Multi-vrf ce and ospf domain-tag

Similar Messages

• Multi VRF CE and CoS/QoS

  Looking for some details on do's and dont's for Multi-VRF CE. Also wondering how CoS/QoS is supported. If I want to do CBWFQ on the CE that is supporting Multi-VRF CE can I do it per subinterface to have a policy per VRF?

  It depends on what platform you are using. The 7200 and 7300 do not support CBWFQ on sub-interfaces right now. Ive heard September this year but wont hold my breath. The 12k supports it but only on the E3 card not the 10portgigE4+ card.

• Multi-VRF CE

  Hi,
  I need to know whether we can use the Cisco 2610 router as Multi-VRF C.E. which will be connected to the Cisco 3745 P.E. router (existing) via 786K Serial Connections.
  I need to configure two VRF's (IT & SOM)on the Cisco 2610 (Multi-VRF CE) and Cisco 3745 (P.E.) for the two VPNs.
  Can someone please let me know whether this is a workable solutions?
  Your help is very much appreciated.
  Thanks,

  Hi,
  What is somewhat strange is your statement: "we are using the default encapsulation on the serial interface (i.e. HDLC)".
  Multi-VRF is depending on two things. First the control plane is separated, i.e. you have one separate routing context per VRF. Second you need at least a separate interface per VRF. One interface can only belong to one VRF. You can check this with "sh ip vrf interface" or with "show ip route VRF ". If there is no output then your VRF has no interface and thus no BGP session can be established. In other words: a VRF is much like a separate router - unless it has an interface there will be no communication possible.
  In your case Frame relay would be the natural choice. An example config with two VRFs could look like this:
  ip vrf VRF1
  rd 65000:1
  ip vrf VRF2
  rd 65000:2
  interface Serial0/0
  no ip address
  encapsulation frame-relay
  no keepalive
  interface Serial0/0.100
  ip vrf forwarding VRF1
  ip address 10.1.1.1 255.255.255.252
  frame-relay interface-dlci 100
  interface Serial0/0.200
  ip vrf forwarding VRF1
  ip address 10.2.2.1 255.255.255.252
  frame-relay interface-dlci 200
  router bgp 65000
  address-family ipv4 vrf VRF1
  neighbor 10.1.1.2 remote-as 65100
  no auto-summary
  no synchronization
  exit-address-family
  address-family ipv4 vrf VRF2
  neighbor 10.2.2.2 remote-as 65100
  no auto-summary
  no synchronization
  exit-address-family
  The IPs, interfaces, AS numbers, additional commands etc. need to be adjusted to your environment.
  Hope this helps! Please use the rating system.
  Regards, Martin

• 6PE on Multi-VRF PE Routers?

  I am investigating mechanisms to allow the  migration of an IPv4/MPLS network, carrying VPNs, to use IPv6. I have a core of P routers,  running IOS 12.4, connecting to PE routers, also running 12.4. I am  using OSPF as the IGP, with iBGP in the core. I have static routing  defined between the PEs and the CEs, mostly because it's simple and not  the area of interest. I have two CE routers, one on VRF "Red" and one on  VRF "Blue", on each PE. I can exchange IPv4 data between the CEs on VRF  Red, and between the CEs on VRF Blue, but not between Red and  Blue....what I am describing here is pretty much a standard, multi-VPN  MPLS installation.Now I want to update the network to support  IPv4 and IPv6. I based my changes on 6PE, so added config to the PEs  only to enable IPv6 (with IPv6 addresses added to the CEs and the CE-PE  links), and I can now see from "sho bgp ipv6 uni" that the PEs are  learning unicast prefixes from MP-ibgp, and "sho ipv6 cef  <address> det" shows the forwarding table is being built, so I'm  happy that the IPv6 addresses are advertised correctly on each PE.Now  here's the problem. I can't exchange IPv6 data (I know 6PE doesn't  handle ICMP well, so I'm using telnet rather than ping between CEs to  test, but whereas telnet to an IPv4 address works, telnet to an IPv6   address doesnt). I'm running VRFs, and I want to allow them to operate  for IPv6 as well as IPv4, but I don't think they are, and lots of  documentation suggest that I should be entering something like the  following in my PEs:
  ip vrf Red
  rd 1:100
  route-target export 1:100
  route target import 1:100
  address-family ipv4
  exit-address-family
  address-family ipv6
  exit-address-familyIOS  12.4 won't accept the "address-family" statements in that context, but I  can't see another way to get the vrf to accept both address  families....Have I got the commands completely wrong, or is the  "address family" syntax in the vrf context only available in IOS XR, or  some special version of IOS?Any comments or suggestions would be most welcome!Jim

  Well, that was interesting! Laurent is quite correct, the document gives the necessary information.....BUT, you have to be very picky about the IOS you use, and on what platform the necesary commands are available....for IOS 12.4, I ended up using T-train versions, which in a production environment may be considered "suboptimal". However, the main thing is that with Laurent's answer, I have got the config I needed. Thanks!

• What target address does IPM select if the target IPSLA device is a multi-VRF CE?

  What target address does IPM select if the target IPSLA device is a multi-VRF CE?
  With IPM 4.2.1 it is not possible to select the correct target IP address when configuring a collector between two multi-VRF devices. It looks as if the primary management address for the target device is used in the collector configuration which, of course, belongs in a different VRF entirely.

  One example, and there may be others, is the (free) DynDNS dynamic DNS service which publishes a domain name for the WAN port of your router which can then be resolved, like all other domain names, to the actual IP address of the WAn port of your router. This service provides a solution to the problem of having a proper domain name in cases where your public IP address changes over time. Unless you pay for a static IP address, virtually all ISPs change your public IP address over time.
  So, you can register for a free DynDNS account at www.dyndns.com and that is how you come up with the User: and Password: information; use whatever User and Password you register at dyndns.com with.
  The first part of the hostname you can define as you wish, subject only to someone else having used it previously, and the remaining parts of the domain name might be "dyndns.org" or one of the other domain names provided by the DynDNS service. So, you could publish, via DynDNS, the name of your public IP address as, for example, joehlam.dyndns.org however you might want something less descriptive or more vague.

• Multi-VRF

  Hi.
  I intend to understand what a multi-vrf is, but the bottm line is, I don't seem to understand them very well.
  I was asked about it and I was surprised that I was not able to find an easy way to explain them.
  If you are to explain what a multi-vrf is, how would you do it?
  What are the basic ups and downs?
  Thanks

  Hello Jayson,
  a Multi-VRF CE is a device that has multiple VRFs and is shared between different customers and is generally owned and managed by the service provider.
  From a technical point of view the multi-VRF CE has a subset of the features of an MPLS PE.
  It has the capability to segregate traffic of different customers and to support address overlapping but:
  there is no support of MPLS forwarding so there are only VRF access links both to the customer both to the real MPLS PE.
  There is no support/need of the MP-BGP for address-family Vpnv4.
  The uplink is usually made with an high speed 802.1Q trunk where each vlan carried is mapped to a different VRF/Customer.
  The customer benefits are the sharing of the CE device and of the high speed uplink(s).
  Scalability is the issue in comparison with a real PE:
  a PE with N VRFs can use N+1 interfaces (N access links + 1 MPLS backbone link)
  a multi VRF CE with N VRFs needs 2*N interfaces (for each VRF one link towards the customer and one towards the SP PE)
  The same is true for the routing relationships: on each VRF a different routing relationship exist with PE (it can be eBGP in VRF or IGP OSPF or EIGRP in VRF) while a real PE has one/two BGP relationships with the RRS and this is enough for all defined VRFs.
  Often a Multi-VRF CE is a multilayer switch that can offer high port density at a cheap price.
  Hope to help
  Giuseppe

• Cross-tenant email and split domains - how to set up?

  I've successfully deployed exchange 2010 sp1 in /hosted mode with multi-tenancy and the install is working great. We are running into a problem configuring the send connectors
  for inter domain email and split domains. We have several customers wanting to only put a couple of email accounts on the exchange server and have the rest of their email accounts resolve to a pop server at an external location. Currently I have a internal
  send connector set to relay email between the domains on the server so they can send emails to one another. Directions for this were found at: http://www.zerohoursleep.com/2010/10/step-by-step-starting-with-exchange-2010-sp1-multi-tenant-sending-and-receiving-emails/
  I created the connector: new-SendConnector -Name 'TestOrg' -Usage 'Internal' -AddressSpaces 'SMTP:domain1.com;1','SMTP:domain2.com;1' -IsScopedConnector $false -DNSRoutingEnabled $false -SmartHosts '[127.0.0.1]' -SmartHostAuthMechanism 'None' -UseExternalDNSServersEnabled
  $false -SourceTransportServers 'Exchange' 
  I added all my internal domains to the connector listed above and email is able to flow from one domain to another.
  My problem is we have a number of customers who need split-domains set up where users who arent on the exchange server are relayed to an external server. Example to route unknown users on a domain to google my send connector looks as is: 
  New-SendConnector -Name "Internal Relay - domain1.com" -Custom -AddressSpaces "SMTP:domain1.com;5" -SmartHosts aspmx.l.google.com -SourceTransportServers "server"
  This results in an internal loop error when sending from one internal domain to another. Sending from an external domain everything is fine. If I remove the "internal" connector listed above the split-domain send connector works perfectly fine delivering locally
  and to the external server.
  How can I make it so both send connectors work?

  Hello,
  did you solve the problem and how?
  Thanks,
  Victor
  Exchange and Outlook utilities at
  http://www.ivasoft.com

• Multi-VRF on the same device

  Hi, I have a certain design that I am thinking of implementing however need some help to understand the feasability as well as confirm if it is indeed possible to do it. It is sort of like configuring multi-vrf on the same device and leak routes from them into a global routing table. It seems impractical to do it however if I want to limit connectivity between various vlan's on a L3 level without ACL's this seems the better option. Please do correct me if that is not so.
  Design
  A device which has a number of vlan interfaces on the north side let's say a 6500 configured with a number of vlan's. Each vlan has its own vrf. The SVI interfaces are where I apply the ip vrf forwarding XXX command. This device will be like the PE I assume?
  Now I might be running various routing protocols (EIGRP, RIP, Static, BGP) within these vrf's with the devices on the other end that have no idea about vrf's. Since I have a number of routes I have learnt within their own vrf's I want to either export all these routes into the global table or create a global vrf where I can export all these routes.
  The reason being that I want to propogate all these routes to the south side. The south side interface of this PE 6500 is physically connected to a firewall via a L3 point-to-point interface. That firewall's south interface in turns connects to another switch.
  I am going to form a BGP session with between the Top PE 6500 Switch and the bottom switch and I would like to propogate all the routes that I have in their own individual vrf's on the Top 6500 PE switch to the bottom switch via BGP.
  I don't think I can run MP-BGP due to the firewalls being in the physical path. Besides I would like to run a normal BGP IPv4 session between the top and bottom switch to keep it simple and familiar.
  The reason I would like to have every vlan in its own vrf is to limit connectivity between the vlan's without configuring ACL's. It provides a bit more security between the VLAN's.
  What I am not sure about is how the packet forwarding would work or if it would work at all.
  Thx for your help.

  Hi Vikram,
  Firstly, you mentioned that the reason for going down this path is for security between the different VLANs. Have you looked at Private VLANs as another option?
  Certainly leaking routes between different VRFs can be achieved and I would recommend having a 'Shared VRF' that you leak in and out of. Having the Firewall between the PE nodes does present an issue both for BGP as well as LDP peering if you wanted to establish a MP-BGP session. From what you have mentioned above, this solution might over-complicate what you are trying to do.
  Are the network ranges in each VLAN also unique?
  Can the Firewall run IGP? If so, maybe you could run Private VLANs and the use an IGP to propogate the networks through the FW across to your other switch? If you were to establish a BGP session between the switches each side of the FW, the FW would also need to either become a BGP peer or have IGP enabled. Each BGP node would then need to inject the BGP routes into IGP. If this isnt done, the FW will drop traffic as there would not be a suitable route.
  Are the resources through the FW shared or are they also client connected networks?
  Trent Husking

• 3745 Multi VRF with modules ??

  Hi,
  Please anyone can tell wheather Gig modules are supported on 3745 and if yes then how many? Also please tell which is the Gig module I could not find on cisco.com.
  And also do the onboard LAN ports support Multi VRF function ?
  Thanks
  NK

  We use VRFLite with the onboard LAN ports and it works just as expected.
  hth
  -birgit

• Multi-vrf CE/vrf lite Instances

  I'm currently looking at deploying vrf lite on our ce's but I'm unable to locate the limitations on how many instances can be run. I realise that the low-end ce's (1700, 2600) the limitation is 5 instances. Is there any other CE related devices that can run more instances, if so, how many and what devices?
  Regards
  Mark

  Hi,
  The 5 instances restriction comes from the "Designing MPLS Extensions for Customer Edge Routers" Product bulletin. The following script from that document is:
  Conclusions
  In order to ensure that their data is kept private while traveling across a Service Provider’s network, customers are presented many VPN options to suit their needs. This paper has focused on one particular type of VPNs: MPLS-VPNs. A general description was outlined for MPLS-VPNs in order to discuss the new feature in Cisco IOS release 12.2: Multi-VRF CE.
  Multi-VRF CE extends limited PE functionality to CE devices by allowing the traditional LAN network behind a CE router to be segmented into separate VRFs. With this feature, the CE router is now able to segment their LAN traffic into a maximum of 5 separate VRFs.
  So, I'm not sure whether this is just a standard feature set for all models, or this particular feature has been upgraded to support more vrfs, which as you say, will require the appropriate capacity.
  Regards
  Mark

• Multi-VRF CE or VRF-Lite support on 1800/2800

  Can anyone please confirm whether ISR 1800 and 2800 series devices support Multi-VRF CE functionality and which IOS release should be used?
  I could not find any document which is explicitly mentioning the above for the mentioned boxes.
  Actually my Purchase Order has been held up due to this... ;-)
  Thanks...

  Yes, they both do. For specific IOS version required, please refer to the Cisco IOS features navigator:
  http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
  Hope this helps,

• Multi-VRF CE: Number of VRF's

  Are there hard and fast limitations to the number of VRF's you can configure on a given router platform using Multi-VRF CE functionality? Or, are the only limitations those imposed by the available memory, CPU, and available routing processes on a given router.

  There is no hard limit that I know of. As you stated the limitation is rather to resources available on the node itself.
  Hope this helps,

• Exchange 2010SP1 Multi-Tenant Issue with Multiple Domains

  I have an installation of Exchange 2010 SP1 with multi-tenant support enabled via the install time /hosting switch.
  Everything works well for my smaller clients. I now have a bigger client that has about 300 users and 3 domains. The users are divided roughly equally amongst the domains - ie, 3 domains each with 100 users. I've added the first domain as normal:
  $c = get-credential
  New-organization -name "Pretend Company" -DomainName domain1.com -ProgramId HostingSample -OfferId 2 -location en-US -AdministratorPassword $c.password
  After that I logged into the ECP control panel and created all the users. The migration went smoothly and has been working well for the last week. Now, it's time to add the next domain. Since the client wants all 300 users visible in the same GAL, I just
  added a domain to the organization:
  New-AcceptedDomain -Name domain2.com -DomainName domain2.com -Organization "Pretend Company"
  This is where I run into problems. When I try to create the users for domain2.com via ECP, I am able to create the user successfully, and select domain2.com from the drop down. Once the user is created however, I am able to see that although their UPN
  is [email protected], it created their email address as [email protected].
  I tried creating the users manually via EMS:
  $password = Read-Host "Enter password" -AsSecureString
  New-MailUser -UserPrincipalName [email protected] -Password $password -Name "Test User" -Organization "Pretent Company" -PrimarySmtpAddress [email protected]
  The user creates successfully and I can see the user created in the proper OU in AD. Unfortunately I can not see them in ECP nor can I see them if I do:
  get-mailbox -Organization "Pretend Company"
  This makes the management of the users very difficult to delegate, and I'm not sure that the users at domain2.com will even work.
  This brings me to my questions:
  (1) Is is possible create accounts that have different domain names in their default email addresses within the same Organization in /hosting mode?
  (2) Is this something I need to do with an EmailAddressPolicy? I read the documentation but it didn't seem /hosting friendly.

  Hi Earonk,
  Please post your issue on below forum, you will get more help from there:
  http://social.technet.microsoft.com/Forums/en-us/exchange2010hosters/threads
  Regards!
  Gavin

• C3750E advanced L3 and OSPF

  Does the C3750E support advanced layer 3 and OSPF? If not, is there a license upgrade and what is that part number. If already capable, how do you enable?
  Show ver:
  rpswch0100#sh ver
  Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 12.2(55)SE5, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2012 by Cisco Systems, Inc.
  Compiled Thu 09-Feb-12 18:14 by prod_rel_team
  Image text-base: 0x00003000, data-base: 0x02800000
  ROM: Bootstrap program is C3750E boot loader
  BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
  rpswch0100 uptime is 4 weeks, 3 days, 20 hours, 27 minutes
  System returned to ROM by power-on
  System restarted at 14:05:47 PST Sat Feb 7 2015
  System image file is "flash:/c3750e-universalk9-mz.122-55.SE5/c3750e-universalk9-mz.122-55.SE5.bin"
  Thank You,
  Mike R

  Q. What are the different types of feature sets?
  A. There are three types of software licenses: LAN Base, IP Base, and IP Services. LAN Base is only supported on the Cisco Catalyst 3750-X, 3650-X, and Cisco Catalyst 2K switches.
  ● LAN Base: Enables basic Layer 2 forwarding and IPv4/IPv6 switch management.
  ● IP Base: Enables Layer 2 forwarding, IPv6 management, and basic Layer 3 routing, including Enhanced Interior Gateway Routing Protocol (EIGRP) stub and Protocol Independent Multicast (PIM) stub mode.
  ● IP Services: Includes IP Base and enables advanced IPv4/IPv6 Layer 3 routing such as EIGRP, Open Shortest Path First (OSPF), WCCP, VRF-lite, PBR, and IPv4 multicast routing.

• VRF lite and MPLS VRFs

  We have a CE router connected to PE router. The CE router is connected via 2 links to the PE router, because we need to create two VRFs on the PE for the traffic coming from the CE to separate the traffic, so we have one vrf per link. We are running OSPF between CE and PE.. Now we need to further separate the traffic up to the CE, so I’m thinking of using the VRF lite on the CE.. Can MPLS work with the VRF lite, and how to map the VRF lite VRFs on the CE to the MPLS VPN on the PE?
  Is there any config examples?
  Thanks in advance

  VRF Lite and MPLS-VPN act independently so they can work independently. And there is no specific need for mapping. If link is for VRF A on PE so you can make it part of vrf A in CE as well. Both VRFs are independent of each other.
  http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a00801cddd9.html#1045190
  THis document is for 4500 but logic holds the same.