Summary addressing
if I advertise an address of 192.200.10.0/29 using eigrp, will this include my interfaces 192.200.10.1, 2, 5 and 6 ?
yeah it will include 192.200.10.1,2,5 & 6.
Network 192.200.10.0
starting IP address 192.200.10.1
Ending IP address 192.200.10.6
Broadcast 192.200.10.7
subnet mask 255.255.255.248
hope this gives you clear idea,
rate this post.
Similar Messages
-
This is a two part question. Let's assume I have a router that we will call router1. On this router I have the networks 10.0.0.0/14 which will cover the range 10.0.0.0-10.3.255.255. Upstream from this router I have an asa that has a remote network of 10.27.0.0. Router2 has the networks 10.4.0.0/14. Router1 and Router2 use ripv2 and have auto summarization disabled. On R1's interface to R2, I will use the IP summary-address 10.0.0.0 255.252.0.0. Will I also need to include 10.27.0.0 255.255.255.0 in an IP summary-address as well? Or since my ripv2 process has network 10.0.0.0, then will this get sent anyway? I didn't know if when using manual summarization, then you would need to summarize all possible routes?
Next question. On the asa can I NAT the remote network of 10.27.0.0/24 to something that is contiguous on R1 so that it will be included in the manual summarization? Thanks!If you use the summary address 10.0.0.0 255.252.0.0, any subnet falling in this range will be send as summary only.
ie, 101.1.1.0/24 will be a part of the summary and it will not be send separately.
However, 10.27.0.0 255.255.255.0 is not falling in the range of the summary address. Hence it will be sent separately by the RIP process.
CF -
What would be the proper summary address for these?
Hello support community,
I'm trying to write a summary network address for the ip address in red below, but they need to be separate from the ones in black, is this a proper summary route for these networks in red? 10.20.0.0/10 ?
IP Address
Binary 1st octet
Binary 2st octet
Binary 3rd octet
Binary 4th octet
10.0.0.0
00001010
00000000
00000000
00000000
10.2.0.0
00001010
00000010
00000000
00000000
10.3.0.0
00001010
00000011
00000000
00000000
10.20.0.0
00001010
00010100
00000000
00000000
10.30.0.0
00001010
00011110
00000000
00000000
10.31.0.0
00001010
00011111
00000000
00000000
10.32.0.0
00001010
00100000
00000000
00000000
10.40.0.0
00001010
00101000
00000000
00000000
10.41.0.0
00001010
00101001
00000000
00000000
10.44.0.0
00001010
00101100
00000000
00000000
10.45.0.0
00001010
00101101
00000000
00000000
10.48.0.0
00001010
00110000
00000000
00000000
10.50.0.0
00001010
00110010
00000000
00000000
10.51.0.0
00001010
00110011
00000000
00000000
10.52.0.0
00001010
00110100
00000000
00000000
10.53.0.0
00001010
00110101
00000000
00000000
10.55.0.0
00001010
00110111
00000000
00000000
10.56.0.0
00001010
00111000
00000000
00000000
10.61.0.0
00001010
00111101
00000000
00000000
10.63.0.0
00001010
00111111
00000000
00000000
10.70.0.0
00001010
01000110
00000000
00000000
10.71.0.0
00001010
01000111
00000000
00000000
10.72.0.0
00001010
01001000
00000000
00000000
10.73.0.0
00001010
01001001
00000000
00000000
10.74.0.0
00001010
01001010
00000000
00000000
10.75.0.0
00001010
01001011
00000000
00000000
10.76.0.0
00001010
01001100
00000000
00000000
10.77.0.0
00001010
01001101
00000000
00000000
10.78.0.0
00001010
01001110
00000000
00000000
10.79.0.0
00001010
01001111
00000000
00000000Hi,
I think you need to split aggregation in to below three subnets.
10.16.0.0/12
10.32.0.0/11
10.64.0.0/10
10.20.0.0/10 is not a valid prefix.
Please don't forget to rate this post if it has been helpful
-akash -
Workings of auto-summary in EIGRP?
We are using 172.20.0.0 internally with /25 mask for local user subnets. This network is spread around 40 locations. Normally we have 'no auto-summary' under our router command like:
router eigrp 1
network 172.20.0.0
no auto-summary
So if I wanted to know if a particular subnet was in use, ie, 'sh ip route 172.20.100.0', I would see that in a routing table, and felt confident that there truly was a 172.20.100.0 subnet.
Someone inadvertently configured a router with 'auto-summary', and I was trying to troubleshoot a problem on 172.20.100.0. I shut down the interface that is configured for 172.20.100.0, yet it still showed up in the routing table. I track down where that route was advertised, and I found it was coming from a router that has the 'auto-summary' and the 'show ip route 172.20.100.0' on that router showed it coming from interface null-0.
The reason I don't like to use auto-summary is because of just that - I don't get a true picture of what subnets are actually real - everything gets summarized into the major network.
Is that the way auto-summary is supposed to work? If one uses the 'auto-summary on all routers, how does one tell if a particular subnet is in actual use of not?Jim
In your description you tell us that your network uses 172.20.0.0 and do not mention any other networks. If this is true (that there are no other networks than 172.20.0.0) then it makes no difference whether no auto-summary is configured or not - you will get the exact same results as long as the network is based on a single major network (a class B network in your case).
auto-summary only makes a difference when a router has an interface in one network and has another interface(s) in another network. If all interfaces are in the same network then EIGRP advertises all subnets out all interfaces. If the router has interfaces in two networks (say for example that your LAN interfaces were in 172.20.0.0 and you put your serial interfaces on 10.0.0.0) the the router would not advertise subnets of 172.20.0.0 over the serial 10.0.0.0 interfaces but would advertise a summary route.
In the situation that you describe that you found a router with an entry for 172.20.100.0 to null 0 then the logical explanations would be that either there is a summary address configured on that router for 172.20.100.0 or that someone configured a static route for 172.20.100.0. Or is it possible that the route that you were looking at was really for 172.20.0.0 and not for 172.20.100.0?
HTH
Rick -
Hello,
We 've got a dial problem with a 2811 branch router (ISDN2) and a 7206 central router (2*ISDN30)
Wehn the 2800 dials in no problem.
When threshold comes up no problem.
But when the second B-channel closed the 2800 doesn't route trafic any more.
Routing protocols still work.
Extended ping from the routers FE interface to de central location form.
But a device connected to the FE interface cannot ping the remote site.
When i use IOS
c2800nm-advsecurityk9-mz.124-10.bin : FAILTY
c2800nm-advsecurityk9-mz.124-12.bin : FAILTY
c2800nm-advsecurityk9-mz.124-5.bin : OKE
c2800nm-advsecurityk9-mz.124-8a.bin : OKE
Branch router:
interface BRI0/2/0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
isdn tei-negotiation first-call
isdn point-to-point-setup
ppp authentication chap
end
interface Dialer10
ip address 1.1.1.1 255.255.255.252
ip pim sparse-dense-mode
encapsulation ppp
dialer pool 1
dialer string 0123456789
dialer load-threshold 75 either
dialer max-call 2
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname somerouter
ppp chap password <REMOVED>
ppp multilink
end
Central router:
interface Dialer1
description ISDN:
bandwidth 128
ip address 1.1.1.2 255.255.255.252
ip pim sparse-dense-mode
encapsulation ppp
ip summary-address eigrp 1 0.0.0.0 0.0.0.0 180
dialer pool 1
dialer remote-name someroute
dialer idle-timeout 180
dialer-group 1
no fair-queue
no cdp enable
ppp authentication chap
ppp multilink
endHi
Have you checked up the routes for the remote destinations when the second channel is down ?
Can you check whether you are getting any routes available through the live BRI Channel available when the other one goes down ?
Also can you verify whether the channel is stil active using show isdn active command ?
regds -
NAT is not working for VRF partially
Hello!
I have a diagram like this:
VRF_A and VRF_B have overlapping addressing plans from series 192.168.x.x.
As routing protocol in both of VRFs adopted RIP (I tried all, but effect much the same).
The closest to PE1 network is 172.16.0.0/24.
PE1:
ip vrf VRF_A rd 65001:1 route-target export 65001:1 route-target import 65001:1ip vrf VRF_B rd 65001:2 route-target export 65001:2 route-target import 65001:2ip nat inside source list 10 interface FastEthernet0/0 vrf VRF_A overloadip nat inside source list 10 interface FastEthernet0/0 vrf VRF_B overloadip route vrf VRF_A 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.0.1 globalip route vrf VRF_B 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.0.1 globalinterface FastEthernet0/0 ip address 172.16.0.24 255.255.255.0 ip nat outside duplex fullinterface FastEthernet1/0 ip vrf forwarding VRF_A ip address 192.168.0.2 255.255.255.0 ip nat inside duplex full
interface FastEthernet4/0 ip vrf forwarding VRF_B ip address 192.168.0.2 255.255.255.0 ip nat inside duplex full
When I try ti ping 172.16.0.1 from CE11, CE21 and from VRF_A and VRF_B on PE1 - all if fine! NAT is performed and ping is OK.
But when I tried to ping from others (PE2 and CE21 and CE22) NAT is not performed, I see 192.168.x.x at Internet Router and ping is failled.
I'm in stupor. What could it be??? And how to avoid this situation? Are there "exits"?
I forgot to mention that there is a full connectivity inside both of VRFs. Routing protocols and redistribution work fine.
Kind regard,
ElladIt's wrong:
PE1interface toward P1 ip nat insideinterface toward P2 ip nat inside
Here is PE1:Current configuration : 2829 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname PE1
boot-start-marker
boot-end-marker
no aaa new-model
ip subnet-zero
ip vrf VRF_A
rd 65001:1
route-target export 65001:1
route-target import 65001:1
ip vrf VRF_B
rd 65001:2
route-target export 65001:2
route-target import 65001:2
ip cef
ip audit po max-events 100
mpls label protocol ldp
interface Loopback0
ip address 10.0.2.1 255.255.255.255
interface FastEthernet0/0
ip address 172.16.0.24 255.255.255.0
ip nat outside
duplex full
interface FastEthernet1/0
ip vrf forwarding VRF_A
ip address 192.168.0.2 255.255.255.0
ip nat inside
duplex full
interface FastEthernet2/0 ip address 10.0.23.1 255.255.255.0
duplex full
tag-switching mtu 1512
tag-switching ip
interface FastEthernet3/0
ip address 10.0.24.1 255.255.255.0
duplex full
tag-switching mtu 1512
tag-switching ip
interface FastEthernet4/0
ip vrf forwarding VRF_B
ip address 192.168.0.2 255.255.255.0
ip nat inside
duplex full
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.255.255.255 area 0
router rip
version 2
no auto-summary
address-family ipv4 vrf VRF_B
redistribute bgp 65001 metric 1
network 192.168.0.0
no auto-summary
exit-address-family
router bgp 65001
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.0.5.1 remote-as 65001
neighbor 10.0.5.1 update-source Loopback0
address-family vpnv4
neighbor 10.0.5.1 activate
neighbor 10.0.5.1 next-hop-self
neighbor 10.0.5.1 send-community both
exit-address-family
address-family ipv4 vrf VRF_B
redistribute static
redistribute rip
no auto-summary
no synchronization
exit-address-family
address-family ipv4 vrf VRF_A
no auto-summary
no synchronization
exit-address-family
ip nat inside source list 10 interface FastEthernet0/0 vrf VRF_A overload
ip nat inside source list 10 interface FastEthernet0/0 vrf VRF_B overload
ip classless
ip route vrf VRF_A 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.0.1 global
ip route vrf VRF_B 0.0.0.0 0.0.0.0 FastEthernet0/0 172.16.0.1 global
no ip http server
no ip http secure-server
ip extcommunity-list 1 permit soo 65002:901
access-list 1 deny 10.1.8.1
access-list 1 deny 10.0.8.1
access-list 1 deny 10.1.2.1
access-list 1 deny 10.0.2.1
access-list 1 permit any
access-list 10 permit 192.168.0.0 0.0.255.255
access-list 10 permit 192.168.1.0 0.0.0.255
route-map rm-soo permit 10
set extcommunity soo 65002:901!
route-map rm-soo-action deny 10
match extcommunity 1
route-map rm-soo-action permit 20
match ip address 1
gatekeeper
shutdown
line con 0
exec-timeout 144 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
1.0.5.1 is Loopback0 of P3. It's a route-reflector for all PEs. I study.
And all what you see above - Dynamipses. Internet router - real Ubuntu server. -
Assigning multiple areas to SVI's created on 6500 Switch
Hey, We are having Cisco 6500 Switch at aggregation layer where all our SVIs are created and we need to advertise them in OSPF for reachability purpose. Now we are using L2 campus model so access layer is not running any routing protocol but we need to segregate our SVIs traffic based on different buildings. We are doing this by assigning unique areas to a group of SVIs while advertising in OSPF. My question is, is this a recommended way ? or we have to advertise all the SVIs in Area 0? because we don't have multiple areas but still we are adding them while advertising at 6500 switch. Thanks.
Having said that, i am still confused whether is it a good approach or we should advertise all our SVIs directly into OSPF Area0.
Using an area per building seems unnecessary because all the L3 routing is done on the aggregation layer so it doesn't really make a lot of sense, at least to me.
I think using one area for all SVIs may be a good idea because then you can simply advertise one summary for the all the SVI subnets into area 0 towards the core.
This is assuming you can summarise all the aggregation IP subnets with one summary address.
Even that may not be necessary as it depends on the rest of your topology.
For example if your core connected multiple buildings as in a campus and each building had a distribution pair of switches connected back to the core then yes it would make sense to use an area per building/site and only advertise a summary to the core.
Up to you really.
Jon -
Hi all,
I've got a question regarding designing a weblogic-based solution that needs to talk to an EIS.
Basically we have a new system that also needs to keep an old system up to date for an interim period. In order to do this the new system is placing messages representing transactions onto a queue to be processed asynchronously. We are currently considering 3 options:
- Message driven beans using JCA
- WLI process using JCA
- Writing our own message consumer which manages threads to write to the backend (the reason for this will become clear below)
Basically the worry we have is that the backend may become unavailble (planned or unplanned) and we're worried that an MDB or WLI solution has no way of automatically stopping processing and then automatically picking it up again once the EIS comes back. We bascially don't want to get into a situation where we have a pool of MDBs (for instance) continually trying and failing to connect to the backend (filling the logs and wasting resources). The roll-your-own solution was therefore to enable us to control the number of threads that were attempting to connect by recognising failures and closing down all but one polling thread until we got a response again.
This RYO approach feels really wrong, though, and it seems that WLI must have something in it to cope with this kind of failure situation. I have seen some stuff in the docs about automatically suspending and then restarting processing but am unsure if any adapters support this model. For information we are currently looking to connect to an Adabas/Natural backend via either 3270, CICS or direct natural connections.
Hope someone can help on this !
Thanks
IanAndy
It depends.
I was assuming they had area 0 at both DCs as you mentioned that.
You should really use two areas and then they would need to filter your routes because you would be injecting them into one area on one link and then they would be sending them to you on the other link.
The problem arises if each of their DCs is using different areas.
So say the main DC is area 0 and the backup DC is area 1.
All OSPF areas need to be directly connected to area 0 and obviously this wouldn't happen on the link to the area 1 DC if you use your own area.
You can use virtual links but you should avoid these if possible.
If you simply use their existing areas at your end then that means you are going to receive type 1 and type 2 LSAs as well.
I don't think I can give you a definitive answer because there are too many variable in terms of OSPF areas, summarisation etc.
Are the subnets within your main and backup DC different and the same question for their DCs ?
Depending on the answers to the above it may make more sense to run EIGRP across those links using summary addresses at your end for the subnets and let them do the redistribution because EIGRP does not have the same issues with areas.
I cannot see how that would affect their VRFs and even if it did they can always create a non VRF interface for the exchange of routes
I'm happy to help out further when you get more information but I think you need to talk with the other network guy especially about how the OSPF connections are going to work.
Jon -
Do I need "advanced license" to run MPLS on ME3600X?
Those who have dealt with ME3600X switch, can you tell me if I need to purchase the “Advanced Metro IP Access License” in order to run L2/L3 MPLS VPN? The license is $3995 in addition. It is a big cost for us. More specifically, I want to know if the following commands are supported with the license comes with the switch. No advanced MPLS features like traffic engineering is required at this point.
ip vrf vpnA
rd 100:1
route-target export 100:1
route-target import 100:1
interface Ethernet1/0
ip vrf forwarding vpnA
interface Ethernet1/1
mpls ip
router ospf 1 vrf vpnA
log-adjacency-changes
area 1 sham-link 12.12.100.4 12.12.100.5
redistribute bgp 100 metric-type 1 subnets
network 12.12.128.130 0.0.0.0 area 1
router bgp 100
no synchronization
bgp router-id 12.12.4.4
bgp log-neighbor-changes
neighbor 12.12.5.5 remote-as 100
neighbor 12.12.5.5 update-source Loopback0
no auto-summary
address-family vpnv4
neighbor 12.12.5.5 activate
neighbor 12.12.5.5 send-community both
exit-address-family
address-family ipv4 vrf vpnA
redistribute ospf 1 vrf vpnA match internal external 1 external 2
no synchronization
network 12.12.100.4 mask 255.255.255.255
exit-address-family
mpls ldp router-id Loopback0 forceHi dear,
according to the information available on CCO over here
http://www.cisco.com/en/US/prod/collateral/switches/ps6568/ps10956/data_sheet_c78-601946.html
you indeed need to get that license in your gear to let it run MPLS.
The commands highlighted in red should work after that.
HTH,
Ivan. -
BGP in Dual Homing setup not failing over correctly
Hi all,
we have dual homed BGP connections to our sister company network but the failover testing is failing.
If i shutdown the WAN interface on the primary router, after about 5 minutes, everything converges and fails over fine.
But, if i shut the LAN interface down on the primary router, we never regain connectivity to the sister network.
Our two ASR's have an iBGP relationship and I can see that after a certain amount of time, the BGP routes with a next hop of the primary router get flushed from BGP and the prefferred exit path is through the secondary router. This bit works OK, but i believe that the return traffic is still attempting to return over the primary link...
To add to this, we have two inline firewalls on each link which are only performing IPS, no packet filtering.
Any pointers would be great.
thanks
MarioHi John,
right... please look at the output below which is the partial BGP table during a link failure...
10.128.0.0/9 is the problematic summary that still keeps getting advertised out when we do not want it to during a failure....
now there are prefixes in the BGP table which fall within that large summary address space. But I am sure that they are all routes that are being advertised to us from the eBGP peer...
*> 10.128.0.0/9 0.0.0.0 32768 i
s> 10.128.56.16/32 172.17.17.241 150 0 2856 64619 i
s> 10.128.56.140/32 172.17.17.241 150 0 2856 64619 i
s> 10.160.0.0/21 172.17.17.241 150 0 2856 64611 i
s> 10.160.14.0/24 172.17.17.241 150 0 2856 64611 i
s> 10.160.16.0/24 172.17.17.241 150 0 2856 64611 i
s> 10.200.16.8/30 172.17.17.241 150 0 2856 65008 ?
s> 10.200.16.12/30 172.17.17.241 150 0 2856 65006 ?
s> 10.255.245.0/24 172.17.17.241 150 0 2856 64548 ?
s> 10.255.253.4/32 172.17.17.241 150 0 2856 64548 ?
s> 10.255.253.10/32 172.17.17.241 150 0 2856 64548 ?
s> 10.255.255.8/30 172.17.17.241 150 0 2856 6670 ?
s> 10.255.255.10/32 172.17.17.241 150 0 2856 ?
s> 10.255.255.12/30 172.17.17.241 150 0 2856 6670 ?
s> 10.255.255.14/32 172.17.17.241 150 0 2856 ?
i would not expect summary addresses to still be advertised if the specific prefixes are coming from eBGP... am i wrong?
thanks for everything so far...
Mario De Rosa -
DMVPN GRE over IPSEC Packet loss
I have a hub and spoke DMVPN GRE over IPSec topology. We have many sites, over 10, and have a problem on one particular site, just one. First off I want to say that I have replaced the Router and I get the same exact errors. By monitoring the Terminal, I regularly get these messages
%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Output Authentication error:srcadr=10.X.X.X,dstadr=10.X.X.X,size=616,handle=0x581A
%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=1
The tunnel is up, passes data, and always stays up. This router is a Spoke router. The routing protocol being used is EIGRP. When I do a
Show Crypto isakmp sa, it shows the state as being "QM_IDLE" which means it is up.
When I use the "Show Crypto Engine accelerator stat" this is what I get (Attached File)
You can see that there are ppq rx errors, authentication errors, invalid packets, and packets dropped. I know this is not due to mis-configuration because the config is the same exact as other sites that I have which never have any problems. Here is the tunnel interface and the tunnel source interface on the Spoke Router
interface Tunnel111
description **DPN VPN**
bandwidth 1000
ip address 172.31.111.107 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1300
ip pim sparse-dense-mode
ip nhrp authentication XXXX
ip nhrp map multicast dynamic
ip nhrp map multicast X.X.X.X
ip nhrp map X.X.X.X X.X.X.X
ip nhrp network-id 100002
ip nhrp holdtime 360
ip nhrp nhs 172.31.111.254
ip route-cache flow
ip tcp adjust-mss 1260
ip summary-address eigrp 100 10.X.X.X 255.255.0.0 5
qos pre-classify
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key XXXX
tunnel protection ipsec profile X.X.X.X
interface GigabitEthernet0/0
description **TO DPNVPN**
ip address 10.X.X.X 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip pim sparse-dense-mode
ip virtual-reassembly
duplex full
speed 100
no snmp trap link-status
no mop enabled
Is there anything that you can think of that may becausing this, do you think this can be a layer one or two issue? Thanks
BrendenHave you try to turn off the hardware encryption (no crypto engine accelerator) just to see if it's better. But be careful, cause your CPU% will run much higher, but you only have 10 spokes sites, so it wont be at 100%.
It's better to start troubleshooting by layer 1 then layer 2 when it's possible. Have you ask the site's ISP for packet lost on their side ? -
Best-practice to redistribute NAT entries into OSPF
I have several different subnets that are all either NAT'd or accessible via a VPN. There's no actual route on the ASA to the addresses, and they're not directly connected, eliminating the usual redistribution commands.
What is the best-practice for redistributing such entries into an OSPF area? In the past, I've had static entries on the upstream firewall, allowing the rest of the network to see this. I'm trying to get rid of as many static routes as possible (or at least make them a floating route so as to provide backup should something in OSPF fail), but am having difficulty figuring out how to redistribute these into the OSPF area.
I can't use a summary-address command as there's no external routes that are being redistributed. The area range command is out as I don't have a separate area that routes are being redistributed from.
One thought I've had is to create a static null route for each subnet (allowing me to redistribute static, and have the static entries only on the originating box), but I imagine rather than NAT'ng or open the site-to-site VPN, it would discard traffic (as the destination is null).
Any ideas on what to do when you have "imaginary" addresses that don't exist anywhere but in NAT entries or that's defined as interesting traffic for a site-to-site VPN?
Thanks in advance.I have the code working without use of config files. I am just disappointed that it is not working using the configuration files. That was one of the primary intents of my code re-factoring.
Katherine
Xiong , If you are proposing this as an answer then does this imply that Microsoft's stance is not to use configuration files with SSIS?? Please answer.
SM -
Route Leaking between VRF:s (Shared services)
Hi,
I'm a bit confused by this setup that i'm trying to achieve.
The setup is classic though, I have one VRF for education (EDU), one for administrators (ADM) and then a shared VRF (GEM) like this:
ip vrf ADM
description *** ADMIN NET ***
rd 2:2
export map ADM-to-EDU
route-target export 2:2
route-target import 1:1
route-target import 2:2
ip vrf EDU
description *** ELEV NET ***
rd 3:3
route-target export 3:3
route-target import 1:1
route-target import 33:33
route-target import 3:3
ip vrf GEM
description *** GEMENSAM NET ***
rd 1:1
route-target export 1:1
route-target import 2:2
route-target import 3:3
route-target import 1:1
As you can see, i have also configured an export map for vrf ADM, which i'm then importing routes from.
the Map looks as follows:
access-list 1 permit 172.18.254.37
route-map ADM-to-EDU permit 10
match ip address 1
set extcommunity rt 33:33 additive
A relevant part of the ip setup is as follows:
interface Loopback3
ip vrf forwarding EDU
ip address 3.3.3.3 255.255.255.255
interface Loopback37
ip vrf forwarding ADM
ip address 172.18.254.37 255.255.255.255
I'm running BGP:
router bgp 65235
no synchronization
bgp log-neighbor-changes
no auto-summary
address-family ipv4 vrf GEM redistribute connected
redistribute static
default-information originate
no synchronization
exit-address-family
address-family ipv4 vrf EDU
redistribute connected
redistribute static
default-information originate
no synchronization
exit-address-family
address-family ipv4 vrf ADM
redistribute connected
redistribute static
default-information originate
no synchronization
exit-address-family
Now, the thing is, the leaking is working, i can see the leaked route in the EDU routing table below,
Router#sh ip route vrf EDU
Routing Table: EDU
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 172.19.16.5 to network 0.0.0.0
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 is directly connected, 04:53:31, Loopback1
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback3
172.19.0.0/32 is subnetted, 1 subnets
B 172.19.16.5 is directly connected, 02:27:51, Loopback0
172.18.0.0/32 is subnetted, 1 subnets
B 172.18.254.37 is directly connected, 00:32:14, Loopback37
B* 0.0.0.0/0 [20/0] via 172.19.16.5 (GEM), 02:08:42
but i cannot reach it:
Router#ping vrf EDU 172.18.254.37
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.254.37, timeout is 2 seconds:
Success rate is 0 percent (0/5)
But if i run "debug ip packet" and the perform another ping, i get this result which i think is a bit weird? to me it seems as if it works.
Router#ping vrf EDU 172.18.254.37
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.254.37, timeout is 2 seconds:
*Mar 1 05:42:40.562: IP: tableid=2, s=3.3.3.3 (local), d=172.18.254.37 (Loopback37), routed via RIB
*Mar 1 05:42:40.566: IP: s=3.3.3.3 (local), d=172.18.254.37 (Loopback37), len 100, sending
*Mar 1 05:42:40.574: IP: tableid=2, s=3.3.3.3 (Loopback37), d=172.18.254.37 (Loopback37), routed via RIB
*Mar 1 05:42:40.578: IP: s=3.3.3.3 (Loopback37), d=172.18.254.37 (Loopback37), len 100, rcvd 3
*Mar 1 05:42:40.578: IP: tableid=2, s=172.18.254.37 (local), d=3.3.3.3 (Loopback0), routed via RIB
*Mar 1 05:42:40.578: IP: s=172.18.254.37 (local), d=3.3.3.3 (Loopback0), len 100, sending
*Mar 1 05:42:40.578: IP: tableid=2, s=172.18.254.37 (Loopback0), d=3.3.3.3 (Loopback0), routed via RIB
*Mar 1 05:42:40.578: IP: s=172.18.254.37 (Loopback0), d=3.3.3.3 (Loopback0), len 100, rcvd local pkt.
*Mar 1 05:42:42.562: IP: tableid=2, s=3.3.3.3 (local), d=172.18.254.37 (Loopback37), routed via RIB
*Mar 1 05:42:42.566: IP: s=3.3.3.3 (local), d=172.18.254.37 (Loopback37), len 100, sending
*Mar 1 05:42:42.574: IP: tableid=2, s=3.3.3.3 (Loopback37), d=172.18.254.37 (Loopback37), routed via RIB
*Mar 1 05:42:42.578: IP: s=3.3.3.3 (Loopback37), d=172.18.254.37 (Loopback37), len 100, rcvd 3
*Mar 1 05:42:42.582: IP: tableid=2, s=172.18.254.37 (local), d=3.3.3.3 (Loopback0), routed via RIB
*Mar 1 05:42:42.586: IP: s=172.18.254.37 (local), d=3.3.3.3 (Loopback0), len 100, sending
*Mar 1 05:42:42.590: IP: tableid=2, s=172.18.254.37 (Loopback0), d=3.3.3.3 (Loopback0), routed via RIB
*Mar 1 05:42:42.590: IP: s=172.18.254.37 (Loopback0), d=3.3.3.3 (Loopback0), len 100, rcvd local pkt.
*Mar 1 05:42:44.562: IP: tableid=2, s=3.3.3.3 (local), d=172.18.254.37 (Loopback37), routed via RIB
*Mar 1 05:42:44.566: IP: s=3.3.3.3 (local), d=172.18.254.37 (Loopback37), len 100, sending
*Mar 1 05:42:44.570: IP: tableid=2, s=3.3.3.3 (Loopback37), d=172.18.254.37 (Loopback37), routed via RIB
*Mar 1 05:42:44.574: IP: s=3.3.3.3 (Loopback37), d=172.18.254.37 (Loopback37), len 100, rcvd 3
*Mar 1 05:42:44.578: IP: tableid=2, s=172.18.254.37 (local), d=3.3.3.3 (Loopback0), routed via RIB
*Mar 1 05:42:44.578: IP: s=172.18.254.37 (local), d=3.3.3.3 (Loopback0), len 100, sending
*Mar 1 05:42:44.578: IP: tableid=2, s=172.18.254.37 (Loopback0), d=3.3.3.3 (Loopback0), routed via RIB
*Mar 1 05:42:44.578: IP: s=172.18.254.37 (Loopback0), d=3.3.3.3 (Loopback0), len 100, rcvd local pkt.
*Mar 1 05:42:46.566: IP: tableid=2, s=3.3.3.3 (local), d=172.18.254.37 (Loopback37), routed via RIB
*Mar 1 05:42:46.570: IP: s=3.3.3.3 (local), d=172.18.254.37 (Loopback37), len 100, sending
*Mar 1 05:42:46.570: IP: tableid=2, s=3.3.3.3 (Loopback37), d=172.18.254.37 (Loopback37), routed via RIB
*Mar 1 05:42:46.570: IP: s=3.3.3.3 (Loopback37), d=172.18.254.37 (Loopback37), len 100, rcvd 3
*Mar 1 05:42:46.570: IP: tableid=2, s=172.18.254.37 (local), d=3.3.3.3 (Loopback0), routed via RIB
*Mar 1 05:42:46.570: IP: s=172.18.254.37 (local), d=3.3.3.3 (Loopback0), len 100, sending
*Mar 1 05:42:46.570: IP: tableid=2, s=172.18.254.37 (Loopback0), d=3.3.3.3 (Loopback0), routed via RIB
*Mar 1 05:42:46.574: IP: s=172.18.254.37 (Loopback0), d=3.3.3.3 (Loopback0), len 100, rcvd local pkt.
*Mar 1 05:42:48.562: IP: tableid=2, s=3.3.3.3 (local), d=172.18.254.37 (Loopback37), routed via RIB
*Mar 1 05:42:48.566: IP: s=3.3.3.3 (local), d=172.18.254.37 (Loopback37), len 100, sending
*Mar 1 05:42:48.566: IP: tableid=2, s=3.3.3.3 (Loopback37), d=172.18.254.37 (Loopback37), routed via RIB
*Mar 1 05:42:48.570: IP: s=3.3.3.3 (Loopback37), d=172.18.254.37 (Loopback37), len 100, rcvd 3
*Mar 1 05:42:48.574: IP: tableid=2, s=172.18.254.37 (local), d=3.3.3.3 (Loopback0), routed via RIB
*Mar 1 05:42:48.574: IP: s=172.18.254.37 (local), d=3.3.3.3 (Loopback0), len 100, sending
*Mar 1 05:42:48.582: IP: tableid=2, s=172.18.254.37 (Loopback0), d=3.3.3.3 (Loopback0), routed via RIB
*Mar 1 05:42:48.582: IP: s=172.18.254.37 (Loopback0), d=3.3.3.3 (Loopback0), len 100, rcvd local pkt.
Success rate is 0 percent (0/5)
Router#
However, if i add leaking for 3.3.3.3 in ADM vrf like this:
access-list 2 permit 3.3.3.3
route-map EDU-to-ADM permit 10
match ip address 2
set extcommunity rt 22:22 additive
ip vrf ADM
description *** ADMIN NET ***
rd 2:2
export map ADM-to-EDU
route-target export 2:2
route-target import 1:1
route-target import 22:22 < - added line
route-target import 2:2
ip vrf EDU
description *** ELEV NET ***
rd 3:3
export map EDU-to-ADM < - added line
route-target export 3:3
route-target import 1:1
route-target import 33:33
route-target import 3:3
Then it will work:
Router#ping vrf EDU 172.18.254.37
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.254.37, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/16 ms
So actually, my big question is, am i doing this the right or wrong way? i'm a bit confused.
Sorry about the rant, maybe it will clarify some things for others who are confused, or maybe just make it worse!
Some additional thoughts:
Why can't i perform this ping, shouldnt this work?
Router#ping vrf GEM 172.18.254.37
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.254.37, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Router#
bgp info:
Router#sh ip bgp vpnv4 all
BGP table version is 79, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf GEM)
*> 0.0.0.0 172.19.16.5 0 32768 ?
*> 1.1.1.1/32 0.0.0.0 0 32768 ?
*> 2.2.2.2/32 0.0.0.0 0 32768 ?
*> 3.3.3.3/32 0.0.0.0 0 32768 ?
*> 172.18.254.37/32 0.0.0.0 0 32768 ?
*> 172.19.16.5/32 0.0.0.0 0 32768 ?
Route Distinguisher: 2:2 (default for vrf ADM)
*> 0.0.0.0 172.19.16.5 0 32768 ?
*> 1.1.1.1/32 0.0.0.0 0 32768 ?
*> 2.2.2.2/32 0.0.0.0 0 32768 ?
*> 3.3.3.3/32 0.0.0.0 0 32768 ?
*> 172.18.254.37/32 0.0.0.0 0 32768 ?
*> 172.19.16.5/32 0.0.0.0 0 32768 ?
Route Distinguisher: 3:3 (default for vrf EDU)
*> 0.0.0.0 172.19.16.5 0 32768 ?
*> 1.1.1.1/32 0.0.0.0 0 32768 ?
Network Next Hop Metric LocPrf Weight Path
*> 3.3.3.3/32 0.0.0.0 0 32768 ?
*> 172.18.254.37/32 0.0.0.0 0 32768 ?
*> 172.19.16.5/32 0.0.0.0 0 32768 ?
Router#Thank you for your answer Aravala.
Ok, so i think i'm beginning to understand this now after several hours..
Below is my setup now, and it works, but the thing is that it ONLY works from nets that are actually configured on interfaces.
What i mean by this is,
i want to reach ONLY the ip 172.18.254.37(ADM net) from ANY adress on 172.19.0.0/16 (EDU net)
so naturally i try and change the prefix list to:
ip prefix-list 1 seq 5 permit 172.18.254.37/32
ip prefix-list 2 seq 5 permit 172.19.0.0/16
But this doesnt work, i would be very grateful if someone could explain why and how to get around it..! i dont want to define every subnet on 172.19.0.0/16 and at the same time leave all of the 172.18.254.0/24 network open.
working setup:
ip vrf ADM
description *** ADMIN NET ***
rd 2:2
export map ADM-to-EDU
route-target export 2:2
route-target import 1:1
route-target import 22:22
route-target import 2:2
ip vrf EDU
description *** ELEV NET ***
rd 3:3
export map EDU-to-ADM
route-target export 3:3
route-target import 1:1
route-target import 33:33
route-target import 3:3
ip vrf GEM
description *** GEMENSAM NET ***
rd 1:1
route-target export 1:1
route-target import 2:2
route-target import 3:3
route-target import 1:1
ip prefix-list 1 seq 5 permit 172.18.254.0/24
ip prefix-list 2 seq 5 permit 172.19.64.0/21
route-map ADM-to-EDU permit 10
match ip address prefix-list 1
set extcommunity rt 33:33 additive
route-map EDU-to-ADM permit 10
match ip address prefix-list 2
set extcommunity rt 22:22 additive -
Serial interfaces, ip vrf forwarding, and PBR with set vrf
I am doing some work with VRF-lite but I am having some trouble with serial interfaces. I have a PE router with a serial interface where I want to take incoming traffic and using policy-based routing send the traffic to the appropriate VRF. I want to assign the serial interface itself to be in one of those VRFs, not the global routing table. Eventually, I also want to overlap the VPNs/VRFs to send traffic going out the serial interface through the VRF assigned to the serial interface. Initially, it looks something like this:
ip vrf VRF1
rd 65000:3
route-target export 65000:3
ip vrf VRF2
rd 65000:18
route-target import 65000:3
ip route vrf VRF1 10.90.51.0 255.255.255.0 192.168.11.18
interface Serial0/0/0
ip vrf forwarding VRF1
ip address 192.168.11.17 255.255.255.252
router bgp 65000
no synchronization
bgp log-neighbor-changes
no auto-summary
address-family ipv4 vrf VRF1
redistribute static
no auto-summary
no synchronization
exit-address-family
ip access-list extended remote-source
permit ip 10.90.0.0 0.0.255.255 any
route-map SERIAL-INCOMING permit 100
match ip address remote-source
set vrf VRF2
But if I try to turn on the policy based routing at the serial interface, I get an error:
Router(conf)#interface Serial0/0/0
Router(config-if)#ip policy route-map SERIAL-INCOMING
% Can not apply route-map SERIAL-INCOMING to this interface
% Either remove 'set vrf' from route-map or unconfigure 'ip vrf forward'
I can sort of get around the problem by using an "ip vrf receive" instead of "ip vrf forward", but unfortunately, that leaves my Serial interface in the global table which isn't what I wanted.
What troubles me is that I can do this without any problems on an Ethernet interface. Are there any known issues with "ip vrf forward" and using PBR and "set vrf" on Serial interfaces, or have I configured something wrong?
If I stick with the "ip vrf receive", how can I force the physical Serial interface into the appropriate VRF?
Thanks.
Clarke Morledge
College of William and MaryUpon further investigation....
The serial interface issue was a red herring. It just so happens that every other time I've done this it has been on a flavor of 12.2x on a 6500/7600 where this feature is supported. The only systems I have with Serial interfaces are 1841s.
The problem with the 1841 is that most of the code revisions out there do not support this feature. It was only added to the regular code train with the recent release of 12.2(24)T. I tested with 12.2(24)T1 and you are now able to use "ip vrf forwarding" on all interfaces along with a PBR route-map that uses the "set vrf" option.
Thanks, Laurent, for pointing me towards the TAC on this.
Clarke Morledge
College of William and Mary -
Good Day! I have got a task to play multicast traffic through mpls (at least between the same vrf). I have 3 switches 3750 ME, sw1, sw2 and sw3. Multicast source host is connected to sw3 int fa1/0/6, receiver host is connected to sw1 int fa 1/0/5, respectively. Both interfaces are in vlan 100 (just the same vlan number). Interface vlan is in vrf green. Switches are connected back to back sw1-sw2-sw3 via gigabit interfaces (dedicated for mpls) like ce1/pe1-p-pe2/ce2. In addition, sw1 and sw3 are rr-clients for sw2. To check multicast traffic I use multicasttest utility (http://www.mikkle.dk/multicasttest/). Multicast group address for test is 224.237.248.237. Multicast traffic walk from host 192.168.1.3 to 192.168.2.2. Also, there are vl 100 interfaces on switches in vrf green created just for check proper connectivity.
Configs:
hostname sw1
system mtu routing 1500
ip subnet-zero
ip routing
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 172.16.1.1
ip dhcp pool green1
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
default-router 172.16.1.1
ip vrf green
rd 100:100
route-target export 100:100
route-target import 100:100
mdt default 232.1.1.1
ip multicast-routing distributed
ip multicast-routing vrf green distributed
interface Loopback0
ip address 10.1.1.1 255.255.255.255
ip pim sparse-dense-mode
ip ospf 1 area 0
interface Loopback100
ip vrf forwarding green
ip address 10.0.100.1 255.255.255.255
ip pim sparse-dense-mode
interface FastEthernet1/0/5
switchport access vlan 100
interface GigabitEthernet1/1/2
no switchport
ip address 10.0.1.2 255.255.255.0
ip pim sparse-dense-mode
ip ospf 1 area 0
speed auto 1000
mpls ip
interface Vlan100
ip vrf forwarding green
ip address 192.168.2.1 255.255.255.0
ip pim sparse-dense-mode
router ospf 1
log-adjacency-changes
router bgp 65001
no synchronization
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 65001
neighbor 10.1.1.2 update-source Loopback0
no auto-summary
address-family ipv4 mdt
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
exit-address-family
address-family vpnv4
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
exit-address-family
address-family ipv4 vrf green
no synchronization
network 10.0.100.1 mask 255.255.255.255
network 192.168.2.0
exit-address-family
ip classless
hostname sw2
system mtu routing 1500
ip subnet-zero
ip routing
ip vrf green
rd 100:100
route-target export 100:100
route-target import 100:100
mdt default 232.1.1.1
ip multicast-routing distributed
ip multicast-routing vrf green distributed
vtp mode transparent
interface Loopback0
ip address 10.1.1.2 255.255.255.255
ip pim sparse-dense-mode
ip ospf 1 area 0
interface GigabitEthernet1/1/1
no switchport
ip address 10.0.2.1 255.255.255.0
ip pim sparse-dense-mode
ip ospf 1 area 0
speed auto 1000
mpls ip
interface GigabitEthernet1/1/2
no switchport
ip address 10.0.1.1 255.255.255.0
ip pim sparse-dense-mode
ip ospf 1 area 0
speed auto 1000
mpls ip
router ospf 1
log-adjacency-changes
router bgp 65001
no synchronization
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 65001
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.1 route-reflector-client
neighbor 10.1.1.3 remote-as 65001
neighbor 10.1.1.3 update-source Loopback0
neighbor 10.1.1.3 route-reflector-client
no auto-summary
address-family ipv4 mdt
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community extended
exit-address-family
address-family vpnv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.1 route-reflector-client
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community extended
neighbor 10.1.1.3 route-reflector-client
exit-address-family
address-family ipv4 vrf green
no synchronization
exit-address-family
ip classless
hostname sw3
system mtu routing 1500
ip subnet-zero
ip routing
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1
ip dhcp pool green2
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
ip vrf green
rd 100:100
route-target export 100:100
route-target import 100:100
mdt default 232.1.1.1
ip multicast-routing distributed
ip multicast-routing vrf green distributed
vtp mode transparent
interface Loopback0
ip address 10.1.1.3 255.255.255.255
ip pim sparse-dense-mode
ip ospf 1 area 0
interface Loopback100
ip vrf forwarding green
ip address 10.0.100.3 255.255.255.255
ip pim sparse-dense-mode
interface FastEthernet1/0/6
switchport access vlan 100
interface GigabitEthernet1/1/1
no switchport
ip address 10.0.2.2 255.255.255.0
ip pim sparse-dense-mode
ip ospf 1 area 0
speed auto 1000
mpls ip
interface Vlan100
ip vrf forwarding green
ip address 192.168.1.1 255.255.255.0
ip pim sparse-dense-mode
router ospf 1
log-adjacency-changes
router bgp 65001
no synchronization
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 65001
neighbor 10.1.1.2 update-source Loopback0
no auto-summary
address-family ipv4 mdt
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
exit-address-family
address-family vpnv4
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
exit-address-family
address-family ipv4 vrf green
no synchronization
network 10.0.100.3 mask 255.255.255.255
network 192.168.1.0
exit-address-family
ip classless
Пинги везде проходят (как между свитчами, так и между хостами)
sw1#ping vrf green 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
sw1#ping vrf green 192.168.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
sw1#ping vrf green 224.237.248.237
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.237.248.237, timeout is 2 seconds:
Reply to request 0 from 192.168.2.1, 1 ms
Reply to request 0 from 10.0.100.1, 1 ms
sw3#ping vrf green 192.168.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
sw3#ping vrf green 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
sw3#ping vrf green 224.237.248.237
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.237.248.237, timeout is 2 seconds:
Reply to request 0 from 192.168.1.1, 1 ms
Reply to request 0 from 10.0.100.3, 1 ms
I can see I pim neighbors in global table, but cat’s see them in vrf green. I think the problem is here.
sw1#sh ip pim neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.0.1.1 GigabitEthernet1/1/2 20:25:44/00:01:43 v2 1 / S P
sw2#sh ip pim neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.0.2.2 GigabitEthernet1/1/1 20:25:57/00:01:22 v2 1 / DR S P
10.0.1.2 GigabitEthernet1/1/2 20:25:58/00:01:19 v2 1 / DR S P
sw3#sh ip pim neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.0.2.1 GigabitEthernet1/1/1 20:26:13/00:01:35 v2 1 / S P
sw1#sh ip pim vrf green neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
sw1#
sw3#sh ip pim vrf green neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
sw3#
mroute in vrf:
sw1#sh ip mroute vrf green 224.237.248.237
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 224.237.248.237), 02:50:33/00:02:56, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Vlan100, Forward/Sparse-Dense, 02:50:33/00:00:00
sw3#sh ip mroute vrf green 224.237.248.237
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 224.237.248.237), 02:48:36/00:02:25, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Vlan100, Forward/Sparse-Dense, 02:48:36/00:00:00
sw1#mstat
VRF name: green
Source address or name: 192.168.2.1
Destination address or name: 192.168.1.3
Group address or name: 224.237.248.237
Multicast request TTL [64]:
Response address for mtrace:
Type escape sequence to abort.
Mtrace from 192.168.2.1 to 192.168.1.3 via group 224.237.248.237 in VRF green
From source (?) to destination (?)
Waiting to accumulate statistics....* * *
Timeout on first trace.
sw3#mstat
VRF name: green
Source address or name: 192.168.1.1
Destination address or name: 192.168.1.3
Group address or name: 224.237.248.237
Multicast request TTL [64]:
Response address for mtrace:
Type escape sequence to abort.
Mtrace from 192.168.1.1 to 192.168.1.3 via group 224.237.248.237 in VRF green
From source (?) to destination (?)
Waiting to accumulate statistics......
Results after 10 seconds:
Source Response Dest Packet Statistics For Only For Traffic
192.168.1.1 192.168.1.1 All Multicast Traffic From 192.168.1.1
| __/ rtt 0 ms Lost/Sent = Pct Rate To 224.237.248.237
v / hop 0 ms --------------------- --------------------
192.168.1.1 ?
| \__ ttl 0
v \ hop 0 ms 0 0 pps 0 0 pps
192.168.1.3 192.168.1.1
Receiver Query Source
I hope I have shown all necessary configs, outputs and schemes to make the picture clear. Other outputs I can show on demand. Thanks in advance.Hi Evgeny
Unfortunately the multicast VPN feature is not supported on the 3750 ME platform even though the commands are present . This is also mentioned in Cisco Feature Navigator. There are no plans to implement this on this platform.
Thanks
Mayuresh
Maybe you are looking for
-
Passing Objects: ServletContext versus JNDI
I am currently developing a Web application that uses a variation of the (often recommended) model-view-controller architecture. Specifically, I have a single Front Controller Servlet that identifies what the request is for, and then delegates proces
-
My spot healing brush stopped working
My spot healing brush stopped working. After releasing the mouse, it blinks and remains black. If I do another spot, the first spot is fixed and the second one is black. And so on. This began after updating to 12.0.4 x64 (Mac 10.7.3)*
-
What's the best plugin for wide-angle / perspective correction
Hi guys, I do a lot of location photography with a wide angle lens. When shooting upwards it sends the top of the building into the distance. My workflow has been to export to Photoshop for these and use the 'Transform' tools to add a little correcti
-
Transactional replication with 1 publisher 2 subscribers in SQL 2012 SE
I have a setup of transaction replication between one publisher and subscriber in the Same server.Now, I need to add a new subscriber to the existing publisher. So publisher database name is DB_A and Subscriber 1 name is DB_B. So the new subscriber w
-
Hello Can I read an INI file using methods which would automatically search for a topic, an item and retrieve its value? If it is possible, please tell me which class and methods to use. Thanks for ur help.