Scribd
Upload
11 views24 pages

Configuring VRF Lite

configurando perotocolo de redes vrf

Uploaded by

Asmine Muquele Suende
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views24 pages

Configuring VRF Lite

configurando perotocolo de redes vrf

Uploaded by

Asmine Muquele Suende
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

Configuring VRF-lite

• Information About VRF-lite, on page 1


• Guidelines for Configuring VRF-lite, on page 2
• How to Configure VRF-lite, on page 3
• Additional Information for VRF-lite, on page 17
• Verifying VRF-lite Configuration, on page 18
• Configuration Examples for VRF-lite, on page 19
• Additional References for VRF-Lite, on page 23
• Feature History and Information for Multicast VRF-lite, on page 23

Information About VRF-lite


VRF-lite is a feature that enables a service provider to support two or more VPNs, where IP addresses can be
overlapped among the VPNs. VRF-lite uses input interfaces to distinguish routes for different VPNs and forms
virtual packet-forwarding tables by associating one or more Layer 3 interfaces with each VRF. Interfaces in
a VRF can be either physical, such as Ethernet ports, or logical, such as VLAN SVIs, but a Layer 3 interface
cannot belong to more than one VRF at any time.

Note VRF-lite interfaces must be Layer 3 interfaces.

VRF-lite includes these devices:


• Customer edge (CE) devices provide customer access to the service provider network over a data link
to one or more provider edge routers. The CE device advertises the site’s local routes to the provider
edge router and learns the remote VPN routes from it. A Cisco Catalyst Switch can be a CE.
• Provider edge (PE) routers exchange routing information with CE devices by using static routing or a
routing protocol such as BGP, RIPv1, or RIPv2.
The PE is only required to maintain VPN routes for those VPNs to which it is directly attached, eliminating
the need for the PE to maintain all of the service provider VPN routes. Each PE router maintains a VRF
for each of its directly connected sites. Multiple interfaces on a PE router can be associated with a single
VRF if all of these sites participate in the same VPN. Each VPN is mapped to a specified VRF. After
learning local VPN routes from CEs, a PE router exchanges VPN routing information with other PE
routers by using internal BGP (iBGP).

Configuring VRF-lite
1
Configuring VRF-lite
Guidelines for Configuring VRF-lite

• Provider routers (or core routers) are any routers in the service provider network that do not attach to CE
devices.

With VRF-lite, multiple customers can share one CE. The shared CE maintains separate VRF tables for each
customer and switches or routes packets for each customer based on its own routing table. VRF-lite allows a
CE device to maintain separate VRF tables to extend the privacy and security of a VPN to the branch office.
The following figure displays a configuration where each Cisco Catalyst switch acts as multiple virtual CEs.
Because VRF-lite is a Layer 3 feature, each interface in a VRF must be a Layer 3 interface.
To configure VRF, create a VRF table and specify the Layer 3 interface associated with the VRF.

Guidelines for Configuring VRF-lite


IPv4 and IPv6
• A switch with VRF-lite is shared by multiple customers, and all customers have their own routing tables.
• Because customers use different VRF tables, you can reuse the same IP addresses.
• VRF-lite lets multiple customers share the same physical link between the PE and the CE.
• The Cisco Catalyst switch supports configuring VRF by using physical ports, VLAN SVIs, or a
combination of both. You can connect SVIs through an access port or a trunk port.
• A customer can use multiple VLANs as long because they do not overlap with those of other customers.
A customer’s VLANs are mapped to a specific routing table ID that is used to identify the appropriate
routing tables stored on the switch.
• The Layer 3 TCAM resource is shared between all VRFs. To ensure that any one VRF has sufficient
CAM space, use the maximum routes command.
• A Cisco Catalyst switch using VRF can support one global network and multiple VRFs. The total number
of routes supported is limited by the size of the TCAM.
• A single VRF can be configured for both IPv4 and IPv6.
• If an incoming packet's destination address is not found in the vrf table, the packet is dropped. Also, if
insufficient TCAM space exists for a VRF route, hardware switching for that VRF is disabled and the
corresponding data packets are sent to software for processing.

IPv4 Specific
• The Cisco Catalyst switch supports PIM-SM and PIM-SSM protocols.

IPv6 specific
• VRF-aware OSPFv3, EIGRPv6, and IPv6 static routing are supported.
• VRF-aware IPv6 route applications include: ping, telnet, ssh, tftp, ftp and traceroute. (This list does not
include the management interface, which is handled differently even though you can configure both IPv4
or IPv6 VRF under it.)

Configuring VRF-lite
2
Configuring VRF-lite
How to Configure VRF-lite

How to Configure VRF-lite


This section provides information about configuring VRF-lite.

Configuring VRF-lite for IPv4


This section provides information about configuring VRF-lite for IPv4.

Configuring VRF-Aware Services


IP services can be configured on global interfaces and within the global routing instance. IP services are
enhanced to run on multiple routing instances; they are VRF-aware. Any configured VRF in the system can
be specified for a VRF-aware service.
VRF-aware services are implemented in platform-independent modules. VRF provides multiple routing
instances in Cisco IOS. Each platform has its own limit on the number of VRFs it supports.
VRF-aware services have the following characteristics:
• The user can ping a host in a user-specified VRF.
• ARP entries are learned in separate VRFs. The user can display Address Resolution Protocol (ARP)
entries for specific VRFs.

Configuring the User Interface for ARP

Procedure

Command or Action Purpose


Step 1 show ip arp vrf vrf-name Displays the ARP table (static and dynamic
entries) in the specified VRF.
Example:
Device# show ip arp vrf vrf-name

Step 2 arp vrf vrf-name ip-address mac-address ARPA Creates a static ARP entry in the specified VRF.
Example:
Device(config)# arp vrf vrf-name
ip-address mac-address ARPA

Configuring Per-VRF for TACACS+ Servers


The per-VRF for TACACS+ servers feature enables you to configure per-virtual route forwarding (per-VRF)
authentication, authorization, and accounting (AAA) on TACACS+ servers.
You can create the VRF routing table (shown in Steps 3 and 4) and configure the interface (Steps 6, 7, and
8). The actual configuration of per-VRF on a TACACS+ server is done in Steps 10 through 13.

Before you begin


Before configuring per-VRF on a TACACS+ server, you must have configured AAA and a server group.

Configuring VRF-lite
3
Configuring VRF-lite
Configuring Per-VRF for TACACS+ Servers

Procedure

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode. Enter your
password if prompted.
Example:
Device> enable

Step 2 configure terminal Enters global configuration mode.


Example:
Device# configure terminal

Step 3 ip vrf vrf-name Configures a VRF table and enters VRF


configuration mode.
Example:
Device(config)# ip vrf vrf-name

Step 4 rd route-distinguisher Creates routing and forwarding tables for a


VRF instance.
Example:
Device(config-vrf)# rd
route-distinguisher

Step 5 exit Exits VRF configuration mode.


Example:
Device(config-vrf)# exit

Step 6 interface interface-name Configures an interface and enters interface


configuration mode.
Example:
Device(config)# interface interface-name

Step 7 vrf forwarding vrf-name Configures a VRF for the interface.


Example:
Device(config-if)# vrf forwarding
vrf-name

Step 8 ip address ip-address mask [secondary] Sets a primary or secondary IP address for an
interface.
Example:
Device(config-if)# ip address ip-address
mask [secondary]

Step 9 exit Exits interface configuration mode.


Example:
Device(config-vrf)# exit

Step 10 aaa group server tacacs+ group-name Groups different TACACS+ server hosts into
distinct lists and distinct methods and enters
Example:
server-group configuration mode.
Device(config)# aaa group server tacacs+
tacacs1

Configuring VRF-lite
4
Configuring VRF-lite
Configuring Multicast VRFs

Command or Action Purpose


Step 11 server-private {ip-address | name} [nat] Configures the IP address of the private
[single-connection] [port port-number] TACACS+ server for the group server.
[timeout seconds] [key [0 | 7] string]
Example:
Device(config-sg-tacacs+)#
server-private 10.1.1.1 port 19 key
cisco

Step 12 vrf forwarding vrf-name Configures the VRF reference of a AAA


TACACS+ server group.
Example:
Device(config-sg-tacacs+)# vrf
forwarding vrf-name

Step 13 ip tacacs source-interface subinterface-name Uses the IP address of a specified interface for
all outgoing TACACS+ packets.
Example:
Device(config-sg-tacacs+)# ip tacacs
source-interface subinterface-name

Step 14 exit Exits server-group configuration mode.


Example:
Device(config-sg-tacacs)# exit

Example
The following example lists all the steps to configure per-VRF TACACS+:
Device> enable
Device# configure terminal
Device(config)# ip vrf cisco
Device(config-vrf)# rd 100:1
Device(config-vrf)# exit
Device(config)# interface Loopback0
Device(config-if)# vrf forwarding cisco
Device(config-if)# ip address 10.0.0.2 255.0.0.0
Device(config-if)# exit
Device(config-sg-tacacs+)# vrf forwarding cisco
Device(config-sg-tacacs+)# ip tacacs source-interface Loopback0
Device(config-sg-tacacs)# exit

Configuring Multicast VRFs

Procedure

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.
Example:
Device# configure terminal

Configuring VRF-lite
5
Configuring VRF-lite
Configuring Multicast VRFs

Command or Action Purpose


Step 2 ip routing Enables IP routing.
Example:
Device(config)# ip routing

Step 3 ip vrf vrf-name Configures a VRF table and enters VRF


configuration mode.
Example:
Device(config)# ip vrf vrf-name

Step 4 ip multicast-routing vrf vrf-name (Optional) Enables global multicast routing


for VRF table.
Example:
Device(config-vrf)# ip multicast-routing
vrf vrf-name

Step 5 rd route-distinguisher Creates a VRF table by specifying a route


distinguisher. Enter either an AS number and
Example:
an arbitrary number (xxx:y) or an IP address
Device(config-vrf)# rd and arbitrary number (A.B.C.D:y).
route-distinguisher

Step 6 route-target {export | import | both} Creates a list of import, export, or import and
route-target-ext-community export route target communities for the
specified VRF. Enter either an AS system
Example:
number and an arbitrary number (xxx:y) or an
Device(config-vrf)# route-target {export IP address and an arbitrary number
| import | both}
route-target-ext-community (A.B.C.D:y).
The route-target-ext-community value should
be the same as the route-distinguisher value
entered in Step 4.

Step 7 import map route-map (Optional) Associates a route map with the
VRF.
Example:
Device(config-vrf)# import map route-map

Step 8 interface interface-id Enters interface configuration mode and


specifies the Layer 3 interface to be associated
Example:
with the VRF. The interface can be a routed
Device(config)# interface interface-id port or a SVI.

Step 9 vrf forwarding vrf-name Associates the VRF with the Layer 3 interface.
Example:
Device(config-if)# vrf forwarding
vrf-name

Step 10 ip address ip-address mask Configures IP address for the Layer 3 interface.
Example:
Device(config-if)# ip address ip-address
mask

Configuring VRF-lite
6
Configuring VRF-lite
Configuring IPv4 VRFs

Command or Action Purpose


Step 11 ip pim sparse-mode Enables PIM on the VRF-associated Layer 3
interface.
Example:
Device(config-if)# ip pim sparse-mode

Step 12 end Returns to privileged EXEC mode.


Example:
Device(config-if)# end

Step 13 show ip vrf [brief | detail | interfaces] Verifies the configuration. Display information
[vrf-name] about the configured VRFs.
Example:
Device# show ip vrf brief

Step 14 copy running-config startup-config (Optional) Saves your entries in the


configuration file.
Example:
Device# copy running-config
startup-config

Example
The following example shows how to configure multicast within a VRF table:

Device(config)# ip routing
Device(config)# ip vrf multiVrfA
Device(config-vrf)# ip multicast-routing vrf multiVrfA
Device(config-vrf)# interface GigabitEthernet3/1/0
Device(config-if)# vrf forwarding multiVrfA
Device(config-if)# ip address 172.21.200.203 255.255.255.0
Device(config-if)# ip pim sparse-mode

Configuring IPv4 VRFs

Procedure

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.
Example:
Device# configure terminal

Step 2 ip routing Enters global configuration mode.


Example:
Device# configure terminal

Configuring VRF-lite
7
Configuring VRF-lite
Configuring IPv4 VRFs

Command or Action Purpose


Step 3 ip vrf vrf-name Names the VRF and enters VRF configuration
mode.
Example:
Device(config)# ip vrf vrf-name

Step 4 rd route-distinguisher Creates a VRF table by specifying a route


distinguisher. Enter either an Autonomous
Example:
System number number and an arbitrary
Device(config-vrf)# rd number (xxx:y) or an IP address and arbitrary
route-distinguisher
number (A.B.C.D:y).

Step 5 route-target {export | import | both} Creates a list of import, export, or import and
route-target-ext-community export route target communities for the
specified VRF. Enter either an AS system
Example:
number and an arbitrary number (xxx:y) or an
Device(config-vrf)# route-target {export IP address and an arbitrary number
| import | both}
route-target-ext-community (A.B.C.D:y).

Step 6 import map route-map (Optional) Associates a route map with the
VRF.
Example:
Device(config-vrf)# import map route-map

Step 7 interface interface-id Enters interface configuration mode and


specify the Layer 3 interface to be associated
Example:
with the VRF. The interface can be a routed
Device(config-vrf)# interface port or SVI.
interface-id

Step 8 vrf forwarding vrf-name Associates the VRF with the Layer 3 interface.
Example:
Device(config-if)# vrf forwarding
vrf-name

Step 9 end Returns to privileged EXEC mode.


Example:
Device(config-if)# end

Step 10 show ip vrf [brief | detail | interfaces] Verifies the configuration. Displays
[vrf-name] information about the configured VRFs.
Example:
Device# show ip vrf [brief | detail |
interfaces] [vrf-name]

Step 11 copy running-config startup-config (Optional) Saves your entries in the


configuration file.
Example:
Device# copy running-config Use the no ip vrf vrf-name global
startup-config configuration command to delete a VRF and
to remove all interfaces from it. Use the no vrf

Configuring VRF-lite
8
Configuring VRF-lite
Configuring VRF-lite for IPv6

Command or Action Purpose


forwarding interface configuration command
to remove an interface from the VRF.

Configuring VRF-lite for IPv6


This section provides information about configuring VRF-lite for IPv6.

Configuring VRF-Aware Services


IPv6 services can be configured on global interfaces and within the global routing instance. IPv6 services are
enhanced to run on multiple routing instances; they are VRF-aware. Any configured VRF in the system can
be specified for a VRF-aware service.
VRF-aware services are implemented in platform-independent modules. VRF provides multiple routing
instances in Cisco IOS. Each platform has its own limit on the number of VRFs it supports.
VRF-aware services have the following characteristics:
• The user can ping a host in a user-specified VRF.
• Neighbor Discovery entries are learned in separate VRFs. The user can display Neighbor Discovery
(ND) entries for specific VRFs.

The following services are VRF-aware:


• Ping
• Unicast Reverse Path Forwarding (uRPF)
• Traceroute
• FTP and TFTP
• Telnet and SSH
• NTP

Configuring the User Interface for PING


Perform the following task to configure a VRF-aware ping:

Procedure

Command or Action Purpose


Step 1 ping vrf vrf-name ipv6-host Pings an IPv6 host or address in the specified
VRF.
Example:
Device# ping vrf vrf-name ipv6-host

Configuring the User Interface for uRPF


You can configure uRPF on an interface assigned to a VRF. Source lookup is performed in the VRF table

Configuring VRF-lite
9
Configuring VRF-lite
Configuring the User Interface for Traceroute

Procedure

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.
Example:
Device# configure terminal

Step 2 interface interface-id Enters interface configuration mode and


specifies the Layer 3 interface to configure.
Example:
Device(config)# interface interface-id

Step 3 no switchport Removes the interface from Layer 2


configuration mode if it is a physical interface.
Example:
Device(config-if)# no switchport

Step 4 vrf forwarding vrf-name Configures VRF on the interface.


Example:
Device(config-if)# vrf forwarding
vrf-name

Step 5 ipv6 address ip-address subnet-mask Enters the IPv6 address for the interface.
Example:
Device(config-if)# ip address ip-address
mask

Step 6 ipv6 verify unicast source reachable-via rx Enables uRPF on the interface.
allow-default
Example:
Device(config-if)# ipv6 verify unicast
source reachable-via
rx allow-default

Step 7 end Returns to privileged EXEC mode.


Example:
Device(config-if)# end

Configuring the User Interface for Traceroute

Procedure

Command or Action Purpose


Step 1 traceroute vrf vrf-name ipv6address Specifies the name of a VPN VRF in which to
find the destination address.
Example:
Device# traceroute vrf vrf-name
ipv6address

Configuring VRF-lite
10
Configuring VRF-lite
Configuring the User Interface for Telnet and SSH

Configuring the User Interface for Telnet and SSH

Procedure

Command or Action Purpose


Step 1 telnet ipv6-address/vrf vrf-name Connects through Telnet to an IPv6 host or
address in the specified VRF.
Example:
Device# telnet ipv6-address/vrf vrf-name

Step 2 ssh -l username -vrf vrf-name ipv6-host Connects through SSH to an IPv6 host or
address in the specified VRF.
Example:
Device# ssh -l username -vrf vrf-name
ipv6-host

Configuring the User Interface for NTP

Procedure

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.
Example:

Device# configure terminal

Step 2 ntp server vrf vrf-name ipv6-host Configure the NTP server in the specified VRF.
Example:
Device(config)# ntp server vrf vrf-name
ipv6-host

Step 3 ntp peer vrf vrf-name ipv6-host Configure the NTP peer in the specified VRF.
Example:
Device(config)# ntp peer vrf vrf-name
ipv6-host

Configuring IPv6 VRFs

Procedure

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.
Example:
Device# configure terminal

Configuring VRF-lite
11
Configuring VRF-lite
Configuring IPv6 VRFs

Command or Action Purpose


Step 2 vrf definition vrf-name Names the VRF and enters VRF configuration
mode.
Example:
Device(config)# vrf definition vrf-name

Step 3 rd route-distinguisher (Optional) Creates a VRF table by specifying


a route distinguisher. Enter either an
Example:
Autonomous System number and an arbitrary
Device(config-vrf)# rd number (xxx:y) or an IP address and arbitrary
route-distinguisher
number (A.B.C.D:y).

Step 4 address-family ipv4 | ipv6 (Optional) IPv4 by default. Configuration


MUST for IPv6.
Example:
Device(config-vrf)# address-family ipv4
| ipv6

Step 5 route-target {export | import | both} Creates a list of import, export, or import and
route-target-ext-community export route target communities for the
specified VRF. Enter either an AS system
Example:
number and an arbitrary number (xxx:y) or an
Device(config-vrf)# route-target {export IP address and an arbitrary number
| import | both}
route-target-ext-community (A.B.C.D:y).
Note
This command is effective only if BGP is
running.

Step 6 exit-address-family Exits VRF address-family configuration mode


and return to VRF configuration mode.
Example:
Device(config-vrf)# exit-address-family

Step 7 vrf definition vrf-name Enters VRF configuration mode.


Example:
Device(config)# vrf definition vrf-name

Step 8 ipv6 multicast multitopology Enables multicast specific RPF topology.


Example:
Device(config-vrf-af)# ipv6 multicast
multitopology

Step 9 address-family ipv6 multicast Enter multicast IPv6 address-family.


Example:
Device(config-vrf)# address-family ipv6
multicast

Step 10 end Returns to privileged EXEC mode.


Example:
Device(config-vrf-af)# end

Configuring VRF-lite
12
Configuring VRF-lite
Associating Interfaces to the Defined VRFs

Example
This example shows how to configure VRFs:

Device(config)# vrf definition red


Device(config-vrf)# rd 100:1
Device(config-vrf)# address family ipv6
Device(config-vrf-af)# route-target both 200:1
Device(config-vrf)# exit-address-family
Device(config-vrf)# vrf definition red
Device(config-vrf)# ipv6 multicast multitopology
Device(config-vrf)# address-family ipv6 multicast
Device(config-vrf-af)# end

Associating Interfaces to the Defined VRFs

Procedure

Command or Action Purpose


Step 1 interface interface-id Enters interface configuration mode and specify
the Layer 3 interface to be associated with the
Example:
VRF. The interface can be a routed port or SVI.
Device(config-vrf)# interface
interface-id

Step 2 no switchport Removes the interface from configuration mode


if it is a physical interface.
Example:
Device(config-if)# no switchport

Step 3 vrf forwarding vrf-name Associates the VRF with the Layer 3 interface.
Example:
Device(config-if)# vrf forwarding
vrf-name

Step 4 ipv6 enable Enable IPv6 on the interface.


Example:
Device(config-if)# ipv6 enable

Step 5 ipv6 address ip-address subnet-mask Enters the IPv6 address for the interface.
Example:
Device(config-if)# ipv6 address
ip-address subnet-mask

Step 6 show ipv6 vrf [brief | detail | interfaces] Verifies the configuration. Displays information
[vrf-name] about the configured VRFs.
Example:
Device# show ipv6 vrf [brief | detail |
interfaces] [vrf-name]

Configuring VRF-lite
13
Configuring VRF-lite
Populate VRF with Routes via Routing Protocols

Command or Action Purpose


Step 7 copy running-config startup-config (Optional) Saves your entries in the
configuration file.
Example:
Device# copy running-config
startup-config

Example
This example shows how to associate an interface to VRFs:
Switch(config-vrf)# interface ethernet0/1
Switch(config-if)# vrf forwarding red
Switch(config-if)# ipv6 enable
Switch(config-if)# ipv6 address 5000::72B/64

Populate VRF with Routes via Routing Protocols


This section provides information about populating VRF with routes via routing protocols.

Configuring VRF Static Routes

Procedure

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.
Example:
Device# configure terminal

Step 2 ipv6 route [vrf vrf-name] To configure static routes specific to VRF.
ipv6-prefix/prefix-length {ipv6-address |
interface-type interface-number
[ipv6-address]}
Example:
Device(config)# ipv6 route [vrf vrf-name]
ipv6-prefix/prefix-length {ipv6-address
| interface-type interface-number
[ipv6-address]}

Example
Device(config)# ipv6 route vrf v6a 7000::/64 TenGigabitEthernet32 4000::2

Configuring VRF-lite
14
Configuring VRF-lite
Configuring OSPFv3 Router Process

Configuring OSPFv3 Router Process

Procedure

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.
Example:
Device# configure terminal

Step 2 router ospfv3 process-id Enables OSPFv3 router configuration mode for
the IPv6 address family.
Example:
Device(config)# router ospfv3 process-id

Step 3 area area-ID [default-cot | nssa | stub] Configures the OSPFv3 area.
Example:
Device(config-router)# area area-ID
[default-cot | nssa | stub]

Step 4 router-id router-id Use a fixed router ID.


Example:
Device(config-router)# router-id
router-id

Step 5 address-family ipv6 unicast vrf vrf-name Enters IPv6 address family configuration mode
for OSPFv3 in VRF vrf-name
Example:
Device(config-router)# address-family
ipv6 unicast vrf vrf-name

Step 6 redistribute source-protocol [process-id] Redistributes IPv6 routes from one routing
options domain into another routing domain.
Example:
Device(config-router)# redistribute
source-protocol [process-id] options

Step 7 end Returns to privileged EXEC mode.


Example:
Device(config-router)# end

Example
This example shows how configure the OSPFv3 router process:
Device(config-router)# router ospfv3 1
Device(config-router)# router-id 1.1.1.1
Device(config-router)# address-family ipv6 unicast
Device(config-router-af)# exit-address-family

Configuring VRF-lite
15
Configuring VRF-lite
Enabling OSPFv3 on an Interface

Enabling OSPFv3 on an Interface

Procedure

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.
Example:
Device# configure terminal

Step 2 interface type-number Specifies an interface type and number, and


places the switch in interface configuration
Example:
mode.
Device(config-vrf)# interface type-number

Step 3 ospfv3 process-id area area-ID ipv6 [instance Enables OSPFv3 on an interface with IPv6 AF.
instance-id]
Example:
Device(config-if)# ospfv3 process-id area
area-ID ipv6 [instance instance-id]

Step 4 end Returns to privileged EXEC mode.


Example:
Device(config-if)# end

Example
This example show how to enable OSPFv3 on an interface:
Device(config)# interface GigabitEthernet2/1
Device(config-if)# no switchport
Device(config-if)# ipv6 address 4000::2/64
Device(config-if)# ipv6 enable
Device(config-if)# ipv6 ospf 1 area 0
Device(config-if)# end

Configuring EIGRPv6 Routing Process

Procedure

Command or Action Purpose


Step 1 configure terminal Enters global configuration mode.
Example:
Device# configure terminal

Step 2 router eigrp virtual-instance-name Configures the EIGRP routing process and
enters router configuration mode.
Example:
Device(config)# router eigrp
virtual-instance-name

Configuring VRF-lite
16
Configuring VRF-lite
Additional Information for VRF-lite

Command or Action Purpose


Step 3 address-family ipv6 vrf vrf-name Enables EIGRP IPv6 VRF-Lite and enters
autonomous-system address family configuration mode.
autonomous-system-number
Example:
Device(config-router)# address-family
ipv6 vrf vrf-name autonomous-system
autonomous-system-number

Step 4 topology {base | topology-name tid number Configures an EIGRP process to route IP traffic
under the specified topology instance and enters
Example:
address family topology configuration mode.
Device(config-router-af)# topology {base
| topology-name tid number

Step 5 exit-aftopology Exits address family topology configuration


mode.
Example:
Device(config-router-af-topology)#
exit-aftopology

Step 6 eigrp router-id ip-address Enables the use of a fixed router-id.


Example:
Device(config-router)# eigrp router-id
ip-address

Step 7 end Exits router configuration mode.


Example:
Device(config-router)# end

Example
This example shows how to configure an EIGRP routing process:

Device(config)# router eigrp test


Device(config-router)# address-family ipv6 unicast vrf b1 autonomous-system 10
Device(config-router-af)# topology base
Device(config-router-af-topology)# exit-af-topology
Device(config-router)# eigrp router-id 2.3.4.5
Device(config-router)# exit-address-family

Additional Information for VRF-lite


This section provides additional information about VRF-lite.

Configuring VRF-lite
17
Configuring VRF-lite
VPN Co-existence Between IPv4 and IPv6

VPN Co-existence Between IPv4 and IPv6


Backward compatibility between the “older” CLI for configuring IPv4 and the “new” CLI for IPv6 exists.
This means that a configuration might contain both CLI. The IPv4 CLI retains the ability to have on the same
interface, an IP address defined within a VRF as well as an IPv6 address defined in the global routing table.
For example:
vrf definition red
rd 100:1
address family ipv6
route-target both 200:1
exit-address-family
!
ip vrf blue
rd 200:1
route-target both 200:1
!
interface Ethernet0/0
vrf forwarding red
ip address 50.1.1.2 255.255.255.0
ipv6 address 4000::72B/64
!
interface Ethernet0/1
vrf forwarding blue
ip address 60.1.1.2 255.255.255.0
ipv6 address 5000::72B/64

In this example, all addresses (v4 and v6) defined for Ethernet0/0 refer to VRF red whereas for Ethernet0/1,
the IP address refers to VRF blue but the ipv6 address refers to the global IPv6 routing table.

Verifying VRF-lite Configuration


This section provides steps for verifying VRF-lite configuration.

Displaying IPv4 VRF-lite Status


To display information about VRF-lite configuration and status, perform one of the following tasks:

Command Purpose

Device# show ip protocols vrf vrf-name Displays routing protocol information associated with
a VRF.

Device# show ip route vrf vrf-name Displays IP routing table information associated with
[connected] [protocol a VRF.
[as-number]] [list] [mobile] [odr]
[profile] [static]
[summary][supernets-only]

show ip vrf [brief


Device# | detail | Displays information about the defined VRF instances.
interfaces] [vrf-name]

Configuring VRF-lite
18
Configuring VRF-lite
Configuration Examples for VRF-lite

Command Purpose

Device#bidir vrf instance-name a.b.c.d | Displays information about the defined VRF instances.
active | bidriectional| count |
interface | proxy | pruned | sparse |
ssm | static | summary

This example shows how to display multicast route table information within a VRF instance:
Switch# show ip mroute 226.0.0.2
IP Multicast Routing Table
Flags: S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group, c - PFP-SA cache created entry
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 226.0.0.2), 00:01:17/stopped, RP 1.11.1.1, flags: SJCF


Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Vlan100, Forward/Sparse, 00:01:17/00:02:36

(5.0.0.11, 226.0.0.2), 00:01:17/00:01:42, flags: FT


Incoming interface: Vlan5, RPF nbr 0.0.0.0
Outgoing interface list:
Vlan100, Forward/Sparse, 00:01:17/00:02:36

Configuration Examples for VRF-lite


This section provides configuration examples for VRF-lite.

Configuration Example for IPv6 VRF-lite


The following topology illustrates how to use OSPFv3 for CE-PE routing.

Configuring VRF-lite
19
Configuring VRF-lite
Configuration Example for IPv6 VRF-lite

Figure 1: VRF-lite Configuration Example

Configuring CE1 Switch


ipv6 unicast-routing
vrf definition v1
rd 100:1
!
address-family ipv6
exit-address-family
!

vrf definition v2
rd 200:1
!
address-family ipv6
exit-address-family
!

interface Vlan100
vrf forwarding v1
ipv6 address 1000:1::1/64
ospfv3 100 ipv6 area 0
!

interface Vlan200
vrf forwarding v2
ipv6 address 2000:1::1/64
ospfv3 200 ipv6 area 0
!

interface GigabitEthernet 1/0/1


switchport access vlan 100
end

interface GigabitEthernet 1/0/2


switchport access vlan 200
end

interface GigabitEthernet 1/0/24


switchport trunk encapsulation dot1q

switchport mode trunk


end

router ospfv3 100


router-id 10.10.10.10

Configuring VRF-lite
20
Configuring VRF-lite
Configuration Example for IPv6 VRF-lite

!
address-family ipv6 unicast vrf v1
redistribute connected
area 0 normal
exit-address-family
!

router ospfv3 200


router-id 20.20.20.20
!
address-family ipv6 unicast vrf v2
redistribute connected
area 0 normal
exit-address-family
!

Configuring PE Switch
ipv6 unicast-routing

vrf definition v1
rd 100:1
!
address-family ipv6
exit-address-family
!

vrf definition v2
rd 200:1
!
address-family ipv6
exit-address-family
!
interface Vlan600
vrf forwarding v1
no ipv6 address
ipv6 address 1000:1::2/64
ospfv3 100 ipv6 area 0
!

interface Vlan700
vrf forwarding v2
no ipv6 address
ipv6 address 2000:1::2/64
ospfv3 200 ipv6 area 0
!

interface Vlan800
vrf forwarding v1
ipv6 address 3000:1::7/64
ospfv3 100 ipv6 area 0
!
interface Vlan900
vrf forwarding v2
ipv6 address 4000:1::7/64
ospfv3 200 ipv6 area 0
!

interface GigabitEthernet 1/0/1


switchport trunk encapsulation dot1q
switchport mode trunk
exit

interface GigabitEthernet 1/0/2

Configuring VRF-lite
21
Configuring VRF-lite
Configuration Example for IPv6 VRF-lite

switchport trunk encapsulation dot1q

switchport mode trunk


exit

router ospfv3 100


router-id 30.30.30.30
!
address-family ipv6 unicast vrf v1
redistribute connected
area 0 normal
exit-address-family
!
address-family ipv6 unicast vrf v2
redistribute connected
area 0 normal
exit-address-family
!

Configuring CE2 Switch


ipv6 unicast-routing

vrf definition v1
rd 100:1
!
address-family ipv6
exit-address-family
!

vrf definition v2
rd 200:1
!
address-family ipv6
exit-address-family
!

interface Vlan100
vrf forwarding v1

ipv6 address 1000:1::3/64


ospfv3 100 ipv6 area 0
!

interface Vlan200
vrf forwarding v2
ipv6 address 2000:1::3/64
ospfv3 200 ipv6 area 0
!

interface GigabitEthernet 1/0/1


switchport access vlan 100
end

interface GigabitEthernet 1/0/2


switchport access vlan 200
end

interface GigabitEthernet 1/0/24


switchport trunk encapsulation dot1q
switchport mode trunk
end

router ospfv3 100

Configuring VRF-lite
22
Configuring VRF-lite
Additional References for VRF-Lite

router-id 40.40.40.40
!
address-family ipv6 unicast vrf v1
redistribute connected
area 0 normal
exit-address-family
!

router ospfv3 200


router-id 50.50.50.50
!
address-family ipv6 unicast vrf v2
redistribute connected

area 0 normal
exit-address-family
!

Additional References for VRF-Lite


Related Documents

Related Topic Document Title


For complete syntax and usage information for the See the IP Multicast Routing Commands section of the
commands used in this chapter. Command Reference (Catalyst 9200 Series Switches)

Standards and RFCs

Standard/RFC Title
RFC 6763 DNS-Based Service Discovery

Multicast DNS Internet-Draft Multicast

Feature History and Information for Multicast VRF-lite


The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Feature Name Release Feature Information

IPv6 Multicast support Cisco IOS XE Everest 16.6.1 IPv6 VRF-Lite allows a
with VRF-Lite service provider to
support two or more
VPNs with overlapping IP
addresses using one
interface.

Configuring VRF-lite
23
Configuring VRF-lite
Feature History and Information for Multicast VRF-lite

Configuring VRF-lite
24

You might also like