enabling VRF lite

Is there any difference between having a routed interface in the global table as opposed to in a VRF that I should keep in mind? Besides "capability vrf-lite" under OSPF, is there anything that could prevent either data packets from coming through or prevents routing protocols from working?

Comments

  • That's pretty open ended :)  I think that almost everything works the same as far as protocols.  Some of the management functions are not VRF aware in older versions of code.  AFAIK.

  • Yeah. Is there any reason I wouldn't be able to ping the remote address on the link if my interface is in a VRF, but it works fine if in the global table "ping vrf FOO 1.1.1.2" vs "ping 1.1.1.2"?

  • I would have to see your whole config.  It should work the same depending on your configuration.  On older versions of code you have to enable ip cef, but I think this only affects MPLS not VRF-Lite.

  • actually, anyone has a senario to show how capability vrf-lite work, I did a quick lab and the "capability vrf-lite" doesn't seem make any difference,

    R7-R6 (PE)----R3 (PE)--R1(CE)--R2(CE)

     

    R3 redistribute mp-bgp into ospf; R1 has vrf-lite set up to R3 and R2 and running ospf; R2 running ospf (no vrf lite setup), I was expect that without "capability vrf-lite" on R1, R2 won't receive the route (summary route) from R7 since the down bit is set by R3; but R2 always get the R7's route from R1 even though the down bit is set. Did I understand it wrong?

    R1 configure, note that "capability vrf-lite" not configured,

    interface FastEthernet0/0.12
     encapsulation dot1Q 12
     ip vrf forwarding ABC
     ip address 12.1.1.1 255.255.255.0
     ip ospf cost 65535
    !
    interface FastEthernet0/0.13
     encapsulation dot1Q 13
     ip vrf forwarding ABC
     ip address 13.1.1.1 255.255.255.0
    !

    router ospf 12 vrf ABC
     log-adjacency-changes
     network 12.1.1.1 0.0.0.0 area 0
     network 13.1.1.1 0.0.0.0 area 0

    On R2, see the R7 route (7.7.7.7/32) as summary route,

    show ip route,

    O IA    7.7.7.7 [110/65556] via 12.1.1.1, 00:03:15, FastEthernet0/0.12

     

    note this route has downbit set,

    R2#show ip ospf database summary 7.7.7.7

                OSPF Router with ID (24.1.1.2) (Process ID 12)

                    Summary Net Link States (Area 0)

      Routing Bit Set on this LSA
      LS age: 1777
      Options: (No TOS-capability, DC, Downward)
      LS Type: Summary Links(Network)
      Link State ID: 7.7.7.7 (summary Network Number)
      Advertising Router: 3.3.3.3
      LS Seq Number: 80000005
      Checksum: 0xCABA
      Length: 28
      Network Mask: /32
            TOS: 0  Metric: 11

    shouldn't this route with down bit set dropped by the R1 unless "capability vrf-lite" is configured?

     

  • "capability vrf-lite" is used to filter from ospf database to routing table, not to filter LSAs between neighbors.

    The database is always synced.

     

    So, check the routing table on R1.

     

    (disclaimer: I'm a bit woozy from fever at the moment, so I may have it wrong)

  • You are right!

    The routing table of R1 doesn't have R7's route, though it is in the ospf database.

    For me, this explains everything! Much appreciated.

     

  • No problem.

    That's the thing with OSPF. The ultimate truth. LSAs aren't filtered within an area. (except if you use "neigh 1.1.1.1 database-filter...", and don't do that). Routes aren't "announced". Ever. It's the database that gets synced.

    The database will always be in sync throughout the area (unless it's broken in two or an event just occured). Always.

    The only filtering that's going on is on area borders, and between the routing table and the OSPF database. But all routers always have the same data in their database for that area.

     

    But my original question shouldn't really have anything to do with capability vrf-lite under router ospf, since not even my layer2 was working.

Sign In or Register to comment.