Sunday, November 14, 2010

"vrf definition" command, how to survive

Hi all,

as you may know, the old vrf definition commands are useful only for ipv4 vrfs.

for example:

ip vrf OLD-FORMAT
description old format for vrf definition
rd 1:1
vpn id ABC:DEF
route-target export 1:1
route-target import 1:1
route-target import 1:2


Will create a ipv4 vrf only, you can see it with:

Router(config-vrf)#do sh vrf detail
VRF OLD-FORMAT; default RD 1:1; default VPNID ABC:DEF
Description: old format for vrf definition
No interfaces
Address family ipv4 (Table ID = 0x1):
Export VPN route-target communities
RT:1:1
Import VPN route-target communities
RT:1:1 RT:1:2
No import route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
Address family ipv6 not active.


If we try to add an interface to vrf, with both ipv4 and ipv6 addresses, we notice also:

Router(config)#do sh run int f 0/0 | b int
interface FastEthernet0/0
ip vrf forwarding OLD-FORMAT
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
ipv6 address FC00:1234:CC13::1/64


Router(config)#do sh ip route vrf OLD-FORMAT | b Gate
Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0
Router(config)#

Router(config)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

Router(config)#do sh ipv6 route
IPv6 Routing Table - Default - 3 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C FC00:1234:CC13::/64 [0/0]
via FastEthernet0/0, directly connected
L FC00:1234:CC13::1/128 [0/0]
via FastEthernet0/0, receive
L FF00::/8 [0/0]
via Null0, receive


As expected, the vrf table is created only for ipv4 address-family, the ipv6 address still in the global table.

Starting from IOS 12.4(20)T (and 12.2(33)Sxx) the new command "vrf definition" was introduced.
According to the Doc-CD, the command creates both the virtual routing tables for ipv4 and ipv6 address-families, and can be used to specify global route-targets for both address-families and also specific route-targets.

So far so good, let's try this relatively new feature and see if it's working as documented:


Router(config)#vrf definition NEW-FORMAT
Router(config-vrf)#rd 2:2
Router(config-vrf)#?
VPN Routing/Forwarding instance configuration commands:
address-family Enter Address Family command mode
context Associate SNMP context with this vrf
default Set a command to its defaults
description VRF specific description
exit Exit from VRF configuration mode
no Negate a command or set its defaults
rd Specify Route Distinguisher
route-target Specify Target VPN Extended Communities
vpn Configure VPN ID as specified in rfc2685

Router(config-vrf)#route-target both 2:2
Router(config-vrf)#route-target import 100:100
Router(config-vrf)#do sh run vrf NEW-FORMAT
Building configuration...

Current configuration : 120 bytes
vrf definition NEW-FORMAT
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 100:100
!
end


Nice, as you can see, I have placed the route-targets globally, hoping that it will use for both address families.
In fact, this is not happening at all, because seems that the address-families aren't activated:

Router(config-vrf)#sh vrf detail NEW-FORMAT
VRF NEW-FORMAT; default RD 2:2; default VPNID
No interfaces
Address family ipv4 not active.
Address family ipv6 not active.


So if you try to add an interface to this vrf, the result is something strange:

Router(config)#int f 0/1
Router(config-if)#ip vrf forwarding NEW-FORMAT
% Use 'vrf forwarding' command for VRF 'NEW-FORMAT' !-- note that the old format command is rejected
Router(config-if)#vrf forwarding NEW-FORMAT
Router(config-if)#ip add 10.2.2.2 255.255.255.0
Router(config-if)#ipv6 address fc00:2222:2222::2/64
%FastEthernet0/1 is linked to a VRF. Enable IPv6 on that VRF first. !-- IPv6 address is rejected too!
Router(config-if)#do sh run int f 0/1
Building configuration...

Current configuration : 120 bytes
!
interface FastEthernet0/1
vrf forwarding NEW-FORMAT
ip address 10.2.2.2 255.255.255.0
duplex auto
speed auto
end


Seems that the ipv6 address was rejected due the missing address-family activation, but the ipv4 was accepted.

Surprise! The ipv4 still in global routing table, not in the vrf table!

Router(config-if)#do sh ip route | beg Gate
Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets
C 10.2.2.0 is directly connected, FastEthernet0/1

Router(config-if)#do sh ip route vrf NEW-FORMAT

Router(config-if)#


So let's activate the address families:

Router(config)#vrf definition NEW-FORMAT
Router(config-vrf)#address-family ipv4
Router(config-vrf-af)#route-target both 2:2
Router(config-vrf-af)#exit
Router(config-vrf)#address-family ipv6
Router(config-vrf-af)#route-target both 2:2
Router(config-vrf-af)#exit
Router(config-vrf)#do sh run vrf NEW-FORMAT
Building configuration...

Current configuration : 409 bytes
vrf definition NEW-FORMAT
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 100:100
!
address-family ipv4
route-target export 2:2
route-target import 2:2
exit-address-family
!
address-family ipv6
route-target export 2:2
route-target import 2:2
exit-address-family
!
!
interface FastEthernet0/1
vrf forwarding NEW-FORMAT
no ip address
duplex auto
speed auto
!
!
end

Router(config-vrf)#

Yup! the ip address disappeared without notice!

Let's re-add both ip and ipv6 addresses

Router(config-vrf)#int f 0/1
Router(config-if)#ip add 10.2.2.2 255.255.255.0
Router(config-if)#ipv add fc00:2222:2222::2/64
Router(config-if)#do sh run vrf NEW-FORMAT
Building configuration...

Current configuration : 464 bytes
vrf definition NEW-FORMAT
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 100:100
!
address-family ipv4
route-target export 2:2
route-target import 2:2
exit-address-family
!
address-family ipv6
route-target export 2:2
route-target import 2:2
exit-address-family
!
!
interface FastEthernet0/1
vrf forwarding NEW-FORMAT
ip address 10.2.2.2 255.255.255.0
duplex auto
speed auto
ipv6 address FC00:2222:2222::2/64
!
!
end

Router(config-if)#do sh ip route | beg Gate
Gateway of last resort is not set

Router(config-if)#do sh ip route vrf NEW-FORMAT

Routing Table: NEW-FORMAT
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets
C 10.2.2.0 is directly connected, FastEthernet0/1
Router(config-if)#do sh ipv6 route vrf NEW-FORMAT
IPv6 Routing Table - NEW-FORMAT - 3 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C FC00:2222:2222::/64 [0/0]
via FastEthernet0/1, directly connected
L FC00:2222:2222::2/128 [0/0]
via FastEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive
Router(config-if)#


Finally it's all right, ip and ipv6 addresses are in the vrf routing table, I'm still asking myself what is the purpose of global route-targets...

:-)
Fortunately, seems that they have modified in the 15.0 IOS version. The above tests was on my 12.4T rack, when tryed with dynamips on 15.0...

RackVR1(config)#vrf definition TEST
RackVR1(config-vrf)#rd 1:1
RackVR1(config-vrf)#route-target both 1:1

RackVR1(config)#int f 2/0
RackVR1(config-if)#vrf forwarding TEST
% Cannot configure VRF forwarding since no address family configuration exists in this VRF TEST; Please configure address family first
RackVR1(config-if)#do sh ver
Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.0(1)M, RELEASE SOFTWARE (fc2)
...



Marco

Ps: by the way.. I'm back.

1 comment:

T@Vo said...

Thanks a lot !
Your explanation was very helpful for me.