Tuesday, November 16, 2010

Today's work in a shot: configuring Lwapp AP 1252

Hi all,
here's a shot of this afternoon work :

Looks like a solid wall of LWAPP 1252s !


But wait.... where is my collegue?


here it is! :-)

(just kidding)

Marco

Sunday, November 14, 2010

"vrf definition" command, how to survive

Hi all,

as you may know, the old vrf definition commands are useful only for ipv4 vrfs.

for example:

ip vrf OLD-FORMAT
description old format for vrf definition
rd 1:1
vpn id ABC:DEF
route-target export 1:1
route-target import 1:1
route-target import 1:2


Will create a ipv4 vrf only, you can see it with:

Router(config-vrf)#do sh vrf detail
VRF OLD-FORMAT; default RD 1:1; default VPNID ABC:DEF
Description: old format for vrf definition
No interfaces
Address family ipv4 (Table ID = 0x1):
Export VPN route-target communities
RT:1:1
Import VPN route-target communities
RT:1:1 RT:1:2
No import route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
Address family ipv6 not active.


If we try to add an interface to vrf, with both ipv4 and ipv6 addresses, we notice also:

Router(config)#do sh run int f 0/0 | b int
interface FastEthernet0/0
ip vrf forwarding OLD-FORMAT
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
ipv6 address FC00:1234:CC13::1/64


Router(config)#do sh ip route vrf OLD-FORMAT | b Gate
Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0
Router(config)#

Router(config)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

Router(config)#do sh ipv6 route
IPv6 Routing Table - Default - 3 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C FC00:1234:CC13::/64 [0/0]
via FastEthernet0/0, directly connected
L FC00:1234:CC13::1/128 [0/0]
via FastEthernet0/0, receive
L FF00::/8 [0/0]
via Null0, receive


As expected, the vrf table is created only for ipv4 address-family, the ipv6 address still in the global table.

Starting from IOS 12.4(20)T (and 12.2(33)Sxx) the new command "vrf definition" was introduced.
According to the Doc-CD, the command creates both the virtual routing tables for ipv4 and ipv6 address-families, and can be used to specify global route-targets for both address-families and also specific route-targets.

So far so good, let's try this relatively new feature and see if it's working as documented:


Router(config)#vrf definition NEW-FORMAT
Router(config-vrf)#rd 2:2
Router(config-vrf)#?
VPN Routing/Forwarding instance configuration commands:
address-family Enter Address Family command mode
context Associate SNMP context with this vrf
default Set a command to its defaults
description VRF specific description
exit Exit from VRF configuration mode
no Negate a command or set its defaults
rd Specify Route Distinguisher
route-target Specify Target VPN Extended Communities
vpn Configure VPN ID as specified in rfc2685

Router(config-vrf)#route-target both 2:2
Router(config-vrf)#route-target import 100:100
Router(config-vrf)#do sh run vrf NEW-FORMAT
Building configuration...

Current configuration : 120 bytes
vrf definition NEW-FORMAT
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 100:100
!
end


Nice, as you can see, I have placed the route-targets globally, hoping that it will use for both address families.
In fact, this is not happening at all, because seems that the address-families aren't activated:

Router(config-vrf)#sh vrf detail NEW-FORMAT
VRF NEW-FORMAT; default RD 2:2; default VPNID
No interfaces
Address family ipv4 not active.
Address family ipv6 not active.


So if you try to add an interface to this vrf, the result is something strange:

Router(config)#int f 0/1
Router(config-if)#ip vrf forwarding NEW-FORMAT
% Use 'vrf forwarding' command for VRF 'NEW-FORMAT' !-- note that the old format command is rejected
Router(config-if)#vrf forwarding NEW-FORMAT
Router(config-if)#ip add 10.2.2.2 255.255.255.0
Router(config-if)#ipv6 address fc00:2222:2222::2/64
%FastEthernet0/1 is linked to a VRF. Enable IPv6 on that VRF first. !-- IPv6 address is rejected too!
Router(config-if)#do sh run int f 0/1
Building configuration...

Current configuration : 120 bytes
!
interface FastEthernet0/1
vrf forwarding NEW-FORMAT
ip address 10.2.2.2 255.255.255.0
duplex auto
speed auto
end


Seems that the ipv6 address was rejected due the missing address-family activation, but the ipv4 was accepted.

Surprise! The ipv4 still in global routing table, not in the vrf table!

Router(config-if)#do sh ip route | beg Gate
Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets
C 10.2.2.0 is directly connected, FastEthernet0/1

Router(config-if)#do sh ip route vrf NEW-FORMAT

Router(config-if)#


So let's activate the address families:

Router(config)#vrf definition NEW-FORMAT
Router(config-vrf)#address-family ipv4
Router(config-vrf-af)#route-target both 2:2
Router(config-vrf-af)#exit
Router(config-vrf)#address-family ipv6
Router(config-vrf-af)#route-target both 2:2
Router(config-vrf-af)#exit
Router(config-vrf)#do sh run vrf NEW-FORMAT
Building configuration...

Current configuration : 409 bytes
vrf definition NEW-FORMAT
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 100:100
!
address-family ipv4
route-target export 2:2
route-target import 2:2
exit-address-family
!
address-family ipv6
route-target export 2:2
route-target import 2:2
exit-address-family
!
!
interface FastEthernet0/1
vrf forwarding NEW-FORMAT
no ip address
duplex auto
speed auto
!
!
end

Router(config-vrf)#

Yup! the ip address disappeared without notice!

Let's re-add both ip and ipv6 addresses

Router(config-vrf)#int f 0/1
Router(config-if)#ip add 10.2.2.2 255.255.255.0
Router(config-if)#ipv add fc00:2222:2222::2/64
Router(config-if)#do sh run vrf NEW-FORMAT
Building configuration...

Current configuration : 464 bytes
vrf definition NEW-FORMAT
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 100:100
!
address-family ipv4
route-target export 2:2
route-target import 2:2
exit-address-family
!
address-family ipv6
route-target export 2:2
route-target import 2:2
exit-address-family
!
!
interface FastEthernet0/1
vrf forwarding NEW-FORMAT
ip address 10.2.2.2 255.255.255.0
duplex auto
speed auto
ipv6 address FC00:2222:2222::2/64
!
!
end

Router(config-if)#do sh ip route | beg Gate
Gateway of last resort is not set

Router(config-if)#do sh ip route vrf NEW-FORMAT

Routing Table: NEW-FORMAT
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets
C 10.2.2.0 is directly connected, FastEthernet0/1
Router(config-if)#do sh ipv6 route vrf NEW-FORMAT
IPv6 Routing Table - NEW-FORMAT - 3 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C FC00:2222:2222::/64 [0/0]
via FastEthernet0/1, directly connected
L FC00:2222:2222::2/128 [0/0]
via FastEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive
Router(config-if)#


Finally it's all right, ip and ipv6 addresses are in the vrf routing table, I'm still asking myself what is the purpose of global route-targets...

:-)
Fortunately, seems that they have modified in the 15.0 IOS version. The above tests was on my 12.4T rack, when tryed with dynamips on 15.0...

RackVR1(config)#vrf definition TEST
RackVR1(config-vrf)#rd 1:1
RackVR1(config-vrf)#route-target both 1:1

RackVR1(config)#int f 2/0
RackVR1(config-if)#vrf forwarding TEST
% Cannot configure VRF forwarding since no address family configuration exists in this VRF TEST; Please configure address family first
RackVR1(config-if)#do sh ver
Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.0(1)M, RELEASE SOFTWARE (fc2)
...



Marco

Ps: by the way.. I'm back.

Wednesday, November 3, 2010

CCIE Exam... delayed



Hi all, this short one to inform all my readers that I have delayed my exam to 31 Jan 2011.
Just to feel more prepared and more confident.
I will work on speed and accuracy during this additional time, and as usual more lab and lab and lab...

Thank you all for the previous encouraging mails and comments
Marco