3.3.f Implement and troubleshoot VRF lite

edit: not really vrf lite but this is as good a spot as any…

this was a great experiment i did last year to prove the veracity of vrf… it’s one of my most popular documents over on cln… it bears repeating…

https://learningnetwork.cisco.com/people/brian-osgood?view=documents

Sunday, May 27, 2012

vrf… the road to mpls…

this is the beginning of what would later bury frame relay…
notice the diagram… the ip addresses are the same for the clients… virtual route forwarding… see below
r1#ping 10.1.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r1#
r2#ping 10.1.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
r2#
r4#ping 10.1.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
r4#
each client router (ce, client edge) is connected to  r3 (pe, provider edge) with a virtual connection provided by vrf… like frame relay without the hassle of a frame switch… this would later give way to mpls, or frame tagging for the wan…
normally, if you try to assign the same addresses to interfaces the router complains you have overlapping ip’s… with a little variable magic, and very little at that, you can change the game…
r3#ping vrf r1 10.1.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r3#ping vrf r2 10.1.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
r3#ping vrf r4 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
r3#

first note the rd’s (route-distinguishers) in the diagram in global config…
then assign them to the interfaces…
interface FastEthernet0/0
ip vrf forwarding r1
ip address 10.1.1.1 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0
ip vrf forwarding r2
ip address 10.1.1.1 255.255.255.0
encapsulation ppp
no fair-queue
clock rate 1000000
!
interface Serial0/1
ip vrf forwarding r4
ip address 10.1.1.1 255.255.255.0
encapsulation ppp
clock rate 1000000
of course, it’s just the beginning… you are running a separate route table for each vrf… see below
look ma, no global route table…
r3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static routeGateway of last resort is not setr3#

then…

 

r3#sh ip route vrf r4Routing Table: r4
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static routeGateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.1.1.2/32 is directly connected, Serial0/1
C       10.1.1.0/24 is directly connected, Serial0/1
r3#

so what’s the big deal with mpls… it doesn’t have to dig into the packet, it labels the packet, it tags it, and uses cef to switch the hell out of it…