst 10.210.3.1
>>
>>
>> Trying ping on other router i get
>>
>>
>> Border_VTC#ping vrf VTC 10.210.3.1 source fastEthernet 0/1
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
>> Packet sent with a source address of 10.210.0.5 .....
>> Success rate is 0 percent (0/5)
>> Border_VTC#ping vrf VTC 10.210.3.1 source loopback 1
>>
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 10.210.3.1, timeout is 2 seconds:
>> Packet sent with a source address of 10.208.0.1 .....
>> Success rate is 0 percent (0/5)
>> Border_VTC#
>>
>>
>> Any suggestion ?
>>
>> --
>>
>>
>>
>>
>> L.
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>
>
> --
>
>
>
>
> L.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



--




L.

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


tim at pelican

Aug 9, 2012, 7:58 AM

Post #7 of 8 (586 views)
Permalink
Re: Problem with ip vrf receive command [In reply to]
> I know RD and route-target are used only by BGP.

Right, but even for "vrf-lite", Cisco still require you to assign an RD before the VRF becomes activated.

Regards,
Tim.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


luca.tortiglione at gmail

Aug 9, 2012, 8:06 AM

Post #8 of 8 (587 views)
Permalink
Re: Problem with ip vrf receive command [In reply to]
Ok Tim,
now i have RD configured.


by using ip vrf receive VTC,
i have that address belonging to global routing table and to VTC routing table.

I need these route/addresses let communicate between them.

I think something is going wrong, because the ping doesn't work.

I read an access-list is mandatory to specify "when" treat the network
as a network inside the vrf.
But if i delete access-list 100, i can ping anyway.

Any idea to how to allow a vlan not belonging a VRF to communicate
inside the VRF and viceversa ?

2012/8/9 Tim Franklin <tim [at] pelican>:
>> I know RD and route-target are used only by BGP.
>
> Right, but even for "vrf-lite", Cisco still require you to assign an RD before the VRF becomes activated.
>
> Regards,
> Tim.



--




L.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Cisco nsp RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.