January | 2010 | CCIE, the beginning!

VRF-Lite as an alternative to VPC

January 29, 2010 1 Comment

Introduction

Whether it is for a certification purpose or not, especially with new topics you have just learnt, a great amount of practice is needed using real equipments or dynamips/GNS3; very often you will need a couple of end hosts for testing.

You can use VPC or individual routers 26xx or 36xx with generally a low IOS version.

In the first case, it is very limited tools (only simple ping and trace), however in the second case entire router resources reserved just for a couple of connectivity check.

An alternative solution is to take profit of virtualization feature offered by Cisco, called VRF-Lite and build separated virtual routing processes inside a single device to serve as virtual end-devices.

Concept:

– Use a router (+ switch model), a layer3 switch or just a simple router, it depends on the number of end-devices you need and the number of interfaces available on your router.

– Each End-device will have its own VRF (its own Routing process and its interfaces).

– The only limit is the available resources of your real device or host workstation (on which you run dynamips/GNS3).

The main devices you can emulate are:

– Single or multi-interface Stub network or router with either static or IGP routing.

– End-host (with just a static default route).

– Separated layer3 switches (with separated VLANs, interfaces and RIB for routing between VLANs)

I recommend you to keep it as simple as possible, after all the purpose is to help build the framework for your labs.

Picture 1: general concept

Advantages

– No need to map special dynamips interfaces to 3rd party software (All within dynamips/GNS3)

– Advanced ping and trace.

– Flexibility: IOS tools & functionality Available per -VRF (ex: EEM)

Important notes

There are a couple of caveats you should be aware of:

Virtual hosts cannot be reachable through the same dynamic routing process, IGP processes are uniquely configured per-VRF: you cannot configure two separate VRFs to communicate through the same routing process

For example if you use OSPF (100) for one VRF, IOS will not allow you to configure ospf (100) for another VRF. But two different IGP processes in different VRFs can communicate with each other if redistribution is performed in the intermediate network.

Configuration template

IP CEF is required, to deploy VRF.

You can use the following templates to quickly build separated end hosts and stub routers for you topology.

End-host template

!# End-host #######

interface FastEthernet<X/X>

description end-host outbound interface

! Turn Layer2 interface into Layer3 routed interface

no switchport

! vrf only locally significant to separate traffic for each VRF instance

ip vrf forwarding <VRF-name>

! set your own IP according to your topology

ip address X.X.X.X.X <mask>

! For an end-host, a default route is enough

ip route vrf <VRF-name> 0.0.0.0 0.0.0.0 192.168.37.101

Stub router template

!# STUB ROUTER #######
! Emulate STUB network behind your stub router.

! You can configure as many loopback interfaces as you need.

interface Loopback<x>

! vrf only locally significant to separate traffic for each VRF instance.

ip vrf forwarding <VRF-name>

ip address X.X.X.X.X <mask>

interface FastEthernet<X/X>

description end-host outbound interface

! Turn Layer2 interface into Layer3 routed interface

no switchport

! vrf only locally significant to separate traffic for each VRF instance

ip vrf forwarding <VRF-name>

! set your own IP according to your topology

ip address X.X.X.X.X <mask>

! using OSPF as IGP

router ospf <unique_pid> vrf <VRF-name>

! Announce your network(s)

network X.X.X.X.X <wildcard> area <x> ! outbound interface

network X.X.X.X.X <wildcard> area <x> ! directly connected networks (loo interfaces)

! using default static route for a stub network

ip route vrf <VRF-name> 0.0.0.0 0.0.0.0 <next-hop>

Example:

Picture 2: logical topology:

Picture 3: virtual end-devices to deploy

Let’s suppose we have to configure connectivity between hosts “vhostx” as shown in picture2.

Vhost1-host8 can be configured using one single device (picture3)

A c3745 router with NM-16ESW interface module will host six virtual devices.

– vhost1: a stub router announcing the stub network .60.0/24 through OSPF.

– vhost2: vhost3, vhost6 and vhost7 are end-hosts configured with static default routes.

– vhost8: a stub router announcing a stub network and dual-homed to R0 to provide traffic load-sharing .

Picture 3: Physical topology:

To ensure connectivity between OSPF and EIGRP domains, mutual redistributed is performed on R0.

Note that (.37) is not announced in OSPF on R1, so to ensure connectivity with vhost3, OSPF generate a default route that will be propagated to R0 and consequently to EIGRP through redistribution.

Configuration

! CEF required by VRF

ip cef

Vhost1:

ip vrf vhost1

rd 100:100

interface Loopback1

ip vrf forwarding vhost1

ip address 192.168.60.1 255.255.255.0

interface FastEthernet0/1

no switchport

ip vrf forwarding vhost1

ip address 192.168.61.1 255.255.255.0

router ospf 15 vrf vhost1

log-adjacency-changes

network 192.168.60.0 0.0.0.255 area 0

network 192.168.61.0 0.0.0.255 area 0

vhost2:

ip vrf vhost2

rd 200:200

nterface FastEthernet0/2

no switchport

ip vrf forwarding vhost2

ip address 192.168.52.2 255.255.255.0

ip route vrf vhost2 0.0.0.0 0.0.0.0 192.168.52.101

vhost3:

ip vrf vhost3

rd 300:300

interface FastEthernet0/3

no switchport

ip vrf forwarding vhost3

ip address 192.168.37.3 255.255.255.0

ip route vrf vhost3 0.0.0.0 0.0.0.0 192.168.37.101

vhost6:

ip vrf vhost6

rd 600:600

interface FastEthernet0/6

no switchport

ip vrf forwarding vhost6

ip address 192.168.62.6 255.255.255.0

ip route vrf vhost6 0.0.0.0 0.0.0.0 192.168.62.102

vhost7:

ip vrf vhost7

rd 700:700

interface FastEthernet0/7

description host7_l3_interface

no switchport

ip vrf forwarding vhost7

ip address 192.168.73.7 255.255.255.0

ip route vrf vhost7 0.0.0.0 0.0.0.0 192.168.73.102

vhost8 :

ip vrf vhost8

rd 800:800

interface Loopback8

ip vrf forwarding vhost8

ip address 192.168.80.8 255.255.255.0

interface FastEthernet0/8

description host8_l3_interface

no switchport

ip vrf forwarding vhost8

ip address 192.168.84.4 255.255.255.0

interface FastEthernet0/10

no switchport

ip vrf forwarding vhost8

ip address 192.168.85.4 255.255.255.0

router eigrp 10

network 192.168.80.0

network 192.168.84.0 0.0.0.0

network 192.168.85.0 0.0.0.0

maximum-paths 2

no auto-summary

address-family ipv4 vrf vhost8

network 192.168.80.0

network 192.168.84.0

network 192.168.85.0

auto-summary

autonomous-system 1

exit-address-family

Connectivity check

Here some tools to check connectivity between different virtual hosts thoughout the intermediate topology

! ### From vhost1

vhost(tcl)#foreach VAR {

+>192.168.61.1

+>192.168.52.2

+>192.168.37.3

+>192.168.62.6

+>192.168.73.7

+>192.168.84.4

+> } { puts [exec “trace vrf vhost1 $VAR”] }