Table Of Contents
MPLS VPN Support for EIGRP Between Provider Edge and Customer Edge
Prerequisites for MPLS VPN Support for EIGRP Between PE and CE
Restrictions for MPLS VPN Support for EIGRP Between PE and CE
Information About MPLS VPN Support for EIGRP Between PE and CE
EIGRP Extended Community Attributes
Benefits of MPLS VPN Support for EIGRP
How to Configure an MPLS VPN Using EIGRP
Configuring the VRF for the EIGRP MPLS VPN
Configuring EIGRP Redistribution in the MPLS VPN
Configuring the PE Routers to Support the EIGRP MPLS VPN
Verifying the VPN Configuration
Verifying PE-to-PE Connectivity
Verifying EIGRP VRF Configuration
Configuration Examples for the EIGRP MPLS VPN
EIGRP MPLS VPN Configuration Example
BGP Network Configuration Example
EIGRP MPLS VPN Verification Examples
Verifying Route Distinguisher and MPLS Configuration Example
Verifying PE-to-PE Connectivity Example
Verifying EIGRP VRF Configuration Example
MPLS VPN Support for EIGRP Between Provider Edge and Customer Edge
The MPLS VPN Support for EIGRP Between Provider Edge (PE) and Customer Edge (CE) feature introduces the capability to redistribute Enhanced Interior Gateway Routing Protocol (EIGRP) routes through a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) over a Border Gateway Protocol (BGP) core network. This feature is configured only on PE routers and requires no upgrade or configuration changes to customer equipment. This feature also introduces EIGRP support for MPLS and support for EIGRP extended community attributes.
History for the MPLS VPN Support for EIGRP Between Provider Edge and Customer Edge feature
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•
Prerequisites for MPLS VPN Support for EIGRP Between PE and CE
•
•
•
•
Prerequisites for MPLS VPN Support for EIGRP Between PE and CE
In this document, it is assumed that BGP is configured in the network core. You will also need to complete the following tasks before you can configure this feature:
•
•
Restrictions for MPLS VPN Support for EIGRP Between PE and CE
Metric Must Be Configured for Routes from Other Autonomous Systems and Non-EIGRP Networks
If an external route is received from another EIGRP autonomous system or a non-EIGRP network without a configured metric, the route will not be advertised to the CE router. The metric can be configured in the redistribute statement by use of the redistribute command or configured with the default-metric command.
Native EIGRP VRF to VRF Redistribution Is Not Supported
Redistribution between native EIGRP VRFs is not supported. This is designed behavior.
Information About MPLS VPN Support for EIGRP Between PE and CE
To configure this feature, you must understand the following concepts:
•
•
MPLS VPN Support for EIGRP
The MPLS VPN Support for EIGRP Between Provider Edge and Customer Edge feature provides the capability to transparently connect EIGRP customer networks through an MPLS-enabled BGP core network so that EIGRP routes are redistributed through the VPN across the BGP network as internal BGP (iBGP) routes. The configuration of this feature does not require any customer equipment upgrades or configuration changes; this feature is configured only on PE routers within the service provider network.
Customer networks and remote sites are connected to each other through the MPLS VPN. The configuration of this feature allows several EIGRP sites to connect seamlessly and appear as a single network. This integration is transparent to the customer sites. When this feature is enabled, EIGRP routes are converted to iBGP routes and transported through the BGP core network. EIGRP extended community attributes are used to define EIGRP routes and preserve internal metrics. These attributes are carried across the core network by multiprotocol BGP.
Figure 1 shows 2 customer EIGRP networks that are connected by the VPN over a service provider backbone:"Site1" and "Site 2."
Figure 1
EIGRP Connectivity Between VPN Client Sites over a Service Provider Backbone
In Figure 1, the EIGRP routes in Site 1 are carried through the BGP core network as iBGP routes. The EIGRP routes in "Site 1" and "Site 2" are converted to iBGP routes and EIGRP extended community attributes are appended to the iBGP routes. (See Table 1 for a description of these attributes.) The EIGRP extended community attributes are appended to the EIGRP routes when they are redistributed into BGP as iBGP routes, and VPN routing information is redistributed between the PE routers by multiprotocol BGP.
The routes that originate in "Site 1" travel to the PE router that is connected to the CE router in "Site 2" of the VPN and are then converted back to EIGRP routes using the EIGRP extended community attributes. EIGRP routes are treated the same in "Site 1" and "Site 2." If the route is internal in "Site 1", it will be internal in "Site 2", and if the route is external in "Site 1", it will be external in "Site 2." All EIGRP metrics are preserved, and EIGRP metric information, along with the autonomous system, tag, and external data, is carried across the VPN over the BGP core network.
Note
Each VPN is associated with a single VPN routing or forwarding instance (VRF). A VRF consists of an IP routing table, a CEF table, and a set of interfaces that use the CEF forwarding table. The router maintains a separate routing and CEF table for each VRF, which prevents information being sent outside the VPN and allows the same addresses to be used in several VPNs without causing problems that are associated with duplicate IP addresses.
A single EIGRP routing process can support multiple VRFs. This support is limited only by the available system resources on the router, which are determined by the number of configured VRF instances, running processes, and amount of available memory. However, only a single VRF can be supported by each VPN. Separate VRFs are unique and do not share neighbor, routing, or topology information. Redistribution between native EIGRP VRFs is not supported. An EIGRP process must be created for the default VRF even if it is not used for establishing EIGRP neighbors, and a separate VRF address family must be configured in BGP for each EIGRP VRF.
EIGRP Extended Community Attributes
EIGRP routes are converted to iBGP routes on the PE router by the appending of EIGRP extended community attributes. The PE router uses multiprotocol BGP to distribute the VPN routing information using the these extended community attributes. The BGP routes are converted back to EIGRP routes by use of the extended community attribute information when the iBGP routes reach the PE router that is connected to the destination CE router.
Table 1 describes the extended community attributes that are appended to BGP routes and used to carry EIGRP information across the service provider backbone.
Benefits of MPLS VPN Support for EIGRP
Multiple VRFs Are Supported
A single EIGRP routing process can support multiple VRFs. This support is limited only by the available system resources on the router, which are determined by the number of configured VRF instances, running processes, and amount of available memory. However, only a single VRF can be supported by each VPN.
Seamless Integration of Existing Customer EIGRP Deployments
This feature is configured only on PE routers that provide VPN services across the service provider network. The customer need not upgrade the version of Cisco IOS software being used or make any changes to equipment or configurations.
Secure, Scalable, and Cost-Effective Alternative
Remote sites can be seamlessly and securely connected through VPNs to customer networks. This feature provides a cost-effective alternative to traditional methods, such as WAN leased lines.
How to Configure an MPLS VPN Using EIGRP
This section contains the following procedures:
•
•
•
•
•
•
Configuring the VRF for the EIGRP MPLS VPN
Creating a VRF
A VRF must be created, and a route distinguisher and route target must be configured in order for the PE routers in the BGP network to carry EIGRP routes to the EIGRP CE site. The VRF must also be associated with an interface in order for the PE router to send routing updates to the CE router. Use the following steps to create and configure the VRF and associate the VRF with an interface.
Prerequisites
Before this feature can be configured, MPLS and CEF must be configured in the BGP network, and multiprotocol BGP and EIGRP must be configured on all PE routers that provide VPN services to CE routers.
Restrictions
Native EIGRP VRF to VRF redistribution is not supported.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
DETAILED STEPS
What to Do Next
The next task is to configure the EIGRP redistribution in the MPLS VPN. Use the steps in the following section.
Configuring EIGRP Redistribution in the MPLS VPN
Creating the MPLS VPN
Perform this task to enable EIGRP redistribution in the MPLS VPN. This task should be applied to every PE router that provides VPN services.
Prerequisites
Before EIGRP SoO BGP Cost Community support was introduced, BGP preferred locally sourced routes over routes learned from BGP peers. Backdoor links in an EIGRP MPLS VPN topology are preferred by BGP if the back door link is learned first. (A back door link or a route is a connection that is configured outside of the VPN between a remote and a main site. For example, a WAN leased line that connects a remote site to the corporate network).
The "pre-bestpath" point of insertion (POI) has been introduced in the BGP Cost Community feature to support mixed EIGRP VPN network topologies that contain VPN and backdoor links. This POI is applied automatically to EIGRP routes that are redistributed into BGP. The "pre-best path" POI carries the EIGRP route type and metric. This POI influences the best path calculation process by configuring BGP to consider this POI before any other comparison step. No configuration is required. This feature is enabled automatically for EIGRP VPN sites when Cisco IOS Release 12.0(27)S is installed to a PE, CE, or back door router.
For more information about the BGP Cost Community feature and the absolute value POI, refer to the BGP Cost Community feature documentation in Cisco IOS Release 12.0(27)S.
For more information about the EIGRP MPLS VPN PE-CE Site of Origin (SoO) feature, refer to the EIGRP MPLS VPN PE-CE Site of Origin (SoO) feature documentation in Cisco IOS Release 12.0(27)S.
Restrictions
Metrics must be configured for routes from other EIGRP autonomous systems and non-EIGRP networks. If an external route is received from another EIGRP autonomous system or a non-EIGRP network without a configured metric, the route will not be advertised to the CE router. The metric can be configured in the redistribute statement by means of the redistribute command or the default-metric command.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
Troubleshooting Tips
If the MPLS VPN is not working properly:
•
•
The commands in the following table can also be useful for monitoring and troubleshooting the configuration of this feature.
What to Do Next
The next task is to configure the PE routers to support the EIGRP MPLS VPN. Use the steps in the following section.
Configuring the PE Routers to Support the EIGRP MPLS VPN
Basic BGP Configuration
The BGP configuration provided in this section includes the elements necessary for configuring this feature. Steps 11 through 13 will need to be repeated on a per EIGRP VRF basis if multiple EIGRP VRFs need to be configured.
Prerequisites
Before this feature can be configured, MPLS and CEF must be enabled in the BGP network, and multiprotocol BGP must be enabled on all PE routers that provide VPN services to CE routers.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
DETAILED STEPS
Verifying the VPN Configuration
A route distinguisher must be configured for the VRF, and MPLS must be configured on the interfaces that carry the VRF. Use the show ip vrf command to verify the route distinguisher (RD) and interface that are configured for the VRF.
SUMMARY STEPS
1.
DETAILED STEPS
Verifying PE-to-PE Connectivity
Perform this task to verify PE-to-PE connectivity in the service provider network.
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Verifying EIGRP VRF Configuration
Use the following steps to verify EIGRP VRF configuration.
SUMMARY STEPS
1.
2.
3.
DETAILED STEPS
Configuration Examples for the EIGRP MPLS VPN
•
•
•
EIGRP MPLS VPN Configuration Example
The following configuration example in global configuration mode creates a VRF named RED and associates it with an interface:
ip vrf REDrd 100:1route-target both 100:1exitinterface FastEthernet 0/0ip vrf forwarding REDip address 10.0.0.1 255.255.255.0endBGP Network Configuration Example
The following configuration example shows the minimum BGP configuration required on the PE routers to support the EIGRP MPLS VPN:
router bgp 65000no synchronizationneighbor 10.0.0.1 remote-as 65000neighbor 10.0.0.1 update-source loopback 0address-family vpnv4neighbor 10.0.0.1 activateneighbor 10.0.0.1 send-community extendedexit-address-familyaddress-family ipv4 vrf REDredistribute eigrp 101no synchronizationexit-address-familyEIGRP Redistribution Example
The following configuration example shows how to configure EIGRP redistribution through the MPLS VPN over the BGP core network:
router eigrp 1address-family ipv4 vrf REDnetwork 172.16.0.0 0.0.255.255redistribute bgp 10 metric 10000 100 255 1 1500autonomous-system 101exit-address-familyEIGRP MPLS VPN Verification Examples
The examples in the following section show how to verify the configuration of the MPLS VPN Support for EIGRP Between Provider Edge and Customer Edge feature:
•
•
•
Verifying Route Distinguisher and MPLS Configuration Example
A route distinguisher must be configured for the VRF, and MPLS must be configured on the interfaces that carry the VRF.
Use the show ip vrf command to verify the route distinguisher (RD) and interface that are configured for the VRF. The VRF name, RD, and configured interface are displayed in the output. The following sample output is similar to the output that will be displayed when the show ip vrf command is issued:
Router# show ip vrfName Default RD InterfacesBLUE 120:1PINK 130:1 Ethernet3/0RED 100:1YELLOW 110:1 Serial12/0Use the show ip eigrp vrf interfaces command to display and verify specific information about VRFs configured under EIGRP. The interface to VRF mapping that is displayed in the output of this command should match the mapping that is displayed for the show ip vrf command. The following sample output is similar to the output that will be displayed when the show ip eigrp vrf interfaces command is issued:
Router# show ip eigrp vrf PINK interfacesIP-EIGRP interfaces for process 1Xmit Queue Mean Pacing Time Multicast PendingInterface Peers Un/Reliable SRTT Un/Reliable Flow Timer RoutesEt3/0 1 0/0 131 0/10 528 0Use the show mpls interfaces command to verify that MPLS is configured for interfaces that need to carry any configured VRFs. The following sample output is similar to the output that will be displayed when the show mpls interfaces command is issued:
Router# show mpls interfacesInterface IP Tunnel OperationalEthernet2/0 Yes (tdp) No YesVerifying PE-to-PE Connectivity Example
The ping command can be used to verify PE-to-PE connectivity within the service provider network. If a PE router cannot be reached with the ping command, use the following steps to isolate the problem:
Step 1
Router# show ip route vrf PINKRouting Table:PINKCodes:C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS interarea* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not set172.16.0.0/24 is subnetted, 1 subnetsD 172.16.17.0 [90/409600] via 10.10.10.2, 1d15h, Ethernet3/010.0.0.0/24 is subnetted, 1 subnetsC 10.10.10.0 is directly connected, Ethernet3/010.19.0.0/24 is subnetted, 1 subnetsD 10.19.19.0 [90/409600] via 10.10.10.2, 1d15h, Ethernet3/0192.168.0.0/24 is subnetted, 1 subnetsB 192.168.10.0 [200/0] via 10.14.14.14, 1d15hStep 2
Router# show ip cef vrf PINKPrefix Next Hop Interface0.0.0.0/0 drop Null0 (default route handlerentry)0.0.0.0/32 receive172.16.17.0/24 10.10.10.2 Ethernet3/010.19.19.0/24 10.10.10.2 Ethernet3/010.10.10.0/24 attached Ethernet3/010.10.10.0/32 receive10.10.10.1/32 receive10.10.10.2/32 10.10.10.2 Ethernet3/010.10.10.255/32 receive172.16.10.0/24 10.22.10.1 Ethernet2/0224.0.0.0/24 receive255.255.255.255/32 receiveStep 3
Router# show ip cefPrefix Next Hop Interface0.0.0.0/0 drop Null0 (default route handlerentry)0.0.0.0/32 receive10.14.14.14/32 10.22.10.1 Ethernet2/010.15.15.15/32 receive10.16.16.16/32 10.22.10.1 Ethernet2/0172.16.17.17/32 10.22.10.1 Ethernet2/010.22.10.0/24 attached Ethernet2/010.22.10.0/32 receive10.22.10.1/32 10.22.10.1 Ethernet2/010.22.10.2/32 receive10.22.10.255/32 receive10.23.10.0/24 10.22.10.1 Ethernet2/0224.0.0.0/4 drop224.0.0.0/24 receive255.255.255.255/32 receiveIf the VRF route is in the global CEF table, deconfigure and reconfigure CEF.
Verifying EIGRP VRF Configuration Example
To verify EIGRP VRF configuration, perform the following steps:
Step 1
Router# show ip eigrp vrf PINK topologyIP-EIGRP Topology Table for AS(1)/ID(10.10.10.1) Routing Table:PINKCodes:P - Passive, A - Active, U - Update, Q - Query, R - Reply,r - reply Status, s - sia StatusP 172.16.17.0/24, 1 successors, FD is 409600via 10.10.10.2 (409600/128256), Ethernet3/0P 10.19.19.0/24, 1 successors, FD is 409600via 10.10.10.2 (409600/128256), Ethernet3/0P 10.10.10.0/24, 1 successors, FD is 281600via Connected, Ethernet3/0P 172.16.10.0/24, 1 successors, FD is 281600via Redistributed (281600/0)Step 2
Router# show ip bgp vpnv4 vrf PINKBGP table version is 17, local router ID is 10.15.15.15Status codes:s suppressed, d damped, h history, * valid, > best, i -internal,r RIB-failure, S StaleOrigin codes:i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight PathRoute Distinguisher:130:1 (default for vrf PINK)*> 172.16.17.0/24 10.10.10.2 409600 32768 ?*> 10.19.19.0/24 10.10.10.2 409600 32768 ?*> 10.10.10.0/24 0.0.0.0 0 32768 ?*>i172.16.10.0/24 10.14.14.14 0 100 0 ?
Where to Go Next
For more information about the BGP Cost Community feature, refer to the BGP Cost Community feature documentation in Cisco IOS Release 12.0(27)S.
For more information about the EIGRP MPLS VPN PE-CE Site of Origin (SoO) feature, refer to the EIGRP MPLS VPN PE-CE Site of Origin (SoO) feature documentation in Cisco IOS Release 12.0(27)S.
Additional References
The following sections provide references related to the MPLS VPN Support for EIGRP Between Provider Edge and Customer feature:
•
•
Related Documents
BGP Cost Community
BGP Cost Community, Cisco IOS Release 12.0(27)S
CEF commands
Cisco IOS Switching Services Configuration Guide, Release 12.3
CEF configuration tasks
Cisco IOS Switching Services Command Reference, Release 12.3
EIGRP commands
Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3
EIGRP configuration tasks
Cisco IOS IP Configuration Guide, Release 12.3
EIGRP Site of Origin
EIGRP MPLS VPN PE-CE Site of Origin (SoO), Cisco IOS Release 12.0(27)S.
MPLS VPNs
MPLS Virtual Private Networks, Cisco IOS Release 12.0(5)T
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
MIBs
RFCs
Technical Assistance
Command Reference
This section documents new and modified commands only.
•
address-family ipv4 (EIGRP)
To enter IPv4 address family configuration mode to configure an Enhanced Interior Gateway Routing Protocol (EIGRP) Virtual Private Network (VPN), use the address-family ipv4 command in address family configuration mode. To remove the address family from the EIGRP configuration, use the no form of this command.
address-family ipv4 [unicast] [vrf vrf-name]
no address-family ipv4 [unicast] [vrf vrf-name]
Syntax Description
unicast
(Optional) Specifies the unicast subaddress family.
vrf vrf-name
(Optional) Specifies the name of the VRF.
Command Default
A default VRF is automatically created when this command is entered without the vrf keyword.
Command Modes
Address family configuration
Command History
Usage Guidelines
The address-family ipv4 command is used to configure IPv4 address family sessions under EIGRP. To leave address family configuration mode without removing the address family configuration, use the exit-address-family command.
EIGRP VPNs can be configured only under IPv4 address family configuration mode. A virtual routing and forwarding instance (VRF) and route distinguisher must be defined before the address family session can be created.
A single EIGRP routing process can support multiple VRFs. The number of VRFs that can be configured is limited only by available system resources on the router, which is determined by the number of VRFs, running processes, and available memory. However, only a single VRF can be supported by each VPN, and redistribution between different VRFs is not supported.
MPLS VPN support between PE and CE routers is configured only on PE routers that provide VPN services over the service provider backbone. The customer site does not require any changes to equipment or configurations to support the EIGRP VPN. A metric must be configured for routes to be advertised to the CE router. The metric can be configured using the redistribute (IP) command or configured with the default-metric (EIGRP) command.
Examples
The following example, starting in global configuration mode, configures an IPv4 address family session for the VRF named RED:
Router(config)# ip vrf REDRouter(config-vrf)# rd 1:1Router(config-vrf)# exitRouter(config)# router eigrp 1Router(config-router)# address-family ipv4 vrf REDRouter(config-router-af)# autonomous-system 101Router(config-router-af)# network 172.16.0.0Router(config-router-af)# default-metric 10000 100 255 1 1500Router(config-router-af)# exit-address-familyRelated Commands
autonomous-system (EIGRP)
To configure an Enhanced Interior Gateway Routing Protocol (EIGRP) routing process to run within a Virtual Private Network (VPN) routing and forwarding instance (VRF), use the autonomous-system command in address family configuration mode.
autonomous-system as-number
Syntax Description
Command Default
No default behavior or values
Command Modes
Address family configuration
Command History
Usage Guidelines
This command can be configured only if a VRF name is specified when you enter address family configuration mode.
Examples
The following example shows how to exit address family configuration mode:
router eigrp 1address-family ipv4 vrf VRF-NAMEautonomous-system 101Related Commands
clear ip eigrp vrf neighbor
To clear neighbor entries of the specified Enhanced Interior Gateway Routing Protocol (EIGRP) virtual routing and forwarding instance (VRF) from the Routing Information Base (RIB), use the clear ip eigrp vrf command in privileged EXEC mode.
clear ip eigrp vrf {vrf-name as-number} neighbor [interface-number]
Syntax Description
Command Modes
Privileged EXEC
Command History
Examples
The following example shows how to clear EIGRP neighbors reached through the VRF named RED in autonomous system 101:
Router# clear ip eigrp vrf RED 101 neighborThe following example shows how to clear EIGRP neighbors reached through the VRF named GREEN in autonomous-system 101 learned through Ethernet interface 0/0:
Router# clear ip eigrp vrf GREEN 101 neighbor ethernet 0/0Related Commands
default-metric (EIGRP)
To set metrics for the Enhanced Interior Gateway Routing Protocol (EIGRP), use the default-metric command in router configuration mode. To remove the metric value and restore the default state, use the no form of this command.
default-metric bandwidth delay reliability loading mtu
no default-metric bandwidth delay reliability loading mtu
Syntax Description
Command Default
Only connected routes can be redistributed without a default metric. The metric of redistributed connected routes is set to 0.
Command Modes
Address family configuration
Router configurationCommand History
Usage Guidelines
You must use a default metric to redistribute a protocol into EIGRP, unless you use the redistribute command. Automatic metric translations occur between IGRP and EIGRP. You do not need default metrics to redistribute IGRP or EIGRP into itself.
Note
Metric defaults have been carefully set to work for a wide variety of networks. Take great care when changing these values.
Keeping the same metrics is supported only when you are redistributing from IGRP, EIGRP, or static routes.
Examples
The following example shows how the redistributed Routing Information Protocol (RIP) metrics are translated into EIGRP metrics with values as follows: bandwidth = 1000, delay = 100, reliability = 250, loading = 100, and MTU = 1500.
router eigrp 109network 172.16.0.0redistribute ripdefault-metric 1000 100 250 100 1500Related Commands
redistribute (IP)
Redistributes routes from one routing domain into another routing domain.
exit-address-family
To exit from address family configuration mode, use the exit-address-family command in address family configuration mode.
exit-address-family
Syntax Description
This command has no arguments or keywords.
Command Default
No default behavior or values
Command Modes
Address family configuration
Command History
Usage Guidelines
This command is used to exit address family configuration mode.
This command can be abbreviated to exit.
Examples
In the following example, the router is configured to exit address family configuration mode:
Router(config-router-af)# exit-address-familyRouter(config-router-af)#Related Commands
ip vrf
To define a VPN routing and forwarding (VRF) instance and to enter VRF configuration mode, use the ip vrf command in global configuration mode. To remove a VRF instance, use the no form of this command.
ip vrf vrf-name
no ip vrf vrf-name
Syntax Description
Defaults
No VRFs are defined. No import or export lists are associated with a VRF. No route maps are associated with a VRF.
Command Modes
Global configuration
Command History
Usage Guidelines
The ip vrf vrf-name command creates a VRF instance named vrf-name. To make the VRF functional, a route distinguisher must be created using the rd route-distinguisher command in VRF configuration mode. The rd route-distinguisher command creates the routing and forwarding tables and associates the route distinguisher (RD) with the VRF instance named vrf-name.
Examples
The following example shows how to import a route map to a VRF:
ip vrf vpn1rd 100:2route-target both 100:2route-target import 100:1Related Commands
network (EIGRP)
To specify the network for an Enhanced Interior Gateway Routing Protocol (EIGRP) routing process, use the network command in router configuration mode. To remove an entry, use the no form of this command.
network ip-address [wildcard-mask]
no network ip-address [wildcard-mask]
Syntax Description
Command Default
No networks are specified.
Command Modes
Address family
Router configurationCommand History
Usage Guidelines
When the network command is configured for an EIGRP routing process, the router matches one or more local interfaces. The network command matches only local interfaces that are configured with addresses that are within the same subnet as the address that has been configured with the network command. The router then establishes neighbors through the matched interfaces. There is no limit to the number of network statements (network commands) that can be configured on a router.
Examples
The following example configures EIGRP autonomous system 1 and establishes neighbors through network 172.16.0.0 and 192.168.0.0:
router eigrp 1network 172.16.0.0network 192.168.0.0rd
To create routing and forwarding tables for a Virtual Private Network (VPN) routing and forwarding instance (VRF), use the rd command in VRF configuration mode.
rd route-distinguisher
Syntax Description
Command Default
There is no default. A route distinguisher (RD) must be configured for a VRF to be functional.
Command Modes
VRF configuration
Command History
12.0(5)T
This command was introduced.
12.2(27)SBC
This command was integrated into Cisco IOS Release 12.2(27)SBC.
Usage Guidelines
An RD creates routing and forwarding tables and specifies the default route distinguisher for a VPN. The RD is added to the beginning of the customer's IPv4 prefixes to change them into globally unique VPN-IPv4 prefixes.
Either the RD is an ASN-relative RD, in which case it is composed of an autonomous system number and an arbitrary number, or it is an IP-address-relative RD, in which case it is composed of an IP address and an arbitrary number.
You can enter an RD in either of these formats:
16-bit AS number: your 32-bit number
For example, 101:3.32-bit IP address: your 16-bit number
For example, 192.168.122.15:1.Examples
The following example shows how to configure a default RD for two VRFs. It illustrates the use of both AS-relative and IP-address-relative RDs:
Router(config)# ip vrf vrf_blueRouter(config-vrf)# rd 100:3Router (config-vrf)# exitRouter(config)# ip vrf vrf_redRouter(config-vrf)# rd 173.13.0.12:200Related Commands
ip vrf
Configures a VRF routing table.
show ip vrf
Displays the set of defined VRFs and associated interfaces.
redistribute (IP)
To redistribute routes from one routing domain into another routing domain, use the redistribute command in router configuration mode. To disable redistribution, use the no form of this command.
redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}]
[tag tag-value] [route-map map-tag] [subnets]no redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}]
[tag tag-value] [route-map map-tag] [subnets]Syntax Description
Command Default
Route redistribution is disabled.
protocol: No source protocol is defined.
process-id: No process ID is defined.
metric metric-value: 0
metric-type type-value: Type 2 external route
match internal | external: Internal, external 1, external 2
external: Internal
tag tag-value: If no value is specified, the remote autonomous system number is used for routes from BGP and EGP; for other protocols, the default is 0.
route-map map-tag: If the route-map keyword is not entered, all routes are redistributed; if no map-tag value is entered, no routes are imported.
subnets: No subnets are defined.Command Modes
Router configuration
Address family configurationCommand History
Usage Guidelines
Changing or disabling any keyword will not affect the state of other keywords.
A router receiving a link-state protocol with an internal metric will consider the cost of the route from itself to the redistributing router plus the advertised cost to reach the destination. An external metric only considers the advertised metric to reach the destination.
Routes learned from IP routing protocols can be redistributed at Level 1 into an attached area or at Level 2. The level-1-2 keyword allows both Level 1 and Level 2 routes in a single command.
Redistributed routing information must be filtered by the distribute-list out router configuration command. This guideline ensures that only those routes intended by the administrator are passed along to the receiving routing protocol.
Whenever you use the redistribute or the default-information router configuration commands to redistribute routes into an OSPF routing domain, the router automatically becomes an ASBR. However, an ASBR does not, by default, generate a default route into the OSPF routing domain.
When routes are redistributed into OSPF from protocols other than OSPF or BGP, and no metric has been specified with the metric-type keyword and type-value argument, OSPF will use 20 as the default metric. When routes are redistributed into OSPF from BGP, OSPF will use 1 as the default metric. When routes are redistributed from one OSPF process to another OSPF process, Autonomous system (AS) external and not-so-stubby-area (NSSA) routes will use 20 as the default metric. When intra-area and inter-area routes are redistributed between OSPF processes, the internal OSPF metric from the redistribution source process is advertised as the external metric in the redistribution destination process. (This is the only case in which the routing table metric will be preserved when routes are redistributed into OSPF.)
When routes are redistributed into OSPF, only routes that are not subnetted are redistributed if the subnets keyword is not specified.
Routes configured with the connected keyword affected by this redistribute command are the routes not specified by the network router configuration command.
You cannot use the default-metric command to affect the metric used to advertise connected routes.
Note
Default redistribution of IGPs or EGP into BGP is not allowed unless the default-information originate router configuration command is specified.
Examples
The following example shows how OSPF routes are redistributed into a BGP domain:
router bgp 109redistribute ospfThe following example causes Enhanced Interior Gateway Routing Protocol (EIGRP) routes to be redistributed into an OSPF domain:
router ospf 110redistribute eigrpThe following example causes the specified EIGRP process routes to be redistributed into an OSPF domain. The EIGRP-derived metric will be remapped to 100 and RIP routes to 200.
router ospf 109redistribute eigrp 108 metric 100 subnetsredistribute rip metric 200 subnetsThe following example configures BGP routes to be redistributed into IS-IS. The link-state cost is specified as 5, and the metric type will be set to external, indicating that it has lower priority than internal metrics.
router isisredistribute bgp 120 metric 5 metric-type externalIn the following example, network 172.16.0.0 will appear as an external link-state advertisement (LSA) in OSPF 1 with a cost of 100 (the cost is preserved):
interface ethernet 0ip address 172.16.0.1 255.0.0.0ip ospf cost 100interface ethernet 1ip address 10.0.0.1 255.0.0.0!router ospf 1network 10.0.0.0 0.255.255.255 area 0redistribute ospf 2 subnetrouter ospf 2network 172.16.0.0 0.255.255.255 area 0Related Commands
show ip eigrp vrf interfaces
To display information about interfaces that carry VPN routing and forwarding (VRF) information and are configured for Enhanced Interior Gateway Routing Protocol (EIGRP), use the show ip eigrp vrf interfaces command in privileged EXEC mode.
show ip eigrp vrf {vrf-name | *} interfaces [as-number] [interface-type] [detail interface-type] [static interface-type]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use the show ip eigrp vrf interfaces command to display EIGRP interfaces that are defined under the specified VRF. If an interface is specified with the interface-type argument, only the specified interface is displayed. Otherwise, all interfaces on which EIGRP is running as part of the specified VRF are displayed.
Examples
The following is sample output from the show ip eigrp vrf interfaces command:
Router# show ip eigrp vrf VRF-PINK interfacesIP-EIGRP interfaces for process 1Xmit Queue Mean Pacing Time Multicast PendingInterface Peers Un/Reliable SRTT Un/Reliable Flow Timer RoutesEt3/0 1 0/0 131 0/10 528 0Table 2 describes the significant fields shown in the display.
Related Commands
show ip eigrp vrf neighbors
To display Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors that are on interfaces that are part of the specified Virtual Private Network (VPN) routing and forwarding instance (VRF), use the show ip eigrp vrf neighbors command privileged EXEC mode.
show ip eigrp vrf {vrf-name | *} neighbors [as-number] [interface-type] [detail interface-type] [static interface-type]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use the show ip eigrp vrf neighbors command to determine when VRF neighbors become active and inactive. This command is also useful for debugging certain types of transport problems.
Examples
The following is sample output from the show ip eigrp vrf neighbors command:
Router# show ip eigrp vrf VRF-GREEN neighborsIP-EIGRP neighbors for process 1H Address Interface Hold Uptime SRTT RTO QSeq Type(sec) (ms) CntNum0 10.10.10.2 Et3/0 10 1d16h 131 786 0 3Table 3 describes the significant fields shown in the display.
show ip eigrp vrf topology
To display Virtual Private Network (VPN) routing and forwarding instance (VRF) entries in the Enhanced Interior Gateway Routing Protocol (EIGRP) topology table, use the show ip eigrp topology command in privileged EXEC mode.
show ip eigrp vrf {vrf-name | *} topology [as-number] [ip-address [mask]] [active | all-links | pending | summary | zero-successors]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
The show ip eigrp vrf topology command can be used without any keywords or arguments, but you must specify either a VRF name or use the * character as a wild card. If this command entered this way, only routes that are feasible successors are displayed. The show ip eigrp vrf topology command can be used to determine Diffusing Update Algorithm (DUAL) states and to debug possible DUAL problems.
Examples
The following is sample output from the show ip eigrp vrf topology command:
Router# show ip eigrp vrf VRF-PINK topologyIP-EIGRP Topology Table for AS(1)/ID(192.168.10.1) Routing Table:VRF-PINKCodes:P - Passive, A - Active, U - Update, Q - Query, R - Reply,r - reply Status, s - sia StatusP 10.17.17.0/24, 1 successors, FD is 409600via 10.10.10.2 (409600/128256), Ethernet3/0P 172.16.19.0/24, 1 successors, FD is 409600via 10.10.10.2 (409600/128256), Ethernet3/0P 192.168.10.0/24, 1 successors, FD is 281600via Connected, Ethernet3/0P 10.10.10.0/24, 1 successors, FD is 281600via Redistributed (281600/0)Table 4 describes the significant fields shown in the display.
show ip eigrp vrf traffic
To display sent and received statistics for Enhanced Interior Gateway Routing Protocol (EIGRP) Virtual Private Networking (VPN) routing and forwarding instance (VRF) packets, use the show ip eigrp vrf traffic command in privileged EXEC mode.
show ip eigrp vrf {vrf-name | *} traffic [as-number]
Syntax Description
Command Modes
Privileged EXEC
Command History
Examples
The following is sample output from the show ip eigrp vrf traffic command:
Router# show ip eigrp vrf VRF-RED trafficIP-EIGRP Traffic Statistics for AS 101Hellos sent/received: 600/585Updates sent/received: 23/22Queries sent/received: 7/0Replies sent/received: 0/6Acks sent/received: 55/42Input queue high water mark 0, 0 dropsTable 5 describes the significant fields shown in the display.
show ip protocols vrf
To display the routing protocol information associated with a Virtual Private Network (VPN) routing/forwarding instance (VRF), use the show ip protocols vrf command in user EXEC or privileged EXEC mode.
show ip protocols vrf vrf-name
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
Use this command to display routing information associated with a VRF.
Examples
The following example shows information about a VRF named vpn1:
Router# show ip protocols vrf vpn1Routing Protocol is "bgp 100"Sending updates every 60 seconds, next due in 0 secOutgoing update filter list for all interfaces isIncoming update filter list for all interfaces isIGP synchronization is disabledAutomatic route summarization is disabledRedistributing:connected, staticRouting for Networks:Routing Information Sources:Gateway Distance Last Update10.13.13.13 200 02:20:5410.18.18.18 200 03:26:15Distance:external 20 internal 200 local 200Table 6 describes the significant fields shown in the display.
Related Commands
show ip route vrf
To display the IP routing table associated with a Virtual Private Network (VPN) routing and forwarding (VRF) instance, use the show ip route vrf command in user EXEC or privileged EXEC mode.
show ip route vrf vrf-name [connected] [protocol [as-number] [tag] [output-modifiers]] [ip-prefix] [list number [output-modifiers]] [profile] [static [output-modifiers]] [summary [output-modifiers]] [supernets-only [output-modifiers]]
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
This command displays specified information from the IP routing table of a VRF.
Examples
This example shows the IP routing table associated with the VRF named vrf1:
Router# show ip route vrf vrf1Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate defaultU - per-user static route, o - ODRT - traffic engineered routeGateway of last resort is not setB 10.0.0.0/8 [200/0] via 10.13.13.13, 00:24:19C 10.0.0.0/8 is directly connected, Ethernet1/3B 10.0.0.0/8 [20/0] via 10.0.0.1, 02:10:22B 10.0.0.0/8 [200/0] via 10.13.13.13, 00:24:20This example shows BGP entries in the IP routing table associated with the VRF named vrf1:
Router# show ip route vrf vrf1 bgpB 10.0.0.0/8 [200/0] via 10.13.13.13, 03:44:14B 10.0.0.0/8 [20/0] via 10.0.0.1, 03:44:12B 10.0.0.0/8 [200/0] via 10.13.13.13, 03:43:14This example shows the IP routing table associated with a VRF named PATH and network 10.22.22.0:
Router# show ip route vrf PATH 10.22.22.0Routing entry for 10.22.22.0/24Known via "bgp 1", distance 200, metric 0Tag 22, type internalLast update from 10.22.5.10 00:01:07 agoRouting Descriptor Blocks:* 10.22.7.8 (Default-IP-Routing-Table), from 10.11.3.4, 00:01:07 agoRoute metric is 0, traffic share count is 1AS Hops 110.22.1.9 (Default-IP-Routing-Table), from 10.11.1.2, 00:01:07 agoRoute metric is 0, traffic share count is 1AS Hops 110.22.6.10 (Default-IP-Routing-Table), from 10.11.6.7, 00:01:07 agoRoute metric is 0, traffic share count is 1AS Hops 110.22.4.10 (Default-IP-Routing-Table), from 10.11.4.5, 00:01:07 agoRoute metric is 0, traffic share count is 1AS Hops 110.22.5.10 (Default-IP-Routing-Table), from 10.11.5.6, 00:01:07 agoRoute metric is 0, traffic share count is 1AS Hops 1Table 7 describes the significant fields shown when the show ip route vrf vrf-name ip-prefix command is used.
Related Commands
show ip cache
Displays the Cisco Express forwarding table associated with a VRF.
show ip vrf
Displays the set of defined VRFs and associated interfaces.
show ip vrf
To display the set of defined Virtual Private Network (VPN) routing/forwarding instances (VRFs) and associated interfaces, use the show ip vrf command in privileged EXEC mode.
show ip vrf [brief | detail | interfaces | id] [vrf-name] [output-modifiers]
Syntax Description
Defaults
When no keywords or arguments are specified, the command shows concise information about all configured VRFs.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use this command to display information about VRFs. Two levels of detail are available:
•
•
To display information about all interfaces bound to a particular VRF, or to any VRF, use the interfaces keyword. To display information about VPN IDs assigned to a PE router, use the id keyword.
Examples
The following example displays information about all the VRFs configured on the router, including the downstream VRF for each associated VAI. The lines that are highlighted (for documentation purposes only) indicate the downstream VRF.
Router# show ip vrfName Default RD InterfaceD 2:0 Loopback2Virtual-Access3 [D]Virtual-Access4 [D]U 2:1 Virtual-Access3Virtual-Access4Table 8 describes the significant fields shown in the display.
Table 8 show ip vrf Field Descriptions
Name
Specifies the VRF name
Default RD
Specifies the default route distinguisher
Interface
Specifies the network interface
The following example displays detailed information about all of the VRFs configured on the router, including all of the VAIs associated with each VRF:
Router# show ip vrf detailVRF D; default RD 2:0; default VPNID <not set>Interfaces:Loopback2 Virtual-Access3 [D] Virtual-Access4 [D]Connected addresses are not in global routing tableExport VPN route-target communitiesRT:2:0Import VPN route-target communitiesRT:2:1No import route-mapNo export route-mapVRF U; default RD 2:1; default VPNID <not set>Interfaces:Virtual-Access3 Virtual-Access4Connected addresses are not in global routing tableNo Export VPN route-target communitiesImport VPN route-target communitiesRT:2:1No import route-mapNo export route-mapTable 9 describes the significant fields shown in the display.
The following example shows the interfaces bound to a particular VRF:
Router# show ip vrf interfacesInterface IP-Address VRF ProtocolEthernet2 130.22.0.33 blue_vrf upEthernet4 130.77.0.33 hub upRouter#Table 10 describes the significant fields shown in the display.
The following is sample output that shows all the VPN IDs that are configured in the router and their associated VRF names and VRF route distinguishers (RDs):
Router# show ip vrf idVPN Id Name RD2:3 vpn2 <not set>A1:3F6C vpn1 100:1Table 11 describes the significant fields shown in the display.
Table 11 show ip vrf id Field Descriptions
VPN ID
Specifies the VPN ID assigned to the VRF
Name
Specifies the VRF name
RD
Specifies the route distinguisher
Related Commands
© 2003, 2005 Cisco Systems, Inc. All rights reserved.
