IP Routing: Protocol-Independent Configuration Guide, Cisco IOS XE Release 3S
PBR Next-Hop Verify Availability for VRF
Downloads: This chapterpdf (PDF - 1.36MB) The complete bookPDF (PDF - 3.85MB) | Feedback

Contents

PBR Next-Hop Verify Availability for VRF

The PBR Next-Hop Verify Availability for VRF feature enables verification of next-hop availability for IPv4/IPv6 packets in virtual routing and forwarding (VRF) instances.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About PBR Next-Hop Verify Availability for VRF

PBR Next-Hop Verify Availability for VRF Overview

Cisco IOS policy-based routing (PBR) defines packet matching and classification specifications, sets action policies, which can modify the attributes of IP packets, and overrides normal destination IP address-based routing and forwarding. PBR can be applied on global interfaces and under multiple routing instances. The PBR Next-Hop Verify Availability for VRF feature enables verification of next-hop availability for IPv4/IPv6 packets under virtual routing and forwarding (VRF) instances.

In case of an inherited VRF, the VRF instance is based on the ingress interface. Inter VRF refers to forwarding of packets from one VRF to another VRF; for example, from VRFx to VRFy. An IPv4/IPv6 packet received from VRFx is forwarded to VRFy and the availability of the next hop is verified in the VRFy instance.

How to Configure PBR Next-Hop Verify Availability for VRF

Configuring PBR Next-Hop Verify Availability for Inherited IP VRF

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    ip vrf vrf-name

    4.    rd vpn-route-distinguisher

    5.    route-target export route-target-ext-community

    6.    route-target import route-target-ext-community

    7.    exit

    8.    ip sla operation-number

    9.    icmp-echo destination-ip-address

    10.    vrf vrf-name

    11.    exit

    12.    ip sla schedule operation-number life forever start-time now

    13.    track object-number ip sla operation-number

    14.    interface type number

    15.    ip vrf forwarding vrf-name

    16.    ip address ip-address subnet-mask

    17.    exit

    18.    route-map map-tag permit sequence-number

    19.    set ip vrf vrf-name next-hop verify-availability next-hop-address sequence track object

    20.    exit

    21.    interface type number

    22.    ip vrf forwarding vrf-name

    23.    ip policy route-map map-tag

    24.    ip address ip-address subnet-mask

    25.    end


DETAILED STEPS
      Command or Action Purpose
    Step 1 enable


    Example:
    Device> enable
     
    Enables privileged EXEC mode.
    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3 ip vrf vrf-name


    Example:
    Device(config)# ip vrf RED
     

    Configures an IP VPN routing and forwarding instance and enters VRF configuration mode.

     
    Step 4 rd vpn-route-distinguisher


    Example:
    Device(config-vrf)# rd 100:1
     

    Specifies the route distinguisher. The route distinguisher is either an autonomous system (AS) number or an IP address.

     
    Step 5 route-target export route-target-ext-community


    Example:
    Device(config-vrf)# route-target export 100:1
     

    Creates a route-target extended community for a VRF and exports routing information from the target VPN extended community. The route-target-ext-community argument is either an AS number or an IP address.

     
    Step 6 route-target import route-target-ext-community


    Example:
    Device(config-vrf)# route-target import 100:1
     

    Creates a route-target extended community for a VRF and imports routing information from the target VPN extended community. The route-target-ext-community argument is either an AS number or an IP address.

     
    Step 7 exit


    Example:
    Device(config-vrf)# exit
     

    Exits VRF configuration mode and returns to global configuration mode.

     
    Step 8 ip sla operation-number


    Example:
    Device(config)# ip sla 1
     

    Configures a Cisco IOS IP Service Level Agreements (SLAs) operation and enters IP SLA configuration mode.

     
    Step 9 icmp-echo destination-ip-address


    Example:
    Device(config-ip-sla)# icmp-echo 10.0.0.4
     

    Configures an IP SLAs Internet Control Message Protocol (ICMP) echo operation and enters ICMP echo configuration mode.

     
    Step 10 vrf vrf-name


    Example:
    Device(config-ip-sla-echo)# vrf RED
     

    Configures IP SLAs for a VRF instance.

     
    Step 11 exit


    Example:
    Device(config-ip-sla-echo)# exit
     

    Exits ICMP echo configuration mode and returns to global configuration mode.

     
    Step 12 ip sla schedule operation-number life forever start-time now


    Example:
    Device(config)# ip sla schedule 1 life forever start-time now
     

    Configures the scheduling parameters for a single Cisco IOS IP SLAs operation.

     
    Step 13 track object-number ip sla operation-number


    Example:
    Device(config)# track 1 ip sla 1
     

    Tracks the state of a Cisco IOS IP SLAs operation and enters tracking configuration mode.

     
    Step 14 interface type number


    Example:
    Device(config-track)# interface Ethernet1/0
     

    Specifies the interface type and number and enters interface configuration mode.

     
    Step 15 ip vrf forwarding vrf-name


    Example:
    Device(config-if)# ip vrf forwarding RED
     

    Configures the forwarding table.

     
    Step 16 ip address ip-address subnet-mask


    Example:
    Device(config-if)# ip address 10.0.0.2 255.0.0.0
     

    Specifies the IP address and subnet mask for the interface.

     
    Step 17 exit


    Example:
    Device(config-if)# exit
     

    Exits interface configuration mode and returns to global configuration mode.

     
    Step 18 route-map map-tag permit sequence-number


    Example:
    Device(config)# route-map test02 permit 10
     

    Specifies the sequence to insert to or delete from an existing route-map entry and enters route-map configuration mode.

     
    Step 19 set ip vrf vrf-name next-hop verify-availability next-hop-address sequence track object


    Example:
    Device(config-route-map)# set ip vrf RED next-hop verify-availability 192.168.23.2 1 track 1
     

    Configures policy routing to verify the reachability of the next hop of a route map before the router performs policy routing to that next hop.

     
    Step 20 exit


    Example:
    Device(config-route-map)# exit
     

    Exits route-map configuration mode and returns to global configuration mode.

     
    Step 21 interface type number


    Example:
    Device(config)# interface Ethernet0/0
     

    Specifies the interface type and number and enters interface configuration mode.

     
    Step 22 ip vrf forwarding vrf-name


    Example:
    Device(config-if)# ip vrf forwarding RED
     

    Configures the forwarding table.

     
    Step 23 ip policy route-map map-tag


    Example:
    Device(config-if)# ip policy route-map test02
     

    Identifies a route map to use for policy routing on an interface.

     
    Step 24 ip address ip-address subnet-mask


    Example:
    Device(config-if)# ip address 192.168.10.2 255.255.255.0
     

    Specifies the IP address and subnet mask for the interface.

     
    Step 25 end


    Example:
    Device(config-if)# exit
     

    Returns to privileged EXEC mode.

     

    Configuring PBR Next-Hop Verify Availability for Inherited IPv6 VRF

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    ip vrf vrf-name

      4.    rd vpn-route-distinguisher

      5.    route-target export route-target-ext-community

      6.    route-target import route-target-ext-community

      7.    exit

      8.    ip sla operation-number

      9.    icmp-echo destination-ip-address

      10.    vrf vrf-name

      11.    exit

      12.    ip sla schedule operation-number life forever start-time now

      13.    track object-number ip sla operation-number

      14.    interface type number

      15.    ip vrf forwarding vrf-name

      16.    ip address ip-address subnet-mask

      17.    ipv6 address ipv6-prefix

      18.    exit

      19.    route-map map-tag permit sequence-number

      20.    set ipv6 vrf vrf-name next-hop verify-availability next-hop-address sequence track object

      21.    exit

      22.    interface type number

      23.    ip vrf forwarding vrf-name

      24.    ipv6 policy route-map map-tag

      25.    ip address ip-address subnet-mask

      26.    ipv6 address ipv6-prefix

      27.    end


    DETAILED STEPS
        Command or Action Purpose
      Step 1 enable


      Example:
      Device> enable
       
      Enables privileged EXEC mode.
      • Enter your password if prompted.
       
      Step 2 configure terminal


      Example:
      Device# configure terminal
       

      Enters global configuration mode.

       
      Step 3 ip vrf vrf-name


      Example:
      Device(config)# ip vrf RED
       

      Configures an IP VPN routing and forwarding instance and enters VRF configuration mode.

       
      Step 4 rd vpn-route-distinguisher


      Example:
      Device(config-vrf)# rd 100:1
       

      Specifies the route distinguisher. The route distinguisher is either an autonomous system (AS) number or an IP address.

       
      Step 5 route-target export route-target-ext-community


      Example:
      Device(config-vrf)# route-target export 100:1
       

      Creates a route-target extended community for a VRF and exports routing information from the target VPN extended community. The route-target-ext-community argument is either an AS number or an IP address.

       
      Step 6 route-target import route-target-ext-community


      Example:
      Device(config-vrf)# route-target import 100:1
       

      Creates a route-target extended community for a VRF and imports routing information from the target VPN extended community. The route-target-ext-community argument is either an AS number or an IP address.

       
      Step 7 exit


      Example:
      Device(config-vrf)# exit
       

      Exits VRF configuration mode and returns to global configuration mode.

       
      Step 8 ip sla operation-number


      Example:
      Device(config)# ip sla 1
       

      Configures a Cisco IOS IP Service Level Agreements (SLAs) operation and enters IP SLA configuration mode.

       
      Step 9 icmp-echo destination-ip-address


      Example:
      Device(config-ip-sla)# icmp-echo 10.0.0.4
       

      Configures an IP SLAs Internet Control Message Protocol (ICMP) echo operation and enters ICMP echo configuration mode.

       
      Step 10 vrf vrf-name


      Example:
      Device(config-ip-sla-echo)# vrf RED
       

      Configures IP SLAs for a VRF instance.

       
      Step 11 exit


      Example:
      Device(config-ip-sla-echo)# exit
       

      Exits ICMP echo configuration mode and returns to global configuration mode.

       
      Step 12 ip sla schedule operation-number life forever start-time now


      Example:
      Device(config)# ip sla schedule 1 life forever start-time now
       

      Configures the scheduling parameters for a single Cisco IOS IP SLAs operation.

       
      Step 13 track object-number ip sla operation-number


      Example:
      Device(config)# track 1 ip sla 1
       

      Tracks the state of a Cisco IOS IP SLAs operation and enters tracking configuration mode.

       
      Step 14 interface type number


      Example:
      Device(config-track)# interface Ethernet1/0
       

      Specifies the interface type and number and enters interface configuration mode.

       
      Step 15 ip vrf forwarding vrf-name


      Example:
      Device(config-if)# ip vrf forwarding RED
       

      Configures the forwarding table.

       
      Step 16 ip address ip-address subnet-mask


      Example:
      Device(config-if)# ip address 10.0.0.2 255.0.0.0
       

      Specifies the IP address and subnet mask for the interface.

       
      Step 17 ipv6 address ipv6-prefix


      Example:
      Device(config-if)# ipv6 address 2001:DB8::/48
       

      Specifies the IPv6 prefix.

       
      Step 18 exit


      Example:
      Device(config-if)# exit
       

      Exits interface configuration mode and returns to global configuration mode.

       
      Step 19 route-map map-tag permit sequence-number


      Example:
      Device(config)# route-map test02 permit 10
       

      Specifies the sequence to insert to or delete from an existing route-map entry and enters route-map configuration mode.

       
      Step 20 set ipv6 vrf vrf-name next-hop verify-availability next-hop-address sequence track object


      Example:
      Device(config-route-map)# set ipv6 vrf RED next-hop verify-availability 2001:DB8:1::1 1 track 1
       

      Configures policy routing to verify the reachability of the next hop of a route map before the router performs policy routing to that next hop.

       
      Step 21 exit


      Example:
      Device(config-route-map)# exit
       

      Exits route-map configuration mode and returns to global configuration mode.

       
      Step 22 interface type number


      Example:
      Device(config)# interface Ethernet0/0
       

      Specifies the interface type and number and enters interface configuration mode.

       
      Step 23 ip vrf forwarding vrf-name


      Example:
      Device(config-if)# ip vrf forwarding RED
       

      Configures the forwarding table.

       
      Step 24 ipv6 policy route-map map-tag


      Example:
      Device(config-if)# ipv6 policy route-map test02
       

      Identifies a route map to use for policy routing on an interface.

       
      Step 25 ip address ip-address subnet-mask


      Example:
      Device(config-if)# ip address 192.168.10.2 255.255.255.0
       

      Specifies the IP address and subnet mask for the interface.

       
      Step 26 ipv6 address ipv6-prefix


      Example:
      Device(config-if)# ipv6 address 2001:DB8::/32
       

      Specifies the IPv6 prefix.

       
      Step 27 end


      Example:
      Device(config-if)# end
       

      Returns to privileged EXEC mode.

       

      Configuring PBR Next-Hop Verify Availability for Inter VRF

      SUMMARY STEPS

        1.    enable

        2.    configure terminal

        3.    ip vrf vrf-name

        4.    rd vpn-route-distinguisher

        5.    route-target export route-target-ext-community

        6.    ip vrf vrf-name

        7.    no rd vpn-route-distinguisher

        8.    rd vpn-route-distinguisher

        9.    route-target export route-target-ext-community

        10.    interface type number

        11.    ip vrf forwarding vrf-name

        12.    ip address ip-address subnet-mask

        13.    ip policy route-map map-tag

        14.    interface type number

        15.    ip vrf forwarding vrf-name

        16.    ip address ip-address subnet-mask

        17.    exit

        18.    ip route vrf vrf-name prefix mask interface-type interface-number ip-address

        19.    ip route vrf vrf-name prefix mask ip-address

        20.    Repeat Step 19 to establish additional static routes.

        21.    route-map map-tag permit sequence-number

        22.    match interface interface-type interface-number

        23.    set ip vrf vrf-name next-hop verify-availability next-hop-address sequence track object

        24.    end


      DETAILED STEPS
          Command or Action Purpose
        Step 1 enable


        Example:
        Device> enable
         
        Enables privileged EXEC mode.
        • Enter your password if prompted.
         
        Step 2 configure terminal


        Example:
        Device# configure terminal
         

        Enters global configuration mode.

         
        Step 3 ip vrf vrf-name


        Example:
        Device(config)# ip vrf BLUE
         

        Configures an IP VPN routing and forwarding instance and enters VRF configuration mode.

         
        Step 4 rd vpn-route-distinguisher


        Example:
        Device(config-vrf)# rd 800:1
         

        Specifies the route distinguisher. The route distinguisher is either an autonomous system (AS) number or an IP address.

         
        Step 5 route-target export route-target-ext-community


        Example:
        Device(config-vrf)# route-target export 800:1
         

        Creates a route-target extended community for a VRF and exports routing information from the target VPN extended community. The route-target-ext-community argument is either an AS number or an IP address.

         
        Step 6 ip vrf vrf-name


        Example:
        Device(config-vrf)# ip vrf BLUE
         

        Configures an IP VPN routing and forwarding instance.

         
        Step 7 no rd vpn-route-distinguisher


        Example:
        Device(config-vrf)# no rd 800:1
         

        Removes the specified route distinguisher.

         
        Step 8 rd vpn-route-distinguisher


        Example:
        Device(config-vrf)# rd 900:1
         

        Specifies the route distinguisher. The route distinguisher is either an AS number or an IP address.

         
        Step 9 route-target export route-target-ext-community


        Example:
        Device(config-vrf)# route-target export 900:1
         

        Creates a route-target extended community for a VRF and exports routing information from the target VPN extended community. The route-target-ext-community argument is either an AS number or an IP address.

         
        Step 10 interface type number


        Example:
        Device(config-vrf)# interface Ethernet0/0
         

        Specifies the interface type and number and enters interface configuration mode.

         
        Step 11 ip vrf forwarding vrf-name


        Example:
        Device(config-if)# ip vrf forwarding RED
         

        Configures the forwarding table.

         
        Step 12 ip address ip-address subnet-mask


        Example:
        Device(config-if)# ip address 192.168.10.2 255.255.255.0
         

        Specifies the IP address and subnet mask for the interface.

         
        Step 13 ip policy route-map map-tag


        Example:
        Device(config-if)# ip policy route-map test00
         

        Identifies a route map to use for policy routing on an interface.

         
        Step 14 interface type number


        Example:
        Device(config-if)# interface Ethernet0/1
         

        Specifies the interface type and number.

         
        Step 15 ip vrf forwarding vrf-name


        Example:
        Device(config-if)# ip vrf forwarding BLUE
         

        Configures the forwarding table.

         
        Step 16 ip address ip-address subnet-mask


        Example:
        Device(config-if)# ip address 192.168.21.1 255.255.255.0
         

        Specifies the IP address and subnet mask for the interface.

         
        Step 17 exit


        Example:
        Device(config-if)# exit
         

        Exits interface configuration mode and returns to global configuration mode.

         
        Step 18 ip route vrf vrf-name prefix mask interface-type interface-number ip-address


        Example:
        Device(config)# ip route vrf BLUE 192.168.10.1 255.255.255.255 Ethernet0/0 192.168.10.1
         

        Establishes static routes.

         
        Step 19 ip route vrf vrf-name prefix mask ip-address


        Example:
        Device(config)# ip route vrf BLUE 192.168.23.0 255.255.255.0 192.168.21.2
         

        Establishes static routes.

         
        Step 20 Repeat Step 19 to establish additional static routes.
         

         
        Step 21 route-map map-tag permit sequence-number


        Example:
        Device(config)# route-map test00 permit 10
         

        Specifies the sequence to insert to or delete from an existing route map entry and enters route-map configuration mode.

         
        Step 22 match interface interface-type interface-number


        Example:
        Device(config-route-map)# match interface Ethernet0/0
         

        Distributes any routes that have their next hop as one of the specified interfaces.

         
        Step 23 set ip vrf vrf-name next-hop verify-availability next-hop-address sequence track object


        Example:
        Device(config-route-map)# set ip vrf BLUE next-hop verify-availability 192.168.23.2 1 track 1
         

        Configures policy routing to verify the reachability of the next hop of a route map of a VRF instance before the router performs policy routing to that next hop.

         
        Step 24 end


        Example:
        Device(config-route-map)# end
         

        Returns to privileged EXEC mode.

         

        Configuration Examples for PBR Next-Hop Verify Availability for VRF

        Example: Configuring PBR Next-Hop Verify Availability for Inherited IP VRF

        Device> enable
        Device# configure terminal 
        Device(config)# ip vrf RED
        Device(config-vrf)# rd 100:1
        Device(config-vrf)# route-target export 100:1
        Device(config-vrf)# route-target import 100:1
        Device(config-vrf)# exit
        Device(config)# ip sla 1
        Device(config-ip-sla)# icmp-echo 10.0.0.4
        Device(config-ip-sla-echo)# vrf RED
        Device(config-ip-sla-echo)# exit
        Device(config)# ip sla schedule 1 life forever start-time now
        Device(config)# track 1 ip sla 1
        Device(config-track)# interface Ethernet0/0
        Device(config-if)# ip vrf forwarding RED
        Device(config-if)# ip address 10.0.0.2 255.0.0.0
        Device(config-if)# exit
        Device(config)# route-map test02 permit 10
        Device(config-route-map)# set ip vrf RED next-hop verify-availability 192.168.23.2 1 track 1
        Device(config-route-map)# interface Ethernet0/0
        Device(config-if)# ip vrf forwarding RED
        Device(config-if)# ip policy route-map test02
        Device(config-if)# ip address 192.168.10.2 255.255.255.0
        Device(config-if)# end
        

        Example: Configuring PBR Next-Hop Verify Availability for Inherited IPv6 VRF

        Device> enable
        Device# configure terminal 
        Device(config)# ip vrf RED
        Device(config-vrf)# rd 100:1
        Device(config-vrf)# route-target export 100:1
        Device(config-vrf)# route-target import 100:1
        Device(config-vrf)# exit
        Device(config)# ip sla 1
        Device(config-ip-sla)# icmp-echo 10.0.0.4
        Device(config-ip-sla-echo)# vrf RED
        Device(config-ip-sla-echo)# exit
        Device(config)# ip sla schedule 1 life forever start-time now
        Device(config)# track 1 ip sla 1
        Device(config-track)# interface Ethernet0/0
        Device(config-if)# ip vrf forwarding RED
        Device(config-if)# ip policy route-map test02
        Device(config-if)# ip address 192.168.10.2 255.255.255.0
        Device(config-if)# ipv6 address 2001:DB8::/32
        Device(config-if)# interface Ethernet1/0
        Device(config-if)# ip vrf forwarding RED
        Device(config-if)# ip address 10.0.0.2 255.0.0.0
        Device(config-if)# ipv6 address 2001:DB8::/48
        Device(config-if)# exit
        Device(config)# route-map test02 permit 10
        Device(config-route-map)# set ipv6 vrf RED next-hop verify-availability 2001:DB8:1::1 1 track 1
        Device(config-route-map)# end
        

        Example: Configuring PBR Next-Hop Verify Availability for Inter VRF

        Device> enable
        Device# configure terminal 
        Device(config)# ip vrf BLUE
        Device(config-vrf)# rd 800:1
        Device(config-vrf)# route-target export 800:1
        Device(config-vrf)# ip vrf BLUE
        Device(config-vrf)# no rd 800:1
        Device(config-vrf)# rd 900:1
        Device(config-vrf)# route-target export 900:1
        Device(config-vrf)# interface Ethernet0/0
        Device(config-if)# ip vrf forwarding RED
        Device(config-if)# ip address 192.168.10.2 255.255.255.0
        Device(config-if)# ip policy route-map test00
        Device(config-if)# interface Ethernet0/1
        Device(config-if)# ip vrf forwarding BLUE
        Device(config-if)# ip address 192.168.21.1 255.255.255.0
        Device(config-if)# exit
        Device(config)# ip route vrf blue 192.168.10.1 255.255.255.255 Ethernet0/0 192.168.10.1
        Device(config)# ip route vrf blue 192.168.23.0 255.255.255.0 192.168.21.2
        Device(config)# route-map test00 permit 10
        Device(config-route-map)# match interface Ethernet0/0
        Device(config-route-map)# set ip vrf blue next-hop verify-availability 192.168.23.2 1 track 1
        Device(config-route-map)# end
        

        Additional References for PBR Next-Hop Verify Availability for VRF

        Related Documents

        Related Topic

        Document Title

        Cisco IOS commands

        Cisco IOS Master Command List, All Releases

        Technical Assistance

        Description Link

        The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

        To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

        Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

        http:/​/​www.cisco.com/​support

        Feature Information for PBR Next-Hop Verify Availability for VRF

        The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

        Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

        Feature Name

        Releases

        Feature Information

        PBR Next-Hop Verify Availability for VRF

        Cisco IOS XE Release 3.11S

        The PBR Next-Hop Verify Availability for VRF feature enables verification of next-hop availability for IPv4/IPv6 packets in virtual routing and forwarding (VRF) instances.