|
|
This chapter describes MPLS and VPN features used with the RPM in the MGX 8850 switch and covers the following topics:
Refer to the List of Terms and Acronyms at the end of this chapter for acronym definitions.
This section describes Multiprotocol Label Switching (MPLS) and the role of the Route Processor Module (RPM) as an Edge Label Switch Router within the MGX 8850 switch. It also includes a description of how the RPM, as an Edge Label Switch Router (LSR), acts as an MPLS "feeder" to the BPX 8650 switch.
The labels used to forward packets are negotiated using Tag Distribution Protocol (TDP). In this context, the RPM functions as an Edge LSR to receive and label IP packets.
Using either Permanent Virtual Circuits (PVCs) or Permanent Virtual Path connections (PVPs), labeled packets are forwarded to other RPM Edge LSRs. The MPLS Virtual Private Network (VPN) feature is provided by the software in the RPM. An MPLS example for the MGX 8850 is illustrated in Figure 6-1.
On the MGX 8850 platform, MPLS provides an IP solution without the cost of Layer 2 management. As contrasted to IP over ATM, MPLS reduces the customer's network management and operational costs. Additionally, MPLS provides the same level of privacy as Frame Relay or ATM.
MPLS is supported by switch software 1.2 or higher and IOS 12.0(5)T or higher. For a description of how the RPM acts as an Edge LSR to support MPLS feeder functionality, refer to the section, "System Block Diagram," in this chapter.
The RPM supports the following features:
The following limitations apply:
The RPM supports the following for MPLS:
The RPM acts as an Edge LSR, with user data entering an FRSM card, flowing on a PVC to an RPM and then on to a PVP connection or PVC (see Figure 6-2) and on to the next hop in the data path. In this example, the FRSM associates the data with a PVC. The other end of the PVC terminates at the RPM switch port.
The RPM receives the packets and optionally provides Layer 3 services. Then, based on the Layer 3 destination address, the RPM forwards the packet to a PVP or PVC.
In the case where a PVP is used, the Edge LSR uses the VCI field in the ATM cell header for the MPLS label. The VPI value is specified statically when the PVP is provisioned.
In the case where a PVC is used, the Edge LSR labels the packet then segments it into ATM cells. The VPI/VCI values are specified statically when the PVC is provisioned. Therefore, the label exists only in the payload of the ATM cell.
In the MGX 8850 Feeder Model example shown in Figure 6-3, the LSC creates cross-connects in an ATM switch so that labelled packets can be forwarded through the switch. The BPX 8650 switch and the RPM Edge LSR use TDP to identify labels. Because the connection between the BPX 8650 switch and the Edge LSR is a PVP, the VPI is static, and the VCI is the negotiated label. The LSC establishes cross-connects in the BPX 8650 switch so connections in the PVP are broken out and individually switched. In this manner, the RPM Edge LSR acts as an MPLS feeder to the BPX 8650 switch. Such label forwarding is not possible when a PVC is used, because the label does not exist in the ATM cell header.
Virtual Private Networks (VPNs) provide the appearance, functionality, and usefulness of a dedicated private network. The VPN feature for MPLS allows a Cisco IOS network to deploy scalable IPv4 Layer 3 VPN backbone service with private addressing, controlled access, and service-level guarantees between sites.
VPNs are networks over which labeled packets are forwarded from RPM Edge LSRs to other RPM Edge LSRs within the VPN. VPNs create a private network environment within the public infrastructure. A service providers can use VPNs to target a given clientele and deliver individualized private network services to that clientele in a secure IP environment by using the public infrastructure.
The requirements for an effective VPN are:
Beyond the functionality of an IP VPN, the VPN features for MPLS allow a Cisco IOS network to deploy the following scalable IPv4 Layer 3 VPN backbone services:
Connectionless Service---MPLS VPNs are connectionless. Not only are MPLS VPNs connectionless, they are significantly less complex because they do not require tunnels or encryption to ensure network privacy.
Centralized Service---VPNs in layer 3 privately connect users to intranet services and allow flexible delivery of individualized services to the user group represented by a VPN. VPNs deliver IP services like multicast, QoS, and telephony support within a VPN, and centralized services like content and web hosting. Combinations of services can be customized for individual customers.
Scalability---MPLS based VPNs use layer 3 connectionless architecture and are highly scalable.
Security---MPLS VPNs provide the same security level as connection-based VPNs. Packets from one VPN cannot inadvertently go to another VPN. At the edge of a provider network incoming packets go to the correct VPN. At the backbone, VPN traffic remains separate.
Easy to Create---Because MPLS VPNs are connectionless, it is easy to add sites to intranets and extranets and to form closed user groups. Membership of any given site in multiple VPNs is possible.
Flexible Addressing---MPLS VPNs provide a public and private view of addresses, enabling customers to use their own unregistered private addresses. Customers can freely communicate across a public IP network without network address translation (NAT).
Straightforward Migration---MPLS VPNs can be built over multiple network architectures, including IP, ATM, Frame Relay, and hybrid networks. There is no requirement to support MPLS on the customer edge (CE) router and no modifications are required to a customer's intranet.
The Cisco 7200 series, 7500 series, 4500 series, 3600 series, MGX 8850 node with RPM and 12000 series all support VPNs. Any tag-supported platform can serve in the backbone. This includes the Cisco 12000 series, LightStream 1010 ATM Switch and the BPX 8650 switch (TSC/BPX).
Each VPN is associated with one or more VPN routing/forwarding instances (VRFs), which defines a VPN at a customer site attached to a PE router. A VRF table consists of the following:
A customer site can be a member of multiple VPNs. However, a site can be associated with only one VRF. A customer site's VRF contains all routes available to the site from the associated VPNs.
The IP routing table and CEF table for each VRF store packet forwarding information. (Together, these tables are analogous to the forwarding information base [FIB] used in MPLS.) A logically separate set of routing and CEF tables is constructed for each VRF. These tables prevent packets from being forwarded outside a VPN and prevent packets outside a VPN from being forwarded to a router within the VPN.
The distribution of VPN routing information is controlled through the use of VPN route-target communities, implemented by Border Gateway Protocol (BGP) extended communities. Distribution works as follows:
A PER learns an IP prefix from a CE router through static configuration, a BGP session, or RIP. The PER then generates a VPN-IPv4 (vpnv4) prefix by linking an 8-byte route distinguisher to the IP prefix. The VPN-IPv4 address uniquely identifies hosts within each VPN site, even if the site uses globally non-unique (unregistered private) IP addresses. The route distinguisher used to create the VPN-IPv4 prefix is specified by a configuration command on the PER.
BGP uses VPN-IPv4 addresses to distribute network reachability information for each VPN within a service provider network. In building and maintaining routing tables, BGP sends routing messages within (interior BGP or iBGP) or between IP domains (exterior BGP or eBGP).
BGP propagates vpnv4 information using BGP multiprotocol extensions for handling extended addresses. Refer to RFC 2283, Multiprotocol Extensions for BGP-4. BGP propagates reachability information (expressed as VPN-IPv4 addresses) among PE routers; reachability information for a given VPN is propagated only to members of that VPN. BGP multiprotocol extensions identify valid recipients of VPN routing information.
Based on the routing information stored in each VRF's IP routing and CEF tables, Cisco MPLS uses extended VPN-IPv4 addresses to forward packets to their destinations.
To achieve this, an MPLS label is associated with each customer route. The PE router assigns the route originator's label and directs data packets to the correct CE router. Tag forwarding across the provider backbone is based on dynamic IP paths or Traffic Engineered paths.
A customer data packet has two levels of labels attached when it is forwarded across the backbone:
1. The top label directs the packet to the correct PE router.
2. The second label indicates how that PE router should forward the packet.
The PE router associates each CE router with a forwarding table that contains only the set of routes that are available to that CE router.
A VPN contains customer devices attached to CE routers. These customer devices use the VPN to exchange data. Only the PE routers are aware of the VPN.
An example of a VPN with a service provider (P) backbone network, service provider edge routers (PE), and customer edge routers (CE) is shown in Figure 6-4.
Three VPNs communicating with five customer sites are shown in Figure 6-5. Notice that sites 1, 3, and 4 are members of two VPNs.
This section explains how to configure the RPM for VPN operation. It begins by listing the prerequisites for VPN configuration, then continues with the actual configuration steps.
The network must be running the following Cisco IOS services before you can configure VPN operation:
Complete the following tasks before you configure VPN operation:
This section describes how to configure routing protocols and create VPFs for a VPN. The commands used in the tasks are described in more detail in the "VPN Overview" section. You must perform the following four tasks to configure and verify VPNs in your network:
1. Configure VRFs and associate interfaces with VRFs.
2. Configure BGP between provider routers for distribution of VPN routing information.
3. Configure import and export routes to control the distribution of routing information.
4. Verify VPN operation.
To create a VRF, perform the following steps on the provider edge router.
Step 1 Enter VRF configuration mode and specify the VRF to which subsequent commands apply.
config# ip vrf vrf-name
Step 2 Define the instance by assigning a name and an 8-byte route distinguisher.
config-vrf# rd route-distinguisher
Step 3 Associate interfaces with the VRF.
config-if# ip vrf forwarding vrf-name
Step 4 If BGP is used between the PE and a VRF CE, configure BGP parameters for the VRF CE session.
config-router# address-family ipv4 vrf name config-router-af# aggregate-address config-router-af# auto-summary config-router-af# default-information originate config-router-af# default-metric ... config-router-af# distance ... config-router-af# distribute-list ... config-router-af# network ... config-router-af# neighbor ... config-router-af# redistribute ... config-router-af# synchronization config-router-af# table-map...
Step 5 If RIP is used between the PE and VRF CEs, configure RIP parameters (in a VRF address-family submode).
config-router# address-family ipv4 vrf name config-router-af# auto-summary config-router-af# default-information originate config-router-af# default-metric ... config-router-af# distance ... config-router-af# network ... config-router-af# offset-list ... config-router-af# redistribute ...
Step 6 Exit from address family config mode.
config-router-af# exit-address-family
Step 7 Configure static routes for the VRF.
Router(config)#ip route [vrf vrf-name]
To configure router address families, define sessions, and set global variables for routing protocols, perform the following steps in configuration mode on the PE router.
Step 1 Configure BGP address families.
config-router# address-family {ipv4 | vpnv4}[unicast | multicast]
Step 2 Define BGP sessions.
config-router-af# neighbor address | peer-group} remote-as as-number config-router-af# neighbor address | peer-group} update-source interface config-router-af# neighbor peer-group peer-group config-router-af# neighbor address peer-group peer-group
Step 3 Activate a BGP session:
The command no bgp default ipv4-activate prevents automatic advertisement of address family IPv4 for every neighbor. This command is required on a PE that establishes BGP sessions with CE routers. To enable advertisement of IPv4 prefixes for a particular neighbor, enter address-family mode for IPv4 then use the neighbor...activate command for the neighbor.
config-router# no bgp default ipv4-activate
For a particular address family, use neighbor... activate.
config-router-af# [no] neighbor address |peer-group} activate
Step 4 Execute optional BGP global commands that affect all address families.
config-router# bgp always-compare-med config-router# bgp bestpath ... config-router# bgp client-to-client reflection config-router# bgp cluster-id ... config-router# bgp confederation ... config-router# bgp default local-preference ... config-router# bgp deterministic-med ... config-router# bgp fast-external-fallover ... config-router# bgp log-neighbor-changes config-router# bgp redistribute-internal config-router# bgp router-id ... config-router# timers bgp ...
Step 5 Execute BGP configuration commands for address family IPv4.
All BGP configuration commands supported in previous versions of IOS are valid for address family IPv4 unicast. These commands affect either all IPv4 instances or the default IPv4 routing table. For backward compatibility, these commands can be entered in either router config mode or in address family mode for ipv4 unicast. See Step 3 for information on the command no bgp default ipv4-activate.
config-router# bgp ...
Step 6 Execute BGP configuration commands for address family VPNv4.
config-router-af# bgp dampening ... config-router-af# neighbor ... config-router-af# neighbor address | peer-group}activate
Step 7 To configure IBGP to exchange VPNv4 Network Layer Reachability Information (NLRI) (between PE router and route reflector or between PE routers), first define an IBGP BGP session.
config-router# neighbor address remote-as as-number config-router# neighbor address update-source interface
Step 8 Activate the advertisement of VPNv4 NLRIs.
config-router# address-family vpnv4 config-router-af# neighbor address activate
To configure VRF route target extended communities and import route maps, perform the following steps in configuration mode on the PE router.
Step 1 Enter VRF configuration mode and specify a VRF.
config# ip vrf vrf-name
Step 2 Import routing information from the specified extended community.
config-vrf# route-target import community-distinguisher
Step 3 Export routing information to the specified extended community.
config-vrf# route-target export community-distinguisher
Step 4 Associate the specified route map with the VRF being configured.
config-vrf# import map route-map
Perform the following steps to verify VPN configuration:
Step 1 Display the set of defined VRFs and the interfaces associated with each one.
router# show ip vrf
Step 2 Display detailed information about configured VRFs, including the import and export community lists.
router# show ip vrf detail
Step 3 Display the IP routing table for VRF.
router# show ip route vrf vrf-name
Step 4 Display the routing protocol information associated with a VRF.
router# show ip protocols vrf vrf-name
Step 5 Display the CEF forwarding table associated with a VRF.
router# show ip cef vrf vrf-name
Step 6 Display the VRF table associated with an interface. Use either of the following commands:
router# show ip interface interface-number router# show cef interface interface-number
Step 7 Display VPNv4 NLRI information. The keyword all displays the entire database. The keyword rd displays NLRIs that match the specified route distinguisher. The keyword vrf displays NLRIs with the specified VRF. Add the keyword tags after any of the other keywords and arguments to list the tags distributed with the VPNv4 NLRIs.
router # show ip bgp vpnv4 all [tags] router # show ip bgp vpnv4 rd route-distinguisher [tags] router # show ip bgp vpnv4 vrf vrf-name [tags]
Step 8 Display tag forwarding entries that correspond to VRF routes advertised by this router.
router # show tag-switching forwarding vrf vrf-name [prefix mask/length] [detail]
This section describes how to add connections for MPLS edge routing through the command line interface of IOS. With MPLS connections (as well as point-to-point connections), each subinterface can support one user-connection. Furthermore, each subinterface must have an ATM PVC between the RPM and the CellBus. Therefore, for each TER connection over a PVC, you must create
From either a control terminal connected to the RPM or through the MGX 8850 switch, go to the IOS command line interface, then perform the following steps (starting with any task that has not already been done):
The following items must be the same on the RPMs at both ends:
To establish user-connections for MPLS edge routing:
Step 1 All configuration tasks require you to enable configuration mode:
TErpm4> TErpm4>ena Password:
Step 2 Enter the password.
The prompt changes to include a pound sign (#). At this level, you can show aspects of the RPM per the IOS commands and list the configuration commands but not actually execute configuration commands:
TErpm4#
Step 3 Enter configuration mode and include a specification for the configuration source. The source is terminal, memory, or network. The syntax and resulting display are:
TErpm4#config term Enter configuration commands, one per line. End with CNTL/Z. TErpm4(config)#
Step 4 If not already done, activate support for CEF:
TErpm4(config)#ip cef
Step 5 If necessary, configure resource partitioning for the RPM. You can execute rpmrscprtn at any point before adding the user-connection, but its executive level makes resource partitioning more convenient before you enter the subinterface level.
rpmrscprtn <partition_type> <percent_ingressBW> <percent_egressBW> <min_vpi> <max_vpi> <min_vci> <max_vci> <max_lcns>
The parameter partition_type identifies the network controller. Choices are PAR, MPLS, and PNNI.
percent_ingressBW is the percent of available bandwidth for the ingress direction (towards the CellBus).
percent_egressBW is the percent of available bandwidth for the egress direction (away from the CellBus)
min_vpi is the minimum vpi within the range 0-255. (Note that once you set the minimum vpi, it is the lower limit of the range for maximum vpi.)
max_vpi is the maximum vpi within the range 0-255.
min_vci is the minimum vci. The vci range is 0-4047.
max_vci is the maximum vci. The vci range is 0-4047.
max_lcns is the maximum number of LCNs for this controller. The range is 0-4047.
For example:
TErpm4(config)#rpmrscprtn par 100 100 10 10 10 3000 2000
Step 6 If not already done, specify the router protocol for the RPM:
TErpm4(config)#router <protocol> <PID>
where the protocol is any router protocol such as OSPF, EIGRP, RIP, and ISIS, and PID is a process identification number. Typically, OSPF is the protocol. The PID can be any integer in the range 1-65535. Note that a router can communicate with only those routers that have the same protocol unless you execute the optional redistribute command to specify protocol translation (see the IOS command reference for details).
Step 7 Specify a network area by executing the network command.
RPM_name(config)#network <IP address> <mask> <area> <area_number>
where area indicates the area number follows, and area_number is a number you associate with the IP address and mask. The range for area_number is 1-65535. For example:
TErpm4(config-subif)#network 212.212.212.0 0.0.0.255 area 200
For each of the preceding lines, each entity can communicate with any other suitable entity if the network area number is the same. For example, the first example line assigns the network area number 200 to the current node, so this node can communicate with other nodes that have a network area number of 200.
Step 8 Execute the interface command to specify a subinterface on the RPM.
If the subinterface does not already exist, the first-time specification of a subinterface creates the interface. Thereafter, when you provide the number of the subinterface to interface, you enter that interface. The syntax is:
RPM_name(config)#interface switch subinterface_number link
The argument switch indicates an interface between the RPM and the CellBus. The parameter subinterface_number indicates the shelf number (always "1" because the node has one CellBus), (and a subinterface number in the range 1-700. Note the slash and the period in this parameter. Specify point-to-point subinterface. For example:
TErpm4(config)#interface switch 1.200 point-to-point
where interface is the command; switch is an extension indicating the RPM's ATM interface; the CellBus interface number is always 1 because currently only one CellBus slave exists on the RPM; and the subinterface is 200. The range for subinterfaces is 1-700. You must also configure the subinterface to be point-to-point, multipoint, or MPLS. With point-to-point or MPLS, each subinterface has one PVC. With multipoint, a subinterface has one IP address but multiple connections to one or more RPMs.
Step 9 Specify a loopback address.
The path is either an explicit IP address or a virtual, unnumbered loopback path. As the syntax line shows, the loopback path has its own number, so the meaning of unnumbered here is no explicit IP address. The most expedient and flexible choice is the unnumbered loopback. You must be in the subinterface to specify it.
RPM(config-subif)#ip unnumbered loopback <slot/loopback_number>
where slot/loopback_number is the slot number and the loopback number separated by a slash. The loopback number can be any number you want. For example, to specify unnumbered loopback for the RPM in slot 1:
TErpm4(config-subif)#ip unnumbered loopback1/200
Each subinterface must have a connection to the CellBus. The command is atm PVC:
atm pvc vcd vpi aal-encap [[midlow midhigh] [peak average burst] [oam seconds] [inarp minutes] rpm(config-subif)#atm PVC 10 0 10 aal5snap 100000 50000 10000 inarp 10 oam ? <0-600> OAM loopback frequency(seconds)
In this example:
Step 10 Specify an IP address for each subinterface on the RPM.
TErpm4(config-subif)#ip addr 162.32.188.17 255.255.255.0 TErpm4(config-subif)#exit TErpm4(config)#
Step 11 Add a connection between the local and remote RPMs through addcon. The syntax is:
addcon <connection_type> <switch> <switch.subinterface> <local_vci> <rslot> <switch> <remote_vpi> <remote_vci> [master local]
connection_type is either vcc or vpc. For this connection, type vcc.
the keyword switch indicates this device is an RPM and that the virtual switch identification follows.
switch.subinterface identifies the virtual switch interface. The slot identifies the RPM slot. The switch is always 1. The subinterface is a number in the range 0-700.
rslot indicates that the remote slot number follows.
Remote switch number is always 1.
For a VCC, include the remote vpi of 0.
remote_vci is the remote vci and must be the same as the local_vci.
master local identifies the local end of the connection as the master. If the other end is the master, do not enter either master or local for this parameter.
For example:
TErpm4(config-subif)#addcon vcc switch 1/1.200 1012 rslot 10 1 0 1012 master local
Step 12 Add the connection at the other endpoint. Where appropriate, use identical parameters (such as vpi) and unique parameters (such connection mastery).
Step 13 Verify that the connection exists by using the dspcons command on the PXM.
Step 14 Add more connections as needed. Recall that, for each Tag-switched user connection created with addcon, you must first specify a subinterface and add an ATM PVC between the RPM and the CellBus.
The IOS-version of the addcon command adds a local user-connection between the RPM and another endpoint in the MGX 8850 switch. For a three-segment connection in an ATM or Frame Relay network, you must also add a segment between the edges of the cloud. Through the CLI of the BPX 8600-series switch, you would execute the switch-software version of addcon.
A three-segment connection consists of a local connection between an RPM and PXM at each of two MGX 8850 switches and a connection between two endpoints in an ATM or Frame Relay cloud.
The virtual path tunnel (VP tunnel) is a VPC that serves as a pipe across the network.
The type of subinterface for a VP tunnel is tag. With tag connections (as well as point-to-point connections), each subinterface can support one VP tunnel. Furthermore, each subinterface must have an ATM PVC between the RPM and the CellBus of the switch. Therefore, for each TER connection over a PVC, you must create
From either a control terminal connected to the RPM or through the MGX 8850 switch, go to the IOS command line interface, then perform the tasks (starting with any task that has not already been done):
The following items must be the same at each end of a connection:
To create a VP tunnel, take the following steps (some prerequisite steps are included):
Step 1 All configuration tasks require you to enable configuration mode:
TErpm4> TErpm4>ena Password:
Step 2 Enter the password.
The prompt subsequently includes a pound sign (#). At this level, you can show aspects of the RPM per the IOS commands and list configuration commands but not actually execute them
TErpm4#
Step 3 Enter configuration mode and include a specification for the configuration source. The source is terminal, memory, or network. The syntax and resulting display are:
TErpm4#config term Enter configuration commands, one per line. End with CNTL/Z. TErpm4(config)#
Step 4 If not already done, indicate the switch-level support for Cisco Express Forwarding:
TErpm4(config)#ip cef
Step 5 Create the VP-tunnel by executing the tag-switching command. Note that the subinterfaces you subsequently create for this tunnel must be of the MPLS switching type (rather than point-to-point or multipoint). The syntax is
RPM_name(config-subif)#tag-switching atm vp-tunnel <VP-tunnel_number>
where VP-tunnel_number is the vpi for the tunnel. The tunnel vpi must be the same at both ends of the tunnel. For example:
TErpm4(config-subif)#tag-switch ATM VP-tunnel 10
Step 6 If not already done, specify the router protocol for the RPM:
RPM_name (config)#router <protocol> <PID>
where the protocol is any router protocol such as OSPF, EIGRP, RIP, or ISIS, and PID is a process identification number. Typically, OSPF is the protocol. The PID can be any integer you want. Note that a router can communicate with only those routers that have the same protocol unless you execute the optional redistribute command to specify protocol translation (see the IOS command reference for details).
Step 7 Specify a network area by executing the network command.
A network area is a number that a communications entity must have in common with another entity for communication to occur. The entity is defined by an IP address or a subnet mask (or both). The syntax is
RPM_name(config)#network <IP address> <mask> <area> <area_number>
where area indicates that an area number follows, and area_number is a number you associate with the IP address and mask. The range for area_number is 1-65535. For example:
TErpm4(config-subif)#network 12.12.12.2 0.0.0.0 area 200
In this preceding example, the command assigns the network area number 200 to the current node, so this node can communicate with other nodes that have a network area number of 200.
Step 8 Execute the interface command to specify a subinterface on the RPM. If the subinterface does not already exist, the first-time specification of a subinterface creates the interface. Thereafter, when you provide the number of the subinterface to interface, you enter that interface. The syntax is
RPM_name(config)#interface switch shelf.subinterface_number link
The argument switch indicates an interface between the RPM and the CellBus. The parameter shelf.subinterface_number indicates the RPM shelf number (always "1" because the RPM connects to only one CellBus), and a subinterface number in the range 1-700. Note the slash and the period in this parameter. The link is point-to-point, MPLS, or multipoint. Currently, you must specify point-to-point. For example:
TErpm4(config)# interface switch/1.200 MPLS
where interface is the command; switch is an extension indicating an RPM; the CellBus interface number is always 1 because only one CellBus exists on the switch; and the subinterface is 200. The range for subinterfaces is 1-700 You must also configure the subinterface to be point-to-point, multipoint, or MPLS. To create a VP-tunnel, the controller for the subinterface must be MPLS. Note also that, with MPLS or point-to-point, each subinterface has one PVC. With multipoint, a subinterface has one IP address but multiple connections that can terminate on one or more RPMs.
Step 9 Each subinterface must have a connection to the CellBus. The command is atm PVC:
atm PVC vcd vpi aal-encap [[midlow midhigh] [peak average burst] [oam seconds] [inarp minutes] rpm(config-subif)#atm PVC 10 0 10 aal5snap 100000 5000 10000 inarp 10 oam ? <0-600> OAM loopback frequency(seconds) <cr>
In this example:
Step 10 Specify an IP address for each subinterface on the RPM.
TErpm4(config-subif)#ip addr 162.32.188.17 255.255.255.0
Step 11 Exit the current level of configuration:
TErpm4(config-subif)#exit
Step 12 If necessary, cc on figure a resource partition by executing the rpmrscprtn command.
Resource partitions are not a subinterface-level entity. Therefore, exit the subinterface if necessary (as the example in Step 11 shows). The syntax for rpmrscprtn is
rpmrscprtn <partition_type> <percent_ingressBW> <percent_egressBW> <min_vpi> <max_vpi> <min_vci> <max_vci> <max_lcns>
For example:
TErpm4(config)#rpmrscprtn par 100 100 10 10 10 3000 2000
partition_type identifies the network controller. Choices are PAR, MPLS, and PNNI.
percent_ingressBW is the percent of available bandwidth for the ingress direction (towards the CellBus).
percent_egressBW is the percent of available bandwidth for the egress direction (away from the CellBus)
min_vpi is the minimum vpi within the range 0-255. (Note that once you set the minimum vpi, it is the lower limit of the range for maximum vpi.)
max_vpi is the maximum vpi within the range 0-255.
min_vci is the minimum vci. The vci range is 0-4095.
max_vci is the maximum vci. The vci range is 0-4095.
max_lcns is the maximum number of LCNs for this controller. The range is 0-4047.
Step 13 Add a VP tunnel between the local and remote RPMs through addcon. The syntax is
addcon <connection_type> switch <slot/switch.subinterface> <local_vpi> rslot <slot> <switch> <remote_vpi> [master local]
connection_type is either vcc or vpc. For this connection, type vpc.
switch indicates this device is an RPM and that the virtual switch identification follows.
slot/switch.subinterface identifies the virtual switch interface. The switch is always 1.
rslot indicates that the remote slot number follows.
slot is the slot number of the remote RPM.
Remote switch number is always 1.
remote_vpi is the remote vpi and must be the same as the local_vpi.
Step 14 Add the connection at the other endpoint. Where appropriate, use identical parameters such as the vpi or unique parameters such as the connection mastership specification.
Step 15 Verify that the connection exists by using the dspcons command.
Step 16 Continue to add more VP-tunnels as needed.
The IOS-version of the addcon command adds a local user-connection between the RPM and another endpoint in the MGX 8850 switch. For a three-segment connection in an ATM or Frame Relay network, you must also add a middle segment between the edges of the cloud. Through the CLI of the BPX 8600-series switch, you would execute the switch-software version of addcon.
The following are MPLS VPN examples with MGX/RPM. These examples will be included in the online version of the Cisco RPM Installation and Configuration publication.
The following is a one PE and two CE VPN configuration.
sys-2-1#sho run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sys-2-1
!
boot system tftp mpls/12.0/c3620-js-mz.120-5.0.2.T2 3.3.0.1
logging buffered 4096 debugging
no logging console
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
ip cef
cns event-service server
!
!
!
process-max-time 200
!
interface Loopback0
ip address 12.12.12.12 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0/0
ip address 3.3.30.1 255.255.0.0
no ip directed-broadcast
shutdown
!
interface Ethernet0/1
ip address 50.0.0.1 255.0.0.0
no ip directed-broadcast
!
interface Ethernet0/2
no ip address
no ip directed-broadcast
shutdown
!
interface Ethernet0/3
ip address 52.0.0.1 255.0.0.0
no ip directed-broadcast
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
no fair-queue
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
router ospf 100
redistribute bgp 101
passive-interface Ethernet0/1
network 12.0.0.0 0.255.255.255 area 100
network 52.0.0.0 0.255.255.255 area 100
!
router bgp 101
no synchronization
network 12.0.0.0
network 13.0.0.0
network 50.0.0.0
network 51.0.0.0
network 52.0.0.0
neighbor 50.0.0.2 remote-as 100
!
ip default-gateway 3.3.0.1
no ip classless
no ip http server
!
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
!
end
sys-2-1#
sys-2-1#
sys-2-4#sho run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sys-2-4
!
boot system tftp mpls/12.0/c3640-js-mz.120-5.0.2.T2 3.3.0.1
logging buffered 4096 debugging
no logging console
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
ip cef
cns event-service server
!
!
!
process-max-time 200
!
interface Loopback0
ip address 14.14.14.14 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0/0
ip address 3.3.30.4 255.255.0.0
no ip directed-broadcast
shutdown
!
interface Ethernet0/1
ip address 53.0.0.2 255.0.0.0
no ip directed-broadcast
!
interface Ethernet0/2
no ip address
no ip directed-broadcast
shutdown
!
interface Ethernet0/3
no ip address
no ip directed-broadcast
shutdown
!
router ospf 100
redistribute bgp 102
passive-interface Ethernet0/1
network 14.0.0.0 0.255.255.255 area 100
!
router bgp 102
no synchronization
network 14.0.0.0
network 53.0.0.0
neighbor 53.0.0.1 remote-as 100
!
ip default-gateway 3.3.0.1
no ip classless
no ip http server
!
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
!
end
sys-2-4#
sys-2-4#
sys-2-2#sho run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sys-2-2
!
boot system tftp mpls/12.0/c3640-js-mz.120-5.0.2.T2 3.3.0.1
logging buffered 4096 debugging
no logging console
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
ip cef
cns event-service server
!
!
!
process-max-time 200
!
interface Loopback0
ip address 13.13.13.13 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0/0
ip address 3.3.30.2 255.255.0.0
no ip directed-broadcast
shutdown
!
interface Ethernet0/1
ip address 51.0.0.2 255.0.0.0
no ip directed-broadcast
!
interface Ethernet0/2
ip address 52.0.0.2 255.0.0.0
no ip directed-broadcast
!
interface Ethernet0/3
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
no fair-queue
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
router ospf 100
redistribute bgp 101
passive-interface Ethernet0/1
network 13.0.0.0 0.255.255.255 area 100
network 52.0.0.0 0.255.255.255 area 100
!
router bgp 101
no synchronization
network 12.0.0.0
network 13.0.0.0
network 50.0.0.0
network 51.0.0.0
network 52.0.0.0
neighbor 51.0.0.1 remote-as 100
!
ip default-gateway 3.3.0.1
no ip classless
no ip http server
!
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
!
end
sys-2-2#
sys-2-2#
rpm-18-110#sho run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rpm-18-110
!
boot system tftp mpls/12.0/rpm-js-mz.120-5.T.bin 3.3.0.1
no logging console
!
!
!
!
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
!
ip vrf vpn1
rd 100:1
route-target export 100:1
route-target import 100:1
ip cef
cns event-service server
!
!
process-max-time 200
!
interface Loopback0
ip address 11.11.11.11 255.255.255.255
no ip directed-broadcast
!
interface Loopback1
no ip address
no ip directed-broadcast
!
interface Ethernet1/1
ip address 3.3.18.110 255.255.0.0
no ip directed-broadcast
no ip mroute-cache
no keepalive
!
interface Ethernet1/2
ip vrf forwarding vpn1
ip address 50.0.0.2 255.0.0.0
no ip directed-broadcast
no ip mroute-cache
no keepalive
tag-switching ip
!
interface Ethernet1/3
bandwidth 100
ip vrf forwarding vpn1
ip address 51.0.0.1 255.0.0.0
no ip directed-broadcast
no ip mroute-cache
tag-switching ip
no fair-queue
!
interface Ethernet1/4
no ip address
no ip directed-broadcast
no ip mroute-cache
no keepalive
!
interface FastEthernet2/1
no ip address
no ip directed-broadcast
no ip mroute-cache
!
interface Switch1
no ip address
no ip directed-broadcast
no atm ilmi-keepalive
!
interface Switch1.1 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 50 50 0 aal5snap
tag-switching atm vp-tunnel 50
tag-switching ip
!
interface Switch1.2 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 30 30 0 aal5snap
tag-switching atm vp-tunnel 30
tag-switching ip
!
interface Switch1.3 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 60 60 0 aal5snap
tag-switching atm vp-tunnel 60
tag-switching ip
!
router ospf 100
passive-interface Ethernet1/2
passive-interface Ethernet1/3
network 11.0.0.0 0.255.255.255 area 100
!
router bgp 100
no synchronization
no bgp default ipv4-unicast
neighbor 10.10.10.10 remote-as 100
neighbor 10.10.10.10 update-source Loopback0
!
address-family ipv4 vrf vpn1
neighbor 50.0.0.1 remote-as 101
neighbor 50.0.0.1 activate
neighbor 51.0.0.2 remote-as 101
neighbor 51.0.0.2 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 10.10.10.10 activate
neighbor 10.10.10.10 send-community extended
exit-address-family
!
ip default-gateway 3.3.0.1
no ip classless
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
x25 host shorun
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
exception core-file mpls/mgx/dumps/rpm-18-110.core
rpmrscprtn PAR 100 100 0 255 0 3840 4047
addcon vpc switch 1.2 30 rslot 0 3 30 master local
addcon vpc switch 1.1 50 rslot 14 1 50
addcon vpc switch 1.3 60 rslot 0 4 60 master local
end
rpm-18-110#
rpm-18-110#
rpm-18-110#
rpm-18-114#sho run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rpm-18-114
!
boot system tftp mpls/12.0/rpm-js-mz.120-5.T.bin 3.3.0.1
no logging console
!
!
!
!
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
!
ip vrf vpn1
rd 100:1
route-target export 100:1
route-target import 100:1
ip cef
cns event-service server
!
!
process-max-time 200
!
interface Loopback0
ip address 10.10.10.10 255.255.255.255
no ip directed-broadcast
!
interface Loopback1
no ip address
no ip directed-broadcast
!
interface Ethernet1/1
ip address 3.3.18.114 255.255.0.0
no ip directed-broadcast
no ip mroute-cache
no keepalive
!
interface Ethernet1/2
bandwidth 100
ip vrf forwarding vpn1
ip address 53.0.0.1 255.0.0.0
no ip directed-broadcast
no ip mroute-cache
tag-switching ip
no fair-queue
!
interface Ethernet1/3
no ip address
no ip directed-broadcast
no ip mroute-cache
!
interface Ethernet1/4
bandwidth 100
no ip address
no ip directed-broadcast
no ip mroute-cache
no fair-queue
!
interface Switch1
no ip address
no ip directed-broadcast
no atm ilmi-keepalive
!
interface Switch1.1 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 50 50 0 aal5snap
tag-switching atm vp-tunnel 50
tag-switching ip
!
interface Switch1.2 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 40 40 0 aal5snap
tag-switching atm vp-tunnel 40
tag-switching ip
!
interface Switch1.3 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 20 20 0 aal5snap
tag-switching atm vp-tunnel 20
tag-switching ip
!
router ospf 100
passive-interface Ethernet1/2
network 10.0.0.0 0.255.255.255 area 100
!
router bgp 100
no synchronization
no bgp default ipv4-unicast
neighbor 11.11.11.11 remote-as 100
neighbor 11.11.11.11 update-source Loopback0
!
address-family ipv4 vrf vpn1
neighbor 53.0.0.2 remote-as 102
neighbor 53.0.0.2 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 11.11.11.11 activate
neighbor 11.11.11.11 send-community extended
exit-address-family
!
ip default-gateway 3.3.0.1
no ip classless
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
exception core-file mpls/mgx/dumps/rpm-18-114.core
rpmrscprtn PAR 100 100 0 255 0 3840 4047
addcon vpc switch 1.3 20 rslot 0 2 20 master local
addcon vpc switch 1.2 40 rslot 0 1 40
addcon vpc switch 1.1 50 rslot 10 1 50 master local
end
rpm-18-114#
sys-2-1#sho run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sys-2-1
!
boot system tftp mpls/12.0/c3620-js-mz.120-5.0.2.T2 3.3.0.1
logging buffered 4096 debugging
no logging console
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
ip cef
cns event-service server
!
!
!
process-max-time 200
!
interface Loopback0
ip address 12.12.12.12 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0/0
ip address 3.3.30.1 255.255.0.0
no ip directed-broadcast
shutdown
!
interface Ethernet0/1
ip address 50.0.0.1 255.0.0.0
no ip directed-broadcast
!
interface Ethernet0/2
no ip address
no ip directed-broadcast
shutdown
!
interface Ethernet0/3
ip address 52.0.0.1 255.0.0.0
no ip directed-broadcast
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
no fair-queue
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
router rip
version 2
network 12.0.0.0
network 50.0.0.0
network 52.0.0.0
no auto-summary
!
ip default-gateway 3.3.0.1
no ip classless
no ip http server
!
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
!
end
sys-2-1#
sys-2-1#
sys-2-4#sho run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sys-2-4
!
boot system tftp mpls/12.0/c3640-js-mz.120-5.0.2.T2 3.3.0.1
logging buffered 4096 debugging
no logging console
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
ip cef
cns event-service server
!
!
!
process-max-time 200
!
interface Loopback0
ip address 14.14.14.14 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0/0
ip address 3.3.30.4 255.255.0.0
no ip directed-broadcast
shutdown
!
interface Ethernet0/1
ip address 53.0.0.2 255.0.0.0
no ip directed-broadcast
!
interface Ethernet0/2
no ip address
no ip directed-broadcast
shutdown
!
interface Ethernet0/3
no ip address
no ip directed-broadcast
shutdown
!
router rip
version 2
network 14.0.0.0
network 53.0.0.0
no auto-summary
!
ip default-gateway 3.3.0.1
no ip classless
no ip http server
!
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
!
end
sys-2-4#
sys-2-4#
sys-2-4#
sys-2-2#sho run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sys-2-2
!
boot system tftp mpls/12.0/c3640-js-mz.120-5.0.2.T2 3.3.0.1
logging buffered 4096 debugging
no logging console
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
ip cef
cns event-service server
!
!
!
process-max-time 200
!
interface Loopback0
ip address 13.13.13.13 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0/0
ip address 3.3.30.2 255.255.0.0
no ip directed-broadcast
shutdown
!
interface Ethernet0/1
ip address 51.0.0.2 255.0.0.0
no ip directed-broadcast
!
interface Ethernet0/2
ip address 52.0.0.2 255.0.0.0
no ip directed-broadcast
!
interface Ethernet0/3
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
no fair-queue
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
router rip
version 2
network 13.0.0.0
network 51.0.0.0
network 52.0.0.0
no auto-summary
!
ip default-gateway 3.3.0.1
no ip classless
no ip http server
!
!
x25 host shorun
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
!
end
sys-2-2#
sys-2-2#
rpm-18-110#sho run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rpm-18-110
!
boot system tftp mpls/12.0/rpm-js-mz.120-5.T.bin 3.3.0.1
no logging console
!
!
!
!
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
!
ip vrf vpn1
rd 100:1
route-target export 100:1
route-target import 100:1
ip cef
cns event-service server
!
!
process-max-time 200
!
interface Loopback0
ip address 11.11.11.11 255.255.255.255
no ip directed-broadcast
!
interface Loopback1
no ip address
no ip directed-broadcast
!
interface Ethernet1/1
ip address 3.3.18.110 255.255.0.0
no ip directed-broadcast
no ip mroute-cache
no keepalive
!
interface Ethernet1/2
ip vrf forwarding vpn1
ip address 50.0.0.2 255.0.0.0
no ip directed-broadcast
no ip mroute-cache
no keepalive
tag-switching ip
!
interface Ethernet1/3
bandwidth 100
ip vrf forwarding vpn1
ip address 51.0.0.1 255.0.0.0
no ip directed-broadcast
no ip mroute-cache
tag-switching ip
no fair-queue
!
interface Ethernet1/4
no ip address
no ip directed-broadcast
no ip mroute-cache
no keepalive
!
interface FastEthernet2/1
no ip address
no ip directed-broadcast
no ip mroute-cache
!
interface Switch1
no ip address
no ip directed-broadcast
no atm ilmi-keepalive
!
interface Switch1.1 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 50 50 0 aal5snap
tag-switching atm vp-tunnel 50
tag-switching ip
!
interface Switch1.2 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 30 30 0 aal5snap
tag-switching atm vp-tunnel 30
tag-switching ip
!
interface Switch1.3 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 60 60 0 aal5snap
tag-switching atm vp-tunnel 60
tag-switching ip
!
router ospf 100
passive-interface Ethernet1/2
passive-interface Ethernet1/3
network 11.0.0.0 0.255.255.255 area 100
network 50.0.0.0 0.255.255.255 area 100
network 51.0.0.0 0.255.255.255 area 100
!
router rip
version 2
!
address-family ipv4 vrf vpn1
version 2
redistribute bgp 100 metric 2
network 50.0.0.0
network 51.0.0.0
no auto-summary
exit-address-family
!
router bgp 100
no synchronization
no bgp default ipv4-unicast
neighbor 10.10.10.10 remote-as 100
neighbor 10.10.10.10 update-source Loopback0
!
address-family ipv4 vrf vpn1
redistribute rip
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 10.10.10.10 activate
neighbor 10.10.10.10 send-community extended
exit-address-family
!
ip default-gateway 3.3.0.1
no ip classless
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
exception core-file mpls/mgx/dumps/rpm-18-110.core
rpmrscprtn PAR 100 100 0 255 0 3840 4047
addcon vpc switch 1.2 30 rslot 0 3 30 master local
addcon vpc switch 1.1 50 rslot 14 1 50
addcon vpc switch 1.3 60 rslot 0 4 60 master local
end
rpm-18-110#
rpm-18-110#
rpm-18-114#sho run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rpm-18-114
!
boot system tftp mpls/12.0/rpm-js-mz.120-5.T.bin 3.3.0.1
no logging console
!
!
!
!
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
!
ip vrf vpn1
rd 100:1
route-target export 100:1
route-target import 100:1
ip cef
cns event-service server
!
!
process-max-time 200
!
interface Loopback0
ip address 10.10.10.10 255.255.255.255
no ip directed-broadcast
!
interface Loopback1
no ip address
no ip directed-broadcast
!
interface Ethernet1/1
ip address 3.3.18.114 255.255.0.0
no ip directed-broadcast
no ip mroute-cache
no keepalive
!
interface Ethernet1/2
bandwidth 100
ip vrf forwarding vpn1
ip address 53.0.0.1 255.0.0.0
no ip directed-broadcast
no ip mroute-cache
tag-switching ip
no fair-queue
!
interface Ethernet1/3
no ip address
no ip directed-broadcast
no ip mroute-cache
!
interface Ethernet1/4
bandwidth 100
no ip address
no ip directed-broadcast
no ip mroute-cache
no fair-queue
!
interface Switch1
no ip address
no ip directed-broadcast
no atm ilmi-keepalive
!
interface Switch1.1 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 50 50 0 aal5snap
tag-switching atm vp-tunnel 50
tag-switching ip
!
interface Switch1.2 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 40 40 0 aal5snap
tag-switching atm vp-tunnel 40
tag-switching ip
!
interface Switch1.3 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 20 20 0 aal5snap
tag-switching atm vp-tunnel 20
tag-switching ip
!
router ospf 100
passive-interface Ethernet1/2
network 10.0.0.0 0.255.255.255 area 100
network 53.0.0.0 0.255.255.255 area 100
!
router rip
version 2
!
address-family ipv4 vrf vpn1
version 2
redistribute bgp 100 metric 2
network 53.0.0.0
no auto-summary
exit-address-family
!
router bgp 100
no synchronization
no bgp default ipv4-unicast
neighbor 11.11.11.11 remote-as 100
neighbor 11.11.11.11 update-source Loopback0
!
address-family ipv4 vrf vpn1
redistribute rip
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 11.11.11.11 activate
neighbor 11.11.11.11 send-community extended
exit-address-family
!
ip default-gateway 3.3.0.1
no ip classless
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
exception core-file mpls/mgx/dumps/rpm-18-114.core
rpmrscprtn PAR 100 100 0 255 0 3840 4047
addcon vpc switch 1.3 20 rslot 0 2 20 master local
addcon vpc switch 1.2 40 rslot 0 1 40
addcon vpc switch 1.1 50 rslot 10 1 50 master local
end
rpm-18-114#
rpm-18-114#
rpm-18-114#
sys-2-1#sho run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sys-2-1
!
boot system tftp mpls/12.0/c3620-js-mz.120-5.0.2.T2 3.3.0.1
logging buffered 4096 debugging
no logging console
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
ip cef
cns event-service server
!
!
!
process-max-time 200
!
interface Loopback0
ip address 12.12.12.12 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0/0
ip address 3.3.30.1 255.255.0.0
no ip directed-broadcast
shutdown
!
interface Ethernet0/1
ip address 50.0.0.1 255.0.0.0
no ip directed-broadcast
!
interface Ethernet0/2
no ip address
no ip directed-broadcast
shutdown
!
interface Ethernet0/3
ip address 52.0.0.1 255.0.0.0
no ip directed-broadcast
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
no fair-queue
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
router ospf 100
passive-interface Ethernet0/1
network 12.0.0.0 0.255.255.255 area 100
network 50.0.0.0 0.255.255.255 area 100
network 52.0.0.0 0.255.255.255 area 100
!
ip default-gateway 3.3.0.1
no ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 50.0.0.2
no ip http server
!
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
!
end
sys-2-1#
sys-2-1#
sys-2-4#sho run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sys-2-4
!
boot system tftp mpls/12.0/c3640-js-mz.120-5.0.2.T2 3.3.0.1
logging buffered 4096 debugging
no logging console
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
ip cef
cns event-service server
!
!
!
process-max-time 200
!
interface Loopback0
ip address 14.14.14.14 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0/0
ip address 3.3.30.4 255.255.0.0
no ip directed-broadcast
shutdown
!
interface Ethernet0/1
ip address 53.0.0.2 255.0.0.0
no ip directed-broadcast
!
interface Ethernet0/2
no ip address
no ip directed-broadcast
shutdown
!
interface Ethernet0/3
no ip address
no ip directed-broadcast
shutdown
!
router ospf 100
passive-interface Ethernet0/1
network 14.0.0.0 0.255.255.255 area 100
network 53.0.0.0 0.255.255.255 area 100
!
ip default-gateway 3.3.0.1
no ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 53.0.0.1
no ip http server
!
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
!
end
sys-2-4#
sys-2-2#sho run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sys-2-2
!
boot system tftp mpls/12.0/c3640-js-mz.120-5.0.2.T2 3.3.0.1
logging buffered 4096 debugging
no logging console
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
ip cef
cns event-service server
!
!
!
process-max-time 200
!
interface Loopback0
ip address 13.13.13.13 255.255.255.255
no ip directed-broadcast
!
interface Ethernet0/0
ip address 3.3.30.2 255.255.0.0
no ip directed-broadcast
shutdown
!
interface Ethernet0/1
ip address 51.0.0.2 255.0.0.0
no ip directed-broadcast
!
interface Ethernet0/2
ip address 52.0.0.2 255.0.0.0
no ip directed-broadcast
!
interface Ethernet0/3
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
no fair-queue
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
!
router ospf 100
passive-interface Ethernet0/1
network 13.0.0.0 0.255.255.255 area 100
network 51.0.0.0 0.255.255.255 area 100
network 52.0.0.0 0.255.255.255 area 100
!
ip default-gateway 3.3.0.1
no ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 51.0.0.1
no ip http server
!
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
!
end
sys-2-2#
sys-2-2#
sys-2-2#
rpm-18-110#sho run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rpm-18-110
!
boot system tftp mpls/12.0/rpm-js-mz.120-5.T.bin 3.3.0.1
no logging console
!
!
!
!
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
!
ip vrf vpn1
rd 100:1
route-target export 100:1
route-target import 100:1
ip cef
cns event-service server
!
!
process-max-time 200
!
interface Loopback0
ip address 11.11.11.11 255.255.255.255
no ip directed-broadcast
!
interface Loopback1
no ip address
no ip directed-broadcast
!
interface Ethernet1/1
ip address 3.3.18.110 255.255.0.0
no ip directed-broadcast
no ip mroute-cache
no keepalive
!
interface Ethernet1/2
ip vrf forwarding vpn1
ip address 50.0.0.2 255.0.0.0
no ip directed-broadcast
no ip mroute-cache
no keepalive
tag-switching ip
!
interface Ethernet1/3
bandwidth 100
ip vrf forwarding vpn1
ip address 51.0.0.1 255.0.0.0
no ip directed-broadcast
no ip mroute-cache
shutdown
tag-switching ip
no fair-queue
!
interface Ethernet1/4
no ip address
no ip directed-broadcast
no ip mroute-cache
no keepalive
!
interface FastEthernet2/1
no ip address
no ip directed-broadcast
no ip mroute-cache
!
interface Switch1
no ip address
no ip directed-broadcast
no atm ilmi-keepalive
!
interface Switch1.1 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 50 50 0 aal5snap
tag-switching atm vp-tunnel 50
tag-switching ip
!
interface Switch1.2 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 30 30 0 aal5snap
tag-switching atm vp-tunnel 30
tag-switching ip
!
interface Switch1.3 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 60 60 0 aal5snap
tag-switching atm vp-tunnel 60
tag-switching ip
!
router ospf 100
passive-interface Ethernet1/2
passive-interface Ethernet1/3
network 11.0.0.0 0.255.255.255 area 100
network 50.0.0.0 0.255.255.255 area 100
network 51.0.0.0 0.255.255.255 area 100
!
router bgp 100
no synchronization
no bgp default ipv4-unicast
neighbor 10.10.10.10 remote-as 100
neighbor 10.10.10.10 update-source Loopback0
!
address-family ipv4 vrf vpn1
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 10.10.10.10 activate
neighbor 10.10.10.10 send-community extended
exit-address-family
!
ip default-gateway 3.3.0.1
no ip classless
ip route vrf vpn1 12.0.0.0 255.0.0.0 Ethernet1/2 50.0.0.1
ip route vrf vpn1 13.0.0.0 255.0.0.0 Ethernet1/3 51.0.0.2
ip route vrf vpn1 50.0.0.0 255.0.0.0 Ethernet1/2 50.0.0.1
ip route vrf vpn1 51.0.0.0 255.0.0.0 Ethernet1/3 51.0.0.2
ip route vrf vpn1 52.0.0.0 255.0.0.0 Ethernet1/2 50.0.0.1
ip route vrf vpn1 52.0.0.0 255.0.0.0 Ethernet1/3 51.0.0.2
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
exception core-file mpls/mgx/dumps/rpm-18-110.core
rpmrscprtn PAR 100 100 0 255 0 3840 4047
addcon vpc switch 1.2 30 rslot 0 3 30 master local
addcon vpc switch 1.1 50 rslot 14 1 50
addcon vpc switch 1.3 60 rslot 0 4 60 master local
end
rpm-18-110#
rpm-18-110#
rpm-18-110#
rpm-18-114#sho run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rpm-18-114
!
boot system tftp mpls/12.0/rpm-js-mz.120-5.T.bin 3.3.0.1
no logging console
!
!
!
!
!
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip domain-lookup
ip host ios-lab-fw 3.3.0.1
!
!
ip vrf vpn1
rd 100:1
route-target export 100:1
route-target import 100:1
ip cef
cns event-service server
!
!
process-max-time 200
!
interface Loopback0
ip address 10.10.10.10 255.255.255.255
no ip directed-broadcast
!
interface Loopback1
no ip address
no ip directed-broadcast
!
interface Ethernet1/1
ip address 3.3.18.114 255.255.0.0
no ip directed-broadcast
no ip mroute-cache
no keepalive
!
interface Ethernet1/2
bandwidth 100
ip vrf forwarding vpn1
ip address 53.0.0.1 255.0.0.0
no ip directed-broadcast
no ip mroute-cache
tag-switching ip
no fair-queue
!
interface Ethernet1/3
no ip address
no ip directed-broadcast
no ip mroute-cache
!
interface Ethernet1/4
bandwidth 100
no ip address
no ip directed-broadcast
no ip mroute-cache
no fair-queue
!
interface Switch1
no ip address
no ip directed-broadcast
no atm ilmi-keepalive
!
interface Switch1.1 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 50 50 0 aal5snap
tag-switching atm vp-tunnel 50
tag-switching ip
!
interface Switch1.2 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 40 40 0 aal5snap
tag-switching atm vp-tunnel 40
tag-switching ip
!
interface Switch1.3 tag-switching
ip unnumbered Loopback0
no ip directed-broadcast
atm pvc 20 20 0 aal5snap
tag-switching atm vp-tunnel 20
tag-switching ip
!
router ospf 100
passive-interface Ethernet1/2
network 10.0.0.0 0.255.255.255 area 100
network 53.0.0.0 0.255.255.255 area 100
!
router bgp 100
no synchronization
no bgp default ipv4-unicast
neighbor 11.11.11.11 remote-as 100
neighbor 11.11.11.11 update-source Loopback0
!
address-family ipv4 vrf vpn1
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 11.11.11.11 activate
neighbor 11.11.11.11 send-community extended
exit-address-family
!
ip default-gateway 3.3.0.1
no ip classless
ip route vrf vpn1 14.0.0.0 255.0.0.0 Ethernet1/2 53.0.0.2
ip route vrf vpn1 53.0.0.0 255.0.0.0 Ethernet1/2 53.0.0.2
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password lab
login
!
exception core-file mpls/mgx/dumps/rpm-18-114.core
rpmrscprtn PAR 100 100 0 255 0 3840 4047
addcon vpc switch 1.3 20 rslot 0 2 20 master local
addcon vpc switch 1.2 40 rslot 0 1 40
addcon vpc switch 1.1 50 rslot 10 1 50 master local
end
rpm-18-114#
This command reference presents new commands and the command conventions since release of Cisco IOS Release 12.0. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command references. The defined commands in this section are:
Table 6-1 shows the notations used in this section.
| Notation | Explanation |
boldface font | Commands and keywords are in boldface. |
italic font | Arguments for which you supply values are in italics. In contexts that do not allow italics, arguments are enclosed in angle brackets < >. |
[ ] | Elements in square brackets are optional. |
{ x | y | z } | Required alternative keywords are grouped in braces and separated by vertical bars. |
{ x | y | z ] | Required alternative keywords are grouped in brackets and separated by vertical bars. |
To enter the address family command submode for configuring routing protocols, such as BGP, use the address-family configuration interface command. To disable the command submode, use the no form of this command. This command applies to Cisco IOS Release 12.0(5)T and later.
IPv4 unicast
address-family {ipv4 | vpnv4} [unicast]
VPN-IPv 4 unicast
address-family ipv4 [unicast] [vrf vrf-name]
no address-family {ipv4 [unicast] [vrf vrf-name] | vpnv4 [unicast]}
ipv4 ---Configures sessions that carry standard IPv4 address prefixes.
vpnv4---Configures sessions that carry VPN-IPv4 prefixes. VPN-IPv4 prefixes are customer VPN addresses, each of which has been made unique by adding an 8-byte route distinguisher.
unicast---Specifies a unicast address.
vrf vrf-name---Specifies the name of a VPN routing/forwarding instance (VRF) for using submode commands.
With BGP if you do not execute a no bgp default ipv4-activate command, advertisement of routing information for IPv4 address family is activated automatically for each BGP session when configured using the neighbor...remote-as command.
Command Mode
Configuration Interface
This command was introduced for Release 12.0(5)T.
Usage Guidelines
Using the address-family command puts you in address family configuration submode:
(config-router-af)# )
Within this submode, you can configure address-family specific parameters for routing protocols, such as BGP, that can accommodate multiple Level 3 address families.
To leave address family configuration submode and return to router configuration mode, type
exit-address-family
or simply
exit
The address-family command in the following example applies only to VRF. It puts the router into address family configuration submode for the vpnv4 address family. Within the submode, you can configure advertisement of the NLRI for the vpnv4 address family using neighbor activate and other related commands:
(config)# router bgp 100 (config-router)# address-family vpnv4 (config-router-af)#
The command in the following example puts the router into address family configuration submode for the IPv4 address family. Use this form of the command, which specifies a VRF, only to configure routing exchanges between PE and CE devices. This address-family command causes subsequent commands entered in the submode to be addressed to the VRF called vrf2. Within the submode, you can use neighbor activate and related commands to
Note that the following puts you in address family submode:
(config)# router bgp 100 (config-router)# address-family ipv4 unicast vrf vrf2 (config-router-af)#
For details on the following related commands, refer to the document MPLS Virtual Private Networks.
To remove routes from the VRF routing table, use the clear ip route vrf privileged EXEC command.
clear ip route vrf vrf-name [*] [network][mask]where,
| vrf-name | Name of the VPN routing/forwarding instance (VRF) for the static route. |
* | (Optional) Deletes all routes for a given VRF. |
network | (Optional) Network route to the destination, in dotted-decimal format. |
mask | Optional) Network route to the destination, in dotted-decimal format. |
There is no default value.
This command operates in Priveleged EXEC mode only.
This command was introduced in Release 12.0(5)T.
Use this command to clear routes from the routing table. Use the * (asterisk) to delete all routes from the forwarding table for a specified VRF, or enter the address and mask of a particular network to delete the route to that network.
The following shows how to clear the route to the network 10.13.0.0 in the vpn1 routing table:
Router#clear ip route vrf vpn1 10.13.0.0
To exit from address family submode, use the exit-address-family global configuration
command.
This command has no arguments or keywords.
This command has no default values.
Global configuration
Address-family configuration
This command was introduced in Release 12.0(5)T.
This command can be abbreviated to exit.
The following example shows how to exit the address-family command mode:
Router(config-if)#exit address-family
To establish static routes, use the ip route vrf global configuration command. To disable static routes, use the no form of this command.
ip route vrf vrf-name [profile] prefix mask [next-hop-address] [interface {interface-number}]vrf-name | Name of the VPN routing/forwarding instance (VRF) for the static route. |
profile |
|
prefix | IP route prefix for the destination in dotted-decimal format. |
mask | Prefix mask for the destination in dotted-decimal format. |
next-hop-address | (Optional) IP address of the next hop---the forwarding router that can be used to reach that network. |
interface | (Optional) Type of network interface to use: ATM, Ethernet, loopback, POS (packet over SONET), or null. |
interface-number | Number identifying the network interface to use. |
distance | (Optional) An administrative distance for this route. |
permanent | (Optional) Specifies that this route will not be removed, even if the interface shuts down. |
tag tag | (Optional) Tag value that can be used for controlling redistribution of routes via route maps. This tag has nothing to do with the tags in MPLS. |
None
Global configuration
This command was introduced in Release 12.0(5)T.
Use a static route when the Cisco IOS software cannot dynamically build a route to the destination.
If you specify an administrative distance when you set up a route, you are flagging a static route that can be overridden by dynamic information. For example, IGRP-derived routes have a default administrative distance of 100. To have a static route that would be overridden by an IGRP dynamic route, specify an administrative distance greater than 100. Static routes each have a default administrative distance of 1. The administrative distance is a numeric value that represents the trustworthiness of the routing update. The lower the value, the more trusted the source.
Static routes that point to an interface are advertised through RIP, IGRP, and other dynamic routing protocols, regardless of whether the static commands are specified for those routing protocols. Static routes defined to an interface in the routing table lose their static nature. However, if you define a static route to an interface not defined in a network command, no dynamic routing protocols advertise the route unless a redistribute static command is specified for these protocols.
The following example shows that packets in the VRF destined for network 131.108.0.0 are rerouted to router 131.108.6.6:
Router(config)#ip route vrf vpn3 131.108.0.0 255.255.0.0 131.108.6.6
To associate a VRF with an interface or a subinterface, use the ip vrf forwarding interface configuration command. To disassociate a VRF from an interface or subinterface, use the no form of this command.
ip vrf forwarding vrf-namevrf-name---Name assigned to a VRF.
This command has no default values.
Interface configuration
This command was introduced in Release 12.0(5)T.
Use this command to establish or remove the association between VRF and an interface or subinterface.
The following example shows how to link a VRF to ATM interface 0/0:
Router(config-if)#interface atm0/0 ip vrf forwarding vpn1
To include the addresses of connected devices in the routing/forwarding table of a VRF, use the ip vrf global-connected-addresses global configuration command. To specify addresses of connected devices that should not be included in the routing/forwarding table of a VRF, but in the global table, use the no form of this command.
ip vrf vrf-name global-connected-addressvrf-name---Name assigned to the VRF.
Connected addresses are listed in the VRF tables and the global routing/forwarding table.
Global configuration
This command was first introduced for Release 12.0(5)T.
To specify those addresses not to be included in the global table, but to list them in the VRF routing/forwarding table, use the no form of this command.
The following example shows the no form of this command:
Router(config)#no ip vrf vpn1 global-connected-addresses
To define and configure a route map for a VRF, use the ip vrf global configuration command. To remove a route map for a VRF, use the no form of this command no ip vrf.
ip vrf vrf-name [import map route-map] [rd route-distinguisher] [route-target {extended-community | both extended-community | export extended-community | import extended-community}] no ip vrf vrf-name [import map route-map] [rd route-distinguisher] [route-target {extended-community | both extended-community | export extended-community | import extended-community}]vrf-name | Name assigned to the VRF. |
import map route-map | (Optional) Specifies a route map to filter routes imported into the VRF. |
rd route-distinguisher | (Optional) Creates routing and forwarding tables and specifies the default route-distinguisher for this VPN. The route-distinguisher is prepended to customer IPv4 prefixes to turn them into globally unique VPN-IPv4 prefixes. An RD is either ASN-relative, in which case it is composed of an autonomous system number and an arbitrary number, or it is IP-address-relative, in which case it is composed of an IP address and an arbitrary number. An RD can be entered in either of these formats: 16-bit AS number:your 32-bit number 32-bit IP address:your 16-bit number |
route-target | (Optional) Specifies a target VPN extended community. |
extended-community | Like a route distinguisher, an extended community is composed of either an autonomous system number and an arbitrary number, or an IP address and an arbitrary number. It can be entered in either of these formats: 16-bit AS number:your 32-bit number 32-bit IP address:your 16-bit number |
both | Import routing information from, and export routing information to, the target VPN extended community. |
export | Export routing information to the target VPN extended community. |
import | Import routing information from the target VPN extended community. |
This command has no default values.
Global configuration
This command was introduced in Release 12.0(5)T.
The ip vrf rd command creates a VRF routing table and a CEF (forwarding) table. Both table names have the format vrf-name. Associated with these tables is the default route distinguisher value route-distinguisher.
Use the route-target keyword to specify which VPNv4 prefixes are to be injected into which VRF routing tables. The ip vrf route-target command creates lists of import and export route target extended communities for the specified VRF. Execute the command once for each target community. Learned routes that carry a specific route target extended community are imported into all VRFs configured with that extended community as an import route target. Routes learned from a VRF site (for example, by BGP, RIP or static configuration) will have the export route target extended communities added as route attributes to control the VRFs into which the route is imported.
The ip vrf import-map command associates a route map with the specified VRF. Routes that are eligible for import into a VRF, based on the route target extended community attributes of the route, can be further filtered through the use of a route map. The route map might deny access to selected routes from a community that is on the import list.
The following example imports a route map to a VRF:
Router(config)#ip vrf vpn1 import map vpn1-map
The following example defines a VRF with a route-distinguisher:
Router(config)#ip vrf vpn1 rd 100:1
The following example adds a target community to the VRF import list:
Router(config)#ip vrf vpn1 route-target import 100:3
To enable the exchange of an address with a neighboring router, use the neighbor activate global configuration command. To disable the exchange of an address with a neighboring router, use the no form of this command.
neighbor {ip-address| peer-group-name} activateip-address---IP address of the neighboring router
peer-group-name---Name of BGP peer group
The exchange of addresses with neighbors is enabled by default for the IPv4 address family. You can disable IPv4 address exchange using the general command no default bgp ipv4 activate, or you can disable it for a particular neighbor using the no form of this command.
For all other address families, address exchange is disabled by default. You can explicitly activate the default command using the appropriate address family submode.
Global configuration
Address family configuration
This command was introduced in Release 12.0(5)T.
Use this command to enable or disable the exchange of addresses with a neighboring router.
The following example activates all neighbors in the BGP peer group PEPEER:
Router(config)#address-family vpnv4 neighbor PEPEER activate neighbor 144.0.0.44 activate exit-address-family
To display VPNv4 information from the BGP database, use the show ip bgp vpnv4 privileged EXEC command.
show ip bgp vpnv4 {all | rd route-distinguisher | vrf vrf-name} [ip-prefix/length [longer-prefixes] [output-modifiers]] [network-address [mask] [longer-prefixes] [output-modifiers]] [cidr-only] [community][community-list] [dampened-paths] [filter-list] [flap-statistics] [inconsistent-as] [neighbors] [paths [line]] [peer-group] [quote-regexp] [regexp] [summary] [tags]vpnv4 | Specifies VPN IPv4 information. |
all | Displays the complete VPNv4 database. |
rd route-distinguisher | Displays NLRIs that have a matching route distinguisher. |
vrf vrf-name | Displays NLRIs associated with the named VRF. |
ip-prefix/length | (Optional) IP prefix address (in dotted decimal format) and length of mask (0 to 32). |
longer-prefixes | (Optional) Displays the entry that exactly matches the specified prefix parameter, as well as all entries that match the prefix in a longest-match sense. It displays those prefixes for which the specified prefix is an initial sub-string. |
output-modifiers | (Optional) |
network-address | (Optional) IP address of a network in the BGP routing table. |
mask | (Optional) Mask of the network address, in dotted decimal format. |
cidr-only | (Optional) Displays only routes that have nonnatural net masks. |
community | (Optional) Displays routes matching this community. |
community-list | (Optional) Displays routes matching this community list. |
dampened-paths | (Optional) Displays paths suppressed due to dampening. |
filter-list | (Optional) Displays routes conforming to the filter list. |
flap-statistics | (Optional) Displays flap statistics of routes. |
inconsistent-as | (Optional) Displays only routes that have inconsistent autonomous systems of origin. |
neighbors | (Optional) Displays details on TCP and BGP neighbor connections. |
paths | (Optional) Displays path information. |
line | (Optional) A regular expression to match the BGP AS paths. |
peer-group | (Optional) Displays information on peer groups. |
quote-regexp | (Optional) Displays routes matching the AS path regular expression. |
regexp | (Optional) Displays routes matching the AS path regular expression. |
summary | (Optional) Displays BGP neighbor status. |
tags | (Optional) Displays incoming and outgoing BGP tags for each NLRI. |
This command has no default values.
Privileged EXEC
This command was introduced in Release 12.0(5)T.
Use this command to display VPNv4 information from the BGP database. The command show ip bgp vpnv4 all displays all available VPNv4 information. The command show ip bgp vpnv4 summary displays BGP neighbor status.
The following example displays all available VPNv4 information in a BGP routing table:
Router#show ip bgp vpnv4 all BGP table version is 18, local router ID is 14.14.14.14 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (vrf1) *> 11.0.0.0 50.0.0.1 0 0 101 i *>i12.0.0.0 13.13.13.13 0 100 0 102 i *> 50.0.0.0 50.0.0.1 0 0 101 i *>i51.0.0.0 13.13.13.13 0 100 0 102 i
The following displays a table of tags for NLRIs that have an RD value of 100:1. The In tag column displays the tag (if any) assigned by this router. The Out tag column displays the tag assigned by the BGP next hop router.
Router#show ip bgp vpnv4 rd 100:1 tags
Network Next Hop In tag/Out tag
Route Distinguisher: 100:1 (vrf1)
2.0.0.0 10.20.0.60 34/notag
10.0.0.0 10.20.0.60 35/notag
12.0.0.0 10.20.0.60 26/notag
10.20.0.60 26/notag
13.0.0.0 10.15.0.15 notag/26
The following example shows VPNv4 routing entries for the VRF called vrf1.
show ip bgp vpnv4 vrf vrf1 BGP table version is 18, local router ID is 14.14.14.14 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (vrf1) *> 11.0.0.0 50.0.0.1 0 0 101 i *>i12.0.0.0 13.13.13.13 0 100 0 102 i *> 50.0.0.0 50.0.0.1 0 0 101 i *>i51.0.0.0 13.13.13.13 0 100 0 102 i
To display the CEF forwarding table associated with a VRF, use the show ip cef vrf privileged EXEC command.
show ip cef vrf vrf-name [ip-prefix [mask [longer-prefixes]] [detail] [output-modifiers]] [interface interface-number] [adjacency [interface interface-number] [detail] [discard] [drop] [glean] [null] [punt] [output-modifiers]] [detail [output-modifiers]] [non-recursive [detail] [output-modifiers]] [summary [output-modifiers]] [traffic [prefix-length] [output-modifiers]] [unresolved [detail] [output-modifiers]]vrf-name | Name assigned to the VRF. |
ip-prefix | (Optional) IP prefix of entries to show, in dotted decimal format (A.B.C.D). |
mask | (Optional) Mask of the IP prefix, in dotted decimal format. |
longer-prefixes | (Optional) Displays table entries for all of the more specific routes. |
detail | (Optional) Displays detailed information for each CEF table entry. |
output-modifiers | (Optional) |
interface | (Optional) Type of network interface to use: ATM, Ethernet, Loopback, POS (packet over SONET) or Null. |
interface-number | Number identifying the network interface to use. |
adjacency | (Optional) Displays all prefixes resolving through adjacency. |
discard | Discards adjacency. |
drop | Drops adjacency. |
glean | Gleans adjacency. |
null | Null adjacency. |
punt | Punts adjacency. |
non-recursive | (Optional) Displays only nonrecursive routes. |
summary | (Optional) Displays a CEF table summary. |
traffic | (Optional) Displays traffic statistics. |
prefix-length | (Optional) Displays traffic statistics by prefix size. |
unresolved | (Optional) Displays only unresolved routes. |
This command has no default values.
Privileged EXEC
This command was introduced in Release 12.0(5)T.
Used with the vrf-name argument, the show ip cef vrf command shows a shortened display of the CEF table.
Used with the detail argument, the show ip cef vrf command shows detailed information for all CEF table entries.
This example shows the forwarding table associated with the VRF called vrf1.
Router#show ip cef vrf vrf1 Prefix Next Hop Interface 0.0.0.0/32 receive 11.0.0.0/8 50.0.0.1 Ethernet1/3 12.0.0.0/8 52.0.0.2 POS6/0 50.0.0.0/8 attached Ethernet1/3 50.0.0.0/32 receive 50.0.0.1/32 50.0.0.1 Ethernet1/3 50.0.0.2/32 receive 50.255.255.255/32 receive 51.0.0.0/8 52.0.0.2 POS6/0 224.0.0.0/24 receive 255.255.255.255/32 receive
To display the routing protocol information associated with a VRF, use the show ip protocols vrf privileged EXEC command.
show ip protocols vrf vrf-namevrf-name---Name assigned to a VRF
This command has no default values.
Privileged EXEC
This command was introduced in Release 12.0(5)T.
Use this command to display routing information associated with a VRF.
The following example shows information about a VRF called vpn1:
Router#show ip protocols vrf vrf1 summary Index Process Name 0 connected 1 static
To display the IP routing table associated with a VRF, use show ip route vrf command.
show ip route vrf vrf-name [connected] [protocol [as-number] [tag] [output-modifiers]]vrf-name | Name assigned to the VRF. |
connected | Displays all connected routes in a VRF. |
protocol | To specify a routing protocol, use one of the following keywords: bgp, egp, eigrp, hello, igrp, isis, ospf, or rip. |
as-number | Autonomous system number. |
tag | IOS routing area tag. This tag is not associated with the tags in MPLS. |
output-modifiers | (Optional) |
list number | Specifies the IP access list to display. |
profile | Displays the IP routing table profile. |
static | Displays static routes. |
summary | Displays a summary of routes. |
supernets-only | Displays supernet entries only. |
traffic-engineering | Displays only traffic-engineered routes. |
None
Privileged EXEC
This command was introduced in Release 12.0(5)T.
This command displays specified information from the IP routing table of a VRF.
This example shows the IP routing table associated with the VRF called vrf1:
Router#show ip route vrf vrf1
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
T - traffic engineered route
Gateway of last resort is not set
B 51.0.0.0/8 [200/0] via 13.13.13.13, 00:24:19
C 50.0.0.0/8 is directly connected, Ethernet1/3
B 11.0.0.0/8 [20/0] via 50.0.0.1, 02:10:22
B 12.0.0.0/8 [200/0] via 13.13.13.13, 00:24:20
This example shows BGP entries in the IP routing table associated with the VRF called vrf1:
Router#show ip route vrf vrf1 bgp B 51.0.0.0/8 [200/0] via 13.13.13.13, 03:44:14 B 11.0.0.0/8 [20/0] via 51.0.0.1, 03:44:12 B 12.0.0.0/8 [200/0] via 13.13.13.13, 03:43:14
To display the set of defined VRFs and associated interfaces, use show ip vrf.
show ip vrf [brief] [detail] [vrf-name] [output-modifiers]brief | (Optional) Show concise information on the VRF(s) and associated interfaces. |
detail | (Optional) Show detailed information on the VRF(s) and associated interfaces. |
vrf-name | Name assigned to the VRF. |
output-modifiers | (Optional) |
None
Privileged EXEC
Use brief or no keyword to display concise information.Use detail to display all information.
This example shows brief information for the VRFs currently configured:
Router#show ip vrf Name Default RD Interfaces vrf1 100:1 Ethernet1/3 vrf2 100:2 Ethernet0/3
This example shows detailed information for the VRF called vrf1:
Router#show ip vrf detail vrf1 VRF vrf1; default RD 100:1 Interfaces: Ethernet1/3 Connected addresses are in global routing table Export VPN route-target communities RT:100:1 Import VPN route-target communities RT:100:1
To display tag forwarding information for VRF routes advertised by a router, use show tag-switching forwarding vrf. To disable the display of tag forwarding information, use the no form of this command.
show tag-switching forwarding vrf vrf-name [ip-prefix/length [mask]] [detail]vrf-name | Displays NLRIs associated with the named VRF. |
ip-prefix/length | (Optional) IP prefix address (in dotted decimal format) and length of mask (0 to 32). |
mask | (Optional) Destination network mask, in dotted decimal format. |
detail | (Optional) Show detailed information on the VRF routes. |
output-modifiers | (Optional) |
This command has no default values.
Privileged EXEC
This command was introduced in Release 12.0(5)T.
Use this command to display tag forwarding entries associated with a particular VRF or prefix.
The following example shows tag forwarding entries that correspond to the VRF called vpn1:
Router#show tag-switching forwarding vrf vrf1 detail
To display information related to processing VPN IPv4 NLRIs, use the debug ip bgp vpnv4 privileged EXEC command. To disable the display of VPN debug information, use the no form of this command.
debug ip bgp vpn4
ip |
|
bgp |
|
vpn4 |
|
This command has no default values.
Privileged EXEC
This command was introduced in Release 12.0(5)T.
The following example displays the output from this command:
Router#debug ip bgp vpn4
To display information about one or more interfaces that have MPLS enabled, use the show tag-switching interfaces command.
This command has no default values.
| Release | Modification |
|---|---|
11.1 CT | This command was introduced. |
12.0(5)T | The optional argument internal was added. |
You can show information about the requested interface or about all interfaces with MPLS.
The following example shows the interface is in multi-VC tag-VC mode.
Router# show tag-switching interfaces detail Interface ATM3/0/0.1: IP tagging enabled TSP Tunnel tagging not enabled Tagging operational Tagswitching feature vector MTU = 4470 ATM tagging: Tag VPI = 1, Control VC = 0/32, multi-vc tag-vc mode
Table 6-2 lists the displayed fields.
| Field | Description |
|---|---|
Interface | Interface type and number. |
IP tagging enabled | Status of IP MPLS. |
TSP Tunnel tagging not enabled |
|
Tagging operational |
|
Tagswitching feature vector |
|
MTU | Maximum number of data bytes per tagged packet. |
ATM tagging | The interface uses TC-ATM procedures. |
This section defines MPLS and VPN word , acronyms, and actions that may not be readily understood.
Posted: Mon Oct 18 16:39:06 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.