IOS XE 15.5
IOS XR 5.3
The topology for this demo:
In this post we will begin the Layer 3 aspect of the SPv4 blueprint, this will include both IPv4 and IPv6 AFIs, where applicable and supported. We'll start out with the very basic with the VRF aspect, what a VRF is, why you would use it, where it fits, etc. The VRF is a really important component in the MPLS L3 VPN deployment model, however, MPLS is not needed to VRFs. This is where VRF Lite comes into play. To be transparent/clear, MPLS is deployed everywhere in the SP core, however, with the creation of the VRF, we are not enabling MPLS on VRF based interfaces, so IP based forwarding will be used.
A VRF or Virtual Routing and Forwarding table is a way for a Layer 3 device to create a new routing table, which is a broadcast domain. If you are familiar with Layer 2 switching uses the "VLAN" to create multiple broadcast domains on a switch or multiplex the switch. By default, switches and routers, on the main interface, all interfaces are in VLAN 1. A VRF on a router is 1:1 analogous to a VLAN on a switch. A VRF simply allows a router to create multiple user defined broadcast domains. Like a VLAN, an interface is placed into the VRF, which then takes the interface out of the default or global RIB. When you create a VRF, a Route Distinguisher or RD is configured to make any routes that are in that VRF globally unique.
A Route Distinguisher in its simplest form is a way for VRF routes to be uniquely identified. Technically not needed for VRF lite, since VRF lite isn't leveraging MPLS for transport, it could, but in our demo we are not. The RD is a 64 bit value or 8 bytes broken into a A:N or 50693:100 where typically the ASN of the provider is used in conjunction with a customer ID, this is just one way of many to break it down. The other way is IP:N or 192.168.1.11:100, where the RID/MP-BGP Loopback for VPNv4/v6 could be used as well. It's up to the organization to determine. I use 50693:100 for simplicity. The RD is prepended to the beginning of the route in the VRF RIB to make it unique, 50693:100:100.100.100.1/32 for instance. In total, when used, the IPv4 address increases in size from 32 bits or 4 bytes to 96 bits or 12 bytes, 64 are unique the RD the other 32 the original IPv4 address.
Our demo will be very simple to setup from a VRF perspective, the actual VRF configuration is only a few commands, placing interfaces into the VRFs, IPv4/v6 addressing, configuring routing all come later on. We'll configure VRF lite on R1, XR5, R4 and R3 with the goal of advertising loopback 100 into the IGP or via static routing. We'll configure all the IGPs and any supported AFIs so we can test that functionality. We'll start with RIP having a high AD of 120. So first we'll configure VRF CCIE, place interfaces into VRF CCIE and then setup routing inside VRF CCIE.
R3, R4 and R1
vrf definition CCIE
rd 50693:100
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
XR5
vrf CCIE
address-family ipv4 unicast
!
address-family ipv6 unicast
!
router bgp 1
vrf CCIE
rd 50693:100
In IOS XR, the RD is configured under the BGP VRF configuration mode, the RT or Route Target is configured under the VRF globally, covered when we begin L3 VPN.
Now we'll configure new interfaces and place those interfaces into VRF CCIE.
XR5
interface Loopback100
vrf CCIE
ipv4 address 100.100.100.15 255.255.255.255
ipv6 address fc00::15/128
!
interface GigabitEthernet0/0/0/0.100
vrf CCIE
ipv4 address 192.168.15.15 255.255.255.0
ipv6 address 2100:15::15/64
encapsulation dot1q 100
!
interface GigabitEthernet0/0/0/0.101
vrf CCIE
ipv4 address 192.168.45.15 255.255.255.0
ipv6 address 2100:45::15/64
encapsulation dot1q 101
R1
interface Loopback100
vrf forwarding CCIE
ip address 100.100.100.1 255.255.255.255
ipv6 address FC00::1/128
!
interface GigabitEthernet1.100
encapsulation dot1Q 100
vrf forwarding CCIE
ip address 192.168.15.1 255.255.255.0
ipv6 address 2100:15::1/64
R4
interface GigabitEthernet1.101
encapsulation dot1Q 101
vrf forwarding CCIE
ip address 192.168.45.4 255.255.255.0
ipv6 address 2100:45::4/64
!
interface GigabitEthernet1.102
encapsulation dot1Q 102
vrf forwarding CCIE
ip address 192.168.34.4 255.255.255.0
ipv6 address 2100:34::4/64
!
interface Loopback100
vrf forwarding CCIE
ip address 100.100.100.4 255.255.255.255
ipv6 address FC00::4/128
R3
interface Loopback100
vrf forwarding CCIE
ip address 100.100.100.3 255.255.255.255
ipv6 address FC00::3/128
!
interface GigabitEthernet1.102
encapsulation dot1Q 102
vrf forwarding CCIE
ip address 192.168.34.3 255.255.255.0
ipv6 address 2100:34::3/64
Ok, so now that we have all of the interfaces in VRF CCIE, we can now go ahead and configure RIPv2 for IPv4 on the above routers and RIPng on R3 and R4, XRv 5.3 doesn't appear to support IPv6 RIP.
R3
router rip
no auto-summary
!
address-family ipv4 vrf CCIE
network 100.0.0.0
network 192.168.34.0
no auto-summary
version 2
exit-address-family
R4
router rip
no auto-summary
!
address-family ipv4 vrf CCIE
network 100.0.0.0
network 192.168.34.0
network 192.168.45.0
no auto-summary
version 2
exit-address-family
XR5
router rip
vrf CCIE
interface Loopback100
!
interface GigabitEthernet0/0/0/0.100
!
interface GigabitEthernet0/0/0/0.101
R1
router rip
no auto-summary
!
address-family ipv4 vrf CCIE
network 100.0.0.0
network 192.168.15.0
network 192.168.34.0
no auto-summary
version 2
exit-address-family
Now we'll configure the IPv6 variant on R3 and R4.
R3
ipv6 rip vrf-mode enable
interface GigabitEthernet1.102
ipv6 rip CCIE enable
!
interface Loopback100
ipv6 rip CCIE enable
R4
ipv6 rip vrf-mode enable
interface GigabitEthernet1.102
ipv6 rip CCIE enable
!
interface Loopback100
ipv6 rip CCIE enable
So let's go ahead and verify the base VRF configuration.
R1#sh vrf CCIE
Name Default RD Protocols Interfaces
CCIE 50693:100 ipv4,ipv6 Gi1.100
Lo100
R1#sh vrf CCIE
Name Default RD Protocols Interfaces
CCIE 50693:100 ipv4,ipv6 Gi1.100
Lo100
R1#sh ip route vrf CCIE
Routing Table: CCIE
Gateway of last resort is not set
100.0.0.0/32 is subnetted, 4 subnets
C 100.100.100.1 is directly connected, Loopback100
R 100.100.100.3
[120/3] via 192.168.15.15, 00:00:03, GigabitEthernet1.100
R 100.100.100.4
[120/2] via 192.168.15.15, 00:00:03, GigabitEthernet1.100
R 100.100.100.15
[120/1] via 192.168.15.15, 00:00:03, GigabitEthernet1.100
192.168.15.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.15.0/24 is directly connected, GigabitEthernet1.100
L 192.168.15.1/32 is directly connected, GigabitEthernet1.100
R 192.168.34.0/24
[120/2] via 192.168.15.15, 00:00:03, GigabitEthernet1.100
R 192.168.45.0/24
[120/1] via 192.168.15.15, 00:00:03, GigabitEthernet1.100
RP/0/0/CPU0:XR5#sh vrf CCIE
Tue Jan 3 19:33:14.350 UTC
VRF RD RT AFI SAFI
CCIE 50693:100
RP/0/0/CPU0:XR5#sh route vrf CCIE
Tue Jan 3 19:36:17.128 UTC
Gateway of last resort is not set
R 100.100.100.1/32 [120/1] via 192.168.15.1, 19:52:44, GigabitEthernet0/0/0/0.100
R 100.100.100.3/32 [120/2] via 192.168.45.4, 19:53:06, GigabitEthernet0/0/0/0.101
R 100.100.100.4/32 [120/1] via 192.168.45.4, 19:53:06, GigabitEthernet0/0/0/0.101
L 100.100.100.15/32 is directly connected, 20:11:37, Loopback100
C 192.168.15.0/24 is directly connected, 20:11:37, GigabitEthernet0/0/0/0.100
L 192.168.15.15/32 is directly connected, 20:11:37, GigabitEthernet0/0/0/0.100
R 192.168.34.0/24 [120/1] via 192.168.45.4, 19:53:06, GigabitEthernet0/0/0/0.101
C 192.168.45.0/24 is directly connected, 20:11:37, GigabitEthernet0/0/0/0.101
L 192.168.45.15/32 is directly connected, 20:11:37, GigabitEthernet0/0/0/0.101
As you can see, pretty basic verification.
Now let's take a look at verifying the RIPv2 specific VRF.
R1#sh ip rip database vrf CCIE
100.0.0.0/8 auto-summary
100.100.100.1/32 directly connected, Loopback100
100.100.100.3/32
[3] via 192.168.15.15, 00:00:03, GigabitEthernet1.100
100.100.100.4/32
[2] via 192.168.15.15, 00:00:03, GigabitEthernet1.100
100.100.100.15/32
[1] via 192.168.15.15, 00:00:03, GigabitEthernet1.100
192.168.15.0/24 auto-summary
192.168.15.0/24 directly connected, GigabitEthernet1.100
192.168.34.0/24 auto-summary
192.168.34.0/24
[2] via 192.168.15.15, 00:00:03, GigabitEthernet1.100
192.168.45.0/24 auto-summary
192.168.45.0/24
[1] via 192.168.15.15, 00:00:03, GigabitEthernet1.100
R3#sh ipv6 route vrf CCIE
IPv6 Routing Table - CCIE - 5 entries
C 2100:34::/64 [0/0]
via GigabitEthernet1.102, directly connected
L 2100:34::3/128 [0/0]
via GigabitEthernet1.102, receive
LC FC00::3/128 [0/0]
via Loopback100, receive
R FC00::4/128 [120/2]
via FE80::20C:29FF:FE88:6F18, GigabitEthernet1.102
L FF00::/8 [0/0]
via Null0, receive
RP/0/0/CPU0:XR5#sh rip vrf CCIE
Tue Jan 3 19:43:37.558 UTC
RIP config:
Active: Yes
Added to socket: Yes
Out-of-memory state: Normal
Version: 2
Default metric: Not set
Maximum paths: 4
Auto summarize: No
Broadcast for V2: No
Packet source validation: Yes
NSF: Disabled
Timers: Update: 30 seconds (8 seconds until next update)
Invalid: 180 seconds
Holddown: 180 seconds
Flush: 240 seconds
I don't want to focus on RIPv2, I want to be specific to VRF outputs. I'm limited on the verification because RIPv2 and RIPng have very few verification commands.
As you can see overall, VRF Lite in general is relatively easy to configure.
No comments:
Post a Comment