GRE Tunnel with VRF Configuration Example

Similar documents
IPv6 Tunnel through an IPv4 Network

Basic Router Configuration

Lab - Troubleshooting Connectivity Issues

Management IP Interface

Route Leaking in MPLS/VPN Networks

Layer3 VPN with OSPF Protocol between CE-PE

Implementing Tunneling for IPv6

Implement Static Routes for IPv6 Configuration Example

Configuring GRE Tunnel Over Cable

Troubleshoot interface down issues in Cisco routers

Adjust Administrative Distance for Route Selection in Cisco IOS Routers Configuration Example

Troubleshooting LSP Failure in MPLS VPN

Ethernet over GRE Tunnels

Implementing Tunnels. Finding Feature Information

IPsec Virtual Tunnel Interfaces

Failover with EIGRP Using VRF Configuration Example

Chapter 5 Lab 5-1, Configure and Verify Path Control

Configuring IRB. Integrated Routing and Bridging CHAPTER

1 of :22

MPLS VPN Multipath Support for Inter-AS VPNs

BGP-MVPN SAFI 129 IPv6

MPLS VPN Half-Duplex VRF

Configuring IPv6 VPN Provider Edge over MPLS (6VPE)

Inverse MUX Application using Multilink PPP

BGP Best External. Finding Feature Information

MPLS over GRE. Finding Feature Information. Prerequisites for MPLS VPN L3VPN over GRE

Chapter 5 Lab 5-1, Configure and Verify Path Control Using PBR. Topology. Objectives. Background. Required Resources. CCNPv7 ROUTE

MPLS VPN--Inter-AS Option AB

Easy Virtual Network Configuration Example

Layer3 VPN with RIP protocol between CE-PE

OSPF Support for Multi-VRF on CE Routers

Configuring Scalable Hub-and-Spoke MPLS VPNs

CCNA Semester 2 labs. Part 2 of 2 Labs for chapters 8 11

Generic Routing Encapsulation

MPLS VPN Inter-AS Option AB

Lab Viewing Network Device MAC Addresses

What Bytes Are Counted by IP to ATM CoS Queueing?

MPLS Troubleshooting. Contents. Prerequisites. Document ID: Requirements. Components Used

This document is not restricted to specific software and hardware versions.

Configuring Virtual Interfaces

CCNA Practice test. 2. Which protocol can cause high CPU usage? A. NTP B. WCCP C. Telnet D. SNMP Answer: D

Lab - Configuring Basic Single-Area OSPFv2

Multiprotocol Label Switching Virtual Private Network

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

Configuring PPPoE Client on the Cisco 2600 to Connect to a Non Cisco DSL CPE

Configuring Easy Virtual Network Shared Services

BGP mvpn BGP safi IPv4

LAB5: OSPF IPv4. OSPF: Stub. Disclaimer

Chapter 7 Lab 7-2, Using the AS_PATH Attribute

MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution

Contents. Introduction. Prerequisites. Requirements

MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution

Using Setup Mode to Configure a Cisco Networking Device

Using Setup Mode to Configure a Cisco Networking Device

Configuration and Management of Networks

Manually Configured IPv6 over IPv4 Tunnels

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

Configuring Redundant Routing on the VPN 3000 Concentrator

Chapter 8 Lab 8-3, Configuring 6to4 Tunnels

Multi-VRF Support. Finding Feature Information. Prerequisites for Multi-VRF Support

BGP Event-Based VPN Import

MPLS VPN over mgre. Finding Feature Information. Last Updated: November 1, 2012

Chapter 7 Lab 7-1, Configuring BGP with Default Routing

Configuring Link Aggregation on the ML-MR-10 card

EIGRP Lab / lo1. .1 lo / /30

BGP Support for IP Prefix Export from a VRF Table into the Global Table

IPv6 Switching: Provider Edge Router over MPLS

The objective of this lab is to become familiar with Cisco switches as well as the Spanning Tree Protocol.

Lab QoS Manually Configured Frame Relay Traffic Shaping

MPLS for R&S CCIE Candidates

ibgp Multipath Load Sharing

The information in this document is based on Cisco IOS Software Release 15.4 version.

Flow-Based Redirect. Finding Feature Information

IPv6 Switching: Provider Edge Router over MPLS

Configuring BGP: RT Constrained Route Distribution

The configuration of the router at the initial stage was fairly simple (quoting only significant commands, not the entire config):

Configuring T1/E1 Interfaces

Flow-Based Redirect. Finding Feature Information

RealCiscoLAB.com. Chapter 6 Lab 6-2, Using the AS_PATH Attribute. Topology. Objectives. Background. CCNPv6 ROUTE

Configuring MPLS and EoMPLS

Adapted from the Synchronization example in g/case/studies/icsbgp4.html

Contents. Configuring GRE 1

Peter, Please approve us apply a new ISP connection to separate with CCA for ccahalmar. The bandwidth is 100M.

Chapter 3: Using Maintenance & Troubleshooting Tools and Applications

Lab 3.5.1: Basic Frame Relay

UniNets MPLS LAB MANUAL MPLS. UNiNets Multiprotocol label Switching MPLS LAB MANUAL. UniNets MPLS LAB MANUAL

Contents. Configuring GRE 1

Configuring T1/E1 Interfaces

Lab Advanced Telnet Operations Instructor Version 2500

ibgp Multipath Load Sharing

MPLS VPN: VRF Selection Based on Source IP Address

CONFIGURING DYNAMIC MULTIPOINT VPN SPOKE ROUTER IN FULL MESH IPSEC VPN USING SECURITY DEVICE MANAGER

CIS 83 LAB 3 - EIGRP Rich Simms September 23, Objective. Scenario. Topology

Configuring IS IS over IPv6

IS-IS Hello Padding Behavior

MPLS LSP Ping, Traceroute, and AToM VCCV

Troubleshooting Input Drops on ATM Router Interfaces

Distance vector Routing protocols. 2000, Cisco Systems, Inc. 9-1

Address Resolution Protocol

Transcription:

GRE Tunnel with VRF Configuration Example Document ID: 46252 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations Verify Troubleshoot Caveats Related Information Introduction This document provides a sample configuration for a VPN routing and forwarding (VRF) instance under a generic routing encapsulation (GRE) tunnel interface Prerequisites Requirements Before you attempt this configuration, ensure that you meet these requirements: Readers of this document should have knowledge of these topics: Configuring Multiprotocol Label Switching MPLS Virtual Private Networks Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership Components Used The information in this document is based on Cisco IOS Software Release 123(4)T1 on 3725 Series routers Use Cisco Feature Navigator II (registered customers only) and search for the GRE Tunnel IP Source and Destination VRF Membership feature, to obtain additional software and hardware requirements that you need The information in this document was created from the devices in a specific lab environment All of the devices used in this document started with a cleared (default) configuration If your network is live, make sure that you understand the potential impact of any command Conventions For more information on document conventions, refer to the Cisco Technical Tips Conventions

Configure In this section, you are presented with the information to configure the features described in this document The configuration is set up in this way: R1 CE and R2 CE are located in VRF BLUE R1 CE is also located in VRF GREEN through the use of a GRE tunnel to R3 PE R1 CE uses a static host route to get to R3 PE (tunnel destination), which ensures that recursive routing does not occur for the GRE tunnel (learning the tunnel destination address through the tunnel) VRF BLUE and VRF GREEN are owned by two different companies, and no route leaks occur between them In addition, the access control list (ACL) on the interface between R1 CE and R2 CE can be used to only permit GRE traffic between them Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) Network Diagram This document uses this network setup: Figure 1 Physical Topology Figure 2 Logical VRF Topology

Configurations This document uses these configurations: R3 PE R4 PE R1 CE R2 CE R5 CE R6 CE R3 PE# show running config R3 PE (Tunnel Endpoint) ip vrf blue rd 1:1 route target export 311:311 route target import 411:411 ip vrf green rd 2:2 route target export 322:322 route target import 422:422 ip cef interface Tunnel0 ip vrf forwarding green ip address 2002002003 2552552550 tunnel source Ethernet0/0 tunnel destination 1010101 tunnel vrf blue Tunnel 0 is part of VRF GREEN; but it uses the tunnel destination and source addresses from the routing table of VRF BLUE, because of this tunnel vrf blue command ip vrf forwarding blue ip address 2020203 2552552550

Connection to the VRF BLUE network and the VRF GREEN network using the GRE tunnel interface Ethernet1/0 ip address 3030303 2552552550 tag switching ip router bgp 1 no bgp default ipv4 unicast bgp log neighbor changes neighbor 3030304 remote as 1 address family vpnv4 neighbor 3030304 activate neighbor 3030304 s community exted address family ipv4 vrf green redistribute connected no auto summary no synchronization address family ipv4 vrf blue redistribute connected no auto summary no synchronization ip route vrf blue 1010101 255255255255 2020202 Static Host route to ensure that recursive routing does not occur no ip http server R4 PE# show running config R4 PE ip vrf blue rd 1:1 route target export 411:411 route target import 311:311 ip vrf green rd 2:2 route target export 422:422 route target import 322:322 ip cef

ip address 3030304 2552552550 tag switching ip interface Ethernet1/0 ip vrf forwarding green ip address 1001001004 2552552550 interface Ethernet2/0 ip vrf forwarding blue ip address 4040404 2552552550 router bgp 1 no bgp default ipv4 unicast bgp log neighbor changes neighbor 3030303 remote as 1 address family vpnv4 neighbor 3030303 activate neighbor 3030303 s community exted address family ipv4 vrf green redistribute connected no auto summary no synchronization address family ipv4 vrf blue redistribute connected no auto summary no synchronization R1 CE# show running config R1 CE (Tunnel Endpoint) ip cef interface Tunnel0 ip address 2002002001 2552552550 tunnel source Ethernet0/0 tunnel destination 2020203 Both the tunnel source and destination address are in the VRF BLUE, to provide transport for the VRF GREEN network description Connection to R2 CE router ip address 1010101 2552552550 ip access group 100 in ip access group 100 out

Access group to allow only GRE packets through the R2 CE network However, R1 CE networks data is in the GRE packet ip route 0000 0000 Tunnel0 ip route 2020203 255255255255 1010102 Static Host route to ensure that recursive routing does not occur no ip http server access list 100 permit gre host 1010101 host 2020203 access list 100 permit gre host 2020203 host 1010101 Permits only GRE packets between the points R2 CE# show running config R2 CE ip cef description Connection to R1 CE router ip address 1010102 2552552550 ip access group 100 in ip access group 100 out interface Ethernet1/0 ip address 2020202 2552552550 ip route 0000 0000 2020203 no ip http server access list 100 permit gre host 1010101 host 2020203 access list 100 permit gre host 2020203 host 1010101 Permits only GRE packets between the points R5 CE# show running config R5 CE

ip address 1001001005 2552552550 ip route 0000 0000 1001001004 no ip http server R6 CE# show running config R6 CE ip address 4040406 2552552550 ip route 0000 0000 4040404 no ip http server Verify This section provides information you can use to confirm your configuration is working properly Certain show commands are supported by the Output Interpreter Tool (registered customers only), which allows you to view an analysis of show command output show ip route, show ip route vrf Issue these commands on the tunnel points to ensure that the tunnel destination is reachable This ensures that the tunnel interface will come up ping Issue this command from the other of the CE to ensure that the tunnels are reachable from the CE show ip bgp vpnv4 all labels Issue this command on the PE devices to view the VPN labels distributed for each prefix via Border Gateway Protocol (BGP) to other PE devices R3 PE# show ip route vrf blue 1010101 Routing entry for 1010101/32 Known via "static", distance 1, metric 0 Routing Descriptor Blocks: * 2020202 Route metric is 0, traffic share count is 1 R3 PE# show ip route vrf green Routing Table: green

Codes: C connected, S static, R RIP, M mobile, B BGP D EIGRP, EX EIGRP external, O OSPF, IA OSPF inter area N1 OSPF NSSA external type 1, N2 OSPF NSSA external type 2 E1 OSPF external type 1, E2 OSPF external type 2 i IS IS, su IS IS summary, L1 IS IS level 1, L2 IS IS level 2 ia IS IS inter area, * candidate default, U per user static route o ODR, P periodic downloaded static route Gateway of last resort is not set C 2002002000/24 is directly connected, Tunnel0 100000/24 is subnetted, 1 subnets B 1001001000 [200/0] via 3030304, 01:11:45 R3 PE# show interfaces tunnel 0 Tunnel0 is up, line protocol is up Hardware is Tunnel Internet address is 2002002003/24 MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 2020203 (Ethernet0/0), destination 1010101 Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled Tunnel TTL 255 Checksumming of packets disabled, fast tunneling enabled Last input 00:44:05, output 00:26:16, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/0 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 105 packets input, 11964 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 83 packets output, 10292 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out R3 PE# show ip bgp vpnv4 all labels Network Next Hop In label/out label Route Distinguisher: 1:1 (blue) 2020200/24 0000 16/aggregate(blue) Route Distinguisher: 2:2 (green) 1001001000/24 3030304 nolabel/16 2002002000 0000 17/aggregate(green) R4 PE# show ip route vrf blue Routing Table: blue Codes: C connected, S static, R RIP, M mobile, B BGP D EIGRP, EX EIGRP external, O OSPF, IA OSPF inter area N1 OSPF NSSA external type 1, N2 OSPF NSSA external type 2 E1 OSPF external type 1, E2 OSPF external type 2 i IS IS, su IS IS summary, L1 IS IS level 1, L2 IS IS level 2 ia IS IS inter area, * candidate default, U per user static route o ODR, P periodic downloaded static route Gateway of last resort is not set 20000/24 is subnetted, 1 subnets B 2020200 [200/0] via 3030303, 01:14:05

R4 PE# show ip route vrf green Routing Table: green Codes: C connected, S static, R RIP, M mobile, B BGP D EIGRP, EX EIGRP external, O OSPF, IA OSPF inter area N1 OSPF NSSA external type 1, N2 OSPF NSSA external type 2 E1 OSPF external type 1, E2 OSPF external type 2 i IS IS, su IS IS summary, L1 IS IS level 1, L2 IS IS level 2 ia IS IS inter area, * candidate default, U per user static route o ODR, P periodic downloaded static route Gateway of last resort is not set B 2002002000/24 [200/0] via 3030303, 01:14:10 100000/24 is subnetted, 1 subnets C 1001001000 is directly connected, Ethernet1/0 R1 CE# show ip route 2020203 Routing entry for 2020203/32 Known via "static", distance 1, metric 0 Routing Descriptor Blocks: * 1010102 Route metric is 0, traffic share count is 1 R1 CE# show interfaces tunnel 0 Tunnel0 is up, line protocol is up Hardware is Tunnel Internet address is 2002002001/24 MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 1010101 (Ethernet0/0), destination 2020203 Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled Tunnel TTL 255 Checksumming of packets disabled, fast tunneling enabled Last input 00:26:57, output 00:26:57, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/0 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 83 packets input, 10292 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 106 packets output, 12088 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out R5 CE# ping 2002002001 Type escape sequence to abort Sing 5, 100 byte ICMP Echos to 2002002001, timeout is 2 seconds: Success rate is 100 percent (5/5), round trip min/avg/max = 40/54/80 ms R5 CE# ping 2002002003 Type escape sequence to abort Sing 5, 100 byte ICMP Echos to 2002002003, timeout is 2 seconds: Success rate is 100 percent (5/5), round trip min/avg/max = 20/36/72 ms

Troubleshoot There is currently no specific troubleshooting information available for this configuration Caveats These known caveats are identified for the configuration of this feature You can use the Bug Toolkit (registered customers only) to search for bugs CSCea81266 (registered customers only) Resolved (R) GRE: Traffic stops flowing after clear ip route * CSCdx74855 (registered customers only) Resolved (R) Can not ping IP address of local GRE tunnel interface CSCdx57718 (registered customers only) Resolved (R) IP packet loss in GRE tunnel when Cisco Express Forwarding (CEF) disabled on outgoing interface Related Information MPLS Technology Support Page Technical Support & Documentation Cisco Systems Contacts & Feedback Help Site Map 2014 2015 Cisco Systems, Inc All rights reserved Terms & Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems, Inc Updated: Jan 16, 2006 Document ID: 46252

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback