Table Of Contents
Implementing SBC Multi-VRF
Contents
Prerequisites—Implementing Multi-VRF
Information About Implementing Multi-VRF
VRF-Aware DNS Query
Implementing Multi-VRF
Configuring Multi-VRF
Configuring a VRF-Aware DNS Query
This task configures a DNS query for a VRF.
Associating an H.323 Adjacency with a VRF
Associating a SIP Adjacency with a VRF
Configuring DBE with VRF—Distributed Model Only
Configuration Examples for Implementing Multi-VRF
Configuring Multi-VRF: Example
DNS Query Configuration: Example
Associating an H.323 Adjacency with a VRF: Example
Associating a SIP Adjacency with a VRF: Example
Configuring DBE with VRF (Distributed Model Only): Example
Implementing SBC Multi-VRF
The Session Border Controller (SBC) provides support for multi-VRF (VPN routing and forwarding) on customer edge (CE) devices. This feature provides the capability of suppressing provider edge (PE) checks to prevent loops when the PE is performing a mutual redistribution of packets.
Note 
VRF is only supported in DBE media address and SBE AAA/H248 control address; DBE H248 control address does not support VRF.
Note For ACE SBC Release 3.0.00 and later releases, this feature is supported in both the unified model and the distributed model.
For a complete description of commands used in this chapter, refer to Chapter 39, "Cisco Session Border Controller Commands." To locate documentation for other commands that appear in this chapter, use the command reference master index, or search online.
Feature History for Implementing SBC Multi-VRF
Release
|
Modification
|
ACE SBC Release 3.0.1
|
Added support for VRF-Aware DNS Query.
|
ACE SBC Release 3.0.00
|
Added support for SBC unified model.
The following sections were added:
•Configuring Multi-VRF
•Associating an H.323 Adjacency with a VRF
•Associating a SIP Adjacency with a VRF
|
ACE SBC Release 2.0.00
|
This feature was introduced on the Cisco 7600 series router.
|
Contents
This module contains the following sections:
•Prerequisites—Implementing Multi-VRF
•Information About Implementing Multi-VRF
•Implementing Multi-VRF
•Configuration Examples for Implementing Multi-VRF
Prerequisites—Implementing Multi-VRF
The following prerequisites are required to implement SBC multi-VRF:
•On the Application Control Engine Module (ACE), you must be an Admin user to enter SBC commands. For more information, see the Application Control Engine Module Administration Guide at: http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_book09186a00806838f4.html.
•Before implementing multi-VRF, the SBC must already be created. See the procedures described in Chapter 2, "ACE Configuration Prerequisites for the SBC."
Information About Implementing Multi-VRF
The SBC support for multi-VRF on customer edge (CE) devices (that is, customer premises routers) feature provides the capability of suppressing PE checks that are needed to prevent loops when the PE is performing a mutual redistribution of packets. Multi-VRF allows for the use of only one router to accomplish the tasks that multiple routers usually perform. It runs on a network without the requirement of MPLS and BGP installed.
When VRF is used on a router that is not a PE, the checks can be turned off to allow for correct population of the VRF routing table with routes to IP prefixes. Multi-VRF is also important because virtual private network (VPN) functionality is not completely supported on low-end systems. Multi-VRF provides logical separation of routing instances (and by the implication address space) within one router.
The following summarizes the features of multi-VRF:
•Allows a single physical router to be split into multiple virtual routers, where each router contains its own set of interfaces, routing table, and forwarding table. SBC supports multiple (overlapping and independent) routing tables (addressing) per customer. Virtual routing contexts are used to separate routing domains within a single router.
•Multi-VRF can be used where multiple routers are required but only one is available.
•One physical interface can belong to multiple virtual routers through the usage of subinterfaces (Frame Relay, ATM, VLANs).
•BGP and MPLS are not used.
•No connectivity is provided between VRFs (would require using BGP for internal exporting and importing between VRFs).
•When a call is placed between two endpoints in the same VPN site, SBC can route the media directly between them, to reduce network utilization.
•Multi-VRF on SBC provides optimization where both endpoints are on the same VPN, by turning media bypass on.
For ACE SBC Release 3.0.00, by default, all adjacencies on the same VPN have media bypass turned on. Media bypass can be turned off by using the media-bypass-forbid command (this command is implemented for CAC policies only).
Note The VRF name under the adjacency must match the context name.
VRF-Aware DNS Query
This feature allows the SBC to query DNS per VRF. Before ACE SBC Release 3.0.1, all DNS queries were performed within the Admin context; this feature allows DNS queries to be performed on a per-context basis.
Implementing Multi-VRF
Implementing SBC multi-VRF is described in the following sections:
•Configuring Multi-VRF
•Associating a SIP Adjacency with a VRF
•Configuring DBE with VRF—Distributed Model Only
Configuring Multi-VRF
This task configures the router with the SBC running in multi-VRF mode in unified deployment mode. Note the relationship between the interface and SBC's service virtual interface (SVI), adjacency, and data border element (DBE) media-address as required.
SUMMARY STEPS
1. configure
2. context vrf
3. allocate-interface
4. exit
5. ft peer
6. heartbeat interval
7. heartbeat count
8. ft-interface vlan
9. exit
10. ft group
11. peer
12. priority
13. peer priority
14. associate-context
15. inservice
16. ft group
17. peer
18. priority
19. peer priority
20. associate-context
21. inservice
22. exit
23. exit
24. changeto
25. configure
26. interface vlan
27. ip address
28. alias
29. peer ip address
30. no shutdown
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
host1/Admin# configure
host1/Admin(config)#
|
Enter ACE module configuration mode.
|
Step 2
|
context
Example:
host1/Admin(config)# context my_vrf1
|
Creates a context.
Note The vrf name under the adjacency must match the context name.
The example creates a new context my_vrf1.
|
Step 3
|
allocate-interface vlan
Example:
host1/Admin(config-context)# allocate-interface
vlan 100
|
Allocates VLAN 100 to context my_vrf1 to allow the context to receive the traffic classified for VLAN 100.
|
Step 4
|
exit
Example:
host1/Admin(config)# exit
|
Exit from config-context mode.
|
Step 5
|
ft peer
Example:
host1/Admin(config)# ft peer 1
host1/Admin(config-ft-peer)#
|
Configures an FT peer and accesses FT peer configuration mode.
|
Step 6
|
heartbeat interval frequency
Example:
host1/Admin(config-ft-peer)# heartbeat interval
100
|
Configures the heartbeat interval for verification timing between active and standby FT peers.
|
Step 7
|
heartbeat count number
Example:
host1/Admin(config-ft-peer)# heartbeat count 10
|
Configures the heartbeat count for verification timing between active and standby FT peers.
|
Step 8
|
ft-interfac vlan vlan_id
Example:
host1/Admin(config-ft-peer)# ft-interface vlan
99
|
Associates an existing FT VLAN with a peer.
|
Step 9
|
exit
Example:
host1/Admin(config)# exit
|
Exit from config-ft-peer mode.
|
Step 10
|
ft group
Example:
host1/Admin(config)# ft group 1
host1/Admin(config-ft-group)#
|
Configures ft group 1 with the default (Admin) context.
|
Step 11
|
peer
Example:
host1/Admin(config-ft-group)# peer 1
|
Associates a peer ACE with an FT group.
|
Step 12
|
priority
Example:
host1/Admin(config-ft-group)# priority 150
|
Configures the priority of the active group member.
|
Step 13
|
peer priority
Example:
host1/Admin(config-ft-group)# peer priority 50
|
Configures the priority of an FT group on the remote standby member.
|
Step 14
|
associate-context
Example:
host1/Admin(config-ft-group)# associate-context
my_vrf1
|
Associates a context with an FT group.
|
Step 15
|
inservice
Example:
host1/Admin(config-ft-group)# inservice
|
Places an FT group in service.
|
Step 16
|
ft group
Example:
host1/Admin(config)# ft group 2
host1/Admin(config-ft-group)#
|
Configures another ft group with non-Admin context.
|
Step 17
|
peer
Example:
host1/Admin(config-ft-group)# peer 1
|
Associates a peer ACE with an FT group.
|
Step 18
|
priority
Example:
host1/Admin(config-ft-group)# priority 150
|
Configures the priority of the active group member.
|
Step 19
|
peer priority
Example:
host1/Admin(config-ft-group)# peer priority 50
|
Configures the priority of an FT group on the remote standby member.
|
Step 20
|
associate-context
Example:
host1/Admin(config-ft-group)# associate-context
my_vrf1
|
Associates a context with an FT group.
|
Step 21
|
inservice
Example:
host1/Admin(config-ft-group)# inservice
|
Places an FT group in service.
|
Step 22
|
exit
Example:
host1/Admin(config-ft-group)# exit
|
Exit from config-ft-group mode.
|
Step 23
|
exit
Example:
host1/Admin(config)# exit
|
Exit from config mode.
|
Step 24
|
changeto
Example:
host1/Admin# changeto my_vrf1
Router/vrf1#
|
Moves from one context on the ACE to another context.
|
Step 25
|
configure
Example:
host1/my_vrf1# configure
host1/(config)#
|
Enter configuration mode of context my_vrf1.
|
Step 26
|
interface vlan
Example:
host1/vrf1(config)# interface vlan 100
|
Creates a VLAN interface.
The example creates an SVI using VLAN 100.The VLAN was assigned to this context from the Admin context in Step 3.
|
Step 27
|
ip address
Example:
host1/vrf1(config-if)# ip address 77.101.1.2
255.255.255.0
|
Assigns an IP address to a VLAN interface.
|
Step 28
|
alias
Example:
host1/vrf1(config-if)# alias 77.101.1.100
255.255.255.0
|
Configures an IP address that floats between active and standby modules for a VLAN interface.
|
Step 29
|
peer ip address
Example:
host1/vrf1(config-if)# peer ip address
77.101.1.3 255.255.255.0
|
Configures the IP address of a standby module for the VLAN interface.
|
Step 30
|
no shutdown
Example:
host1/my_vrf1(config-if)# no shutdown
|
Enables an interface for use.
|
Configuring a VRF-Aware DNS Query
This task configures a DNS query for a VRF.
SUMMARY STEPS
1. configure
2. context vrf
3. allocate-interface vlan
4. exit
5. sbc sbc-name
6. sbe
7. sip dns
8. cache-lifetime 0-1879048
9. cache-limit 0-4294967295
10. exit
11. adjacency sip adjacency-name
12. vrf vrf_name
13. exit
14. exit
15. exit
16. exit
17. changeto context_name
18. configure
19. ip domain-lookup
20. ip domain-name
21. ip name-server
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
host1/Admin# configure
|
Enter ACE module configuration mode.
|
Step 2
|
context
Example:
host1/Admin(config)# context my_vrf1
|
Creates a context.
Note The vrf name under the adjacency must match the context name.
The example creates a new context my_vrf1.
|
Step 3
|
allocate-interface vlan
Example:
host1/Admin(config-context)# allocate-interface
vlan 100
|
Allocates VLAN 100 to context my_vrf1 to allow the context to receive the traffic classified for VLAN 100.
|
Step 4
|
exit
Example:
host1/Admin(config)# exit
|
Exits the current mode.
|
Step 5
|
sbc sbc-name
Example:
host1/Admin(config)# sbc mySbc
|
Creates the SBC service on the SBC and enters into SBC configuration mode.
|
Step 6
|
sbe
Example:
host1/Admin(config-sbc)# sbe
|
Creates the SBE service on an SBC and enters into the SBC-SBE configuration mode.
|
Step 7
|
sip dns
Example:
host1/Admin(config-sbc-sbe)# sip dns
|
Enters the SIP DNS configuration mode.
|
Step 8
|
cache-lifetime 0-1879048
Example:
host1/Admin(config-sbe-dns)# cache-lifetime 444
|
Configures the lifetime of any DNS entries in the DNS cache.
|
Step 9
|
cache-limit 0-4294967295
Example:
host1/Admin(config-sbe-dns)# cache-limit 14
|
Configures the maximum number of entries that are permitted in the DNS cache.
|
Step 10
|
exit
Example:
host1/Admin(config-sbe-dns)# exit
|
Exits the current mode.
|
Step 11
|
adjacency sip adjacency-name
Example:
host1/Admin(config-sbc-sbe)# vrf vpn3
|
Configures an adjacency for an SBC service.
|
Step 12
|
vrf vrf_name
Example:
host1/Admin(config-sbc-sbe-adj-sip)# vrf vpn3
|
Configures a SIP adjacency tied to a specific VPN.
|
Step 13
|
exit
Example:
host1/Admin(config-sbc-sbe-adj-sip)# exit
|
Exits the current mode.
|
Step 14
|
exit
Example:
host1/Admin(config-sbc-sbe-adj)# exit
|
Exits the current mode.
|
Step 15
|
exit
Example:
host1/Admin(config-sbe)# exit
|
Exits the current mode.
|
Step 16
|
exit
Example:
host1/Admin(config)# exit
|
Exits the current mode.
|
Step 17
|
changeto context_name
Example:
host1/Admin# changeto vrf120
|
Moves from one context on the ACE to another context.
|
Step 18
|
configure
Example:
host1/Admin# configure
|
Enters ACE module configuration mode.
|
Step 19
|
ip domain-lookup
Example:
host1/Admin(config)# ip domain-lookup
|
Enables the ACE module to perform a domain lookup (host-to-address translation) with a DNS server.
|
Step 20
|
ip domain-name
Example:
host1/Admin(config)# ip domain-name cisco.com
|
Configures a default domain name.
|
Step 21
|
ip name-server
Example:
host1/Admin(config)# ip name-server
192.168.12.15
|
Configures a DNS name server on the ACE module. You can configure a maximum of three DNS name servers.
|
Associating an H.323 Adjacency with a VRF
This task associates an H.323 adjacency with a VPN.
SUMMARY STEPS
1. adjacency h323 adjacency-name
2. vrf vrf_name
3. signaling-address ipv4 local_signaling_IP_address
4. signaling-port port_num
5. remote-address ipv4 remote_IP_address/prefix
6. signaling-peer [gk] peer_address
7. signaling-peer-port port_num
8. account account_name
9. media-bypass (Optional command)
10. media-bypass-forbid
11. attach
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
adjacency h323 adjacency-name
Example:
host1/Admin(config-sbc-sbe)# adjacency h323
h323my_vrf1
host1/Admin(config-sbc-sbe-adj-h323)#
|
Enters the mode of an SBE H.323 adjacency.
•Use the adjacency-name argument to define the name of the service.
|
Step 2
|
vrf vrf_name
Example:
host1/Admin(config-sbc-sbe-adj-h323)# vrf
my_vrf1
|
Ties an H.323 adjacency to a specific VPN.
Note The vrf name under the adjacency must match the context name.
|
Step 3
|
signaling-address ipv4
local_signaling_IP_address
Example:
host1/Admin(config-sbc-sbe-adj-h323)#
signaling-address ipv4 88.88.101.11
|
Specifies the local IPv4 signaling address of the H.323 adjacency.
|
Step 4
|
signaling-port port_num
Example:
host1/Admin(config-sbc-sbe-adj-h323)#
signaling-port 1720
|
Specifies the local signaling port of the H.323 adjacency.
|
Step 5
|
remote-address ipv4 ipv4_IP_address/prefix
Example:
host1/Admin(config-sbc-sbe-adj-h323)#
remote-address ipv4 10.10.101.4 255.255.255.255
|
Restricts the set of remote signaling peers contacted over the adjacency to those with the given IP address prefix.
|
Step 6
|
signaling-peer [gk] peer_address
Example:
host1/Admin(config-sbc-sbe-adj-h323)#
signaling-peer gk 10.10.101.4
|
Specifies the remote signaling peer for the H.323 adjacency to use.
|
Step 7
|
signaling-peer-port port_num
Example:
host1/Admin(config-sbc-sbe-adj-h323)#
signaling-peer-port 1720
|
Specifies the remote signaling-peer port for the H.323 adjacency to use.
|
Step 8
|
account account_name
Example:
host1/Admin(config-sbc-sbe-adj-h323)# account
h323-vrf1
|
Defines the H.323 adjacency as belonging to an account on an SBE.
|
Step 9
|
media-bypass
Example:
host1/Admin(config-sbc-sbe-adj-h323)#
media-bypass
|
(Optional) Configure the adjacency to allow media traffic to bypass the DBE.
This command is optional and will only work on one adjacency.
|
Step 10
|
media-bypass-forbid
Example:
host1/Admin(config-sbc-sbe-adj-h323)#
media-bypass-forbid
|
Configures the H.323 adjacency to forbid media traffic to bypass the DBE.
If this is not configured, media traffic for calls originating and terminating on this adjacency flows directly between the endpoints and does not pass through the DBE, as long as both adjacencies are on the same VPN.
|
Step 11
|
attach
Example:
host1/Admin(config-sbc-sbe-adj-h323)# attach
|
Attaches the adjacency.
|
Associating a SIP Adjacency with a VRF
This task associates a SIP adjacency with a VPN.
SUMMARY STEPS
1. adjacency sip adjacency-name
2. vrf vrf_name
3. signaling-address ipv4 local_signaling_IP_address
4. signaling-port port_num
5. remote-address ipv4 local_signaling_IP_address/prefix
6. local-id host name
7. signaling-peer [gk] peer_address
8. signaling-peer-port port_num
9. account account-name
10. media-bypass (optional)
11. media-bypass-forbid
12. attach
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
adjacency sip adjacency-name
Example:
host1/Admin(config-sbc-sbe)# adjacency sip
sip_vrf1
host1/Admin(config-sbc-sbe-adj-sip)#
|
Enters the mode of an SBE SIP adjacency.
•Use the adjacency-name argument to define the name of the service.
|
Step 2
|
vrf vrf_name
Example:
host1/Admin(config-sbc-sbe-adj-sip)# vrf
my_vrf1
|
Ties an H.323 adjacency to a specific VPN.
Note The vrf name under the adjacency must match the context name.
|
Step 3
|
signaling-address ipv4 ipv4_IP_address
Example:
host1/Admin(config-sbc-sbe-adj-sip)#
signaling-address ipv4 88.88.88.88.101.11
|
Specifies the local IPv4 signaling address of the SIP adjacency.
|
Step 4
|
signaling-port port_num
Example:
host1/Admin(config-sbc-sbe-adj-sip)#
signaling-port 5060
|
Specifies the local signaling port of the SIP adjacency.
|
Step 5
|
remote-address ipv4 remote_IP_address/prefix
Example:
host1/Admin(config-sbc-sbe-adj-sip)#
remote-address ipv4 10.10.101.4 255.255.255.255
|
Restricts the set of remote signaling peers contacted over the adjacency to those with the given IP address prefix.
|
Step 6
|
local-id host address
Example:
host1/Admin(config-sbc-sbe-adj-sip)# local-id
host 88.88.101.11
|
Configures the local identity name on a SIP adjacency.
|
Step 7
|
signaling-peer [gk] peer_address
Example:
host1/Admin(config-sbc-sbe-adj-sip)#
signaling-peer 10.10.101.4
|
Specifies the remote signaling peer for the SIP adjacency to use.
|
Step 8
|
signaling-peer-port port_num
Example:
host1/Admin(config-sbc-sbe-adj-sip)#
signaling-peer-port 5060
|
Specifies the remote signaling-peer port for the SIP adjacency to use.
|
Step 9
|
account account_name
Example:
host1/Admin(config-sbc-sbe-adj-sip)# account
sip-vrf1
|
Defines the SIP adjacency as belonging to an account on an SBE.
|
Step 10
|
media-bypass
Example:
host1/Admin(config-sbc-sbe-adj-sip)#
media-bypass
|
(Optional) Configures the adjacency to allow media traffic to bypass the DBE.
This command is optional and only works on one adjacency.
|
Step 11
|
media-bypass-forbid
Example:
host1/Admin(config-sbc-sbe-adj-sip)#
media-bypass-forbid
|
Configures the SIP adjacency to forbid media traffic to bypass the DBE.
If this is not configured, media traffic for calls originating and terminating on this adjacency flows directly between the endpoints and does not pass through the DBE, as long as both adjacencies are on the same VPN.
|
Step 12
|
attach
Example:
host1/Admin(config-sbc-sbe-adj-sip)# attach
|
Attaches the adjacency.
|
Configuring DBE with VRF—Distributed Model Only
This task configures DBE with VRF in the distributed model.
SUMMARY STEPS
1. configure
2. sbc sbc-name
3. dbe
4. vdbe global
5. unexpected-source-alerting
6. local-port abcd
7. control-address h248 ipv4 A.B.C.D
8. controller h248 controller-index
9. remote-address ipv4 remote-address
10. remote-port [port-num]
11. transport [udp | tcp]
12. attach-controllers
13. media-address pool ipv4 A.B.C.D E.F.G.H vrf vrfname
14. media-timeout timeout
15. overload-time-threshold time
16. deact-mode
17. activate
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure
Example:
host1/Admin# configure
|
Accesses the configuration mode.
|
Step 2
|
sbc sbc-name
Example:
host1/Admin(config)# sbc mySbc
|
Creates the SBC service on the SBC and enters into SBC configuration mode.
|
Step 3
|
dbe
Example:
host1/Admin(config-sbc)# dbe
|
Creates the DBE service on an SBC and enter into the SBC-DBE configuration mode.
|
Step 4
|
vdbe [global]
Example:
host1/Admin(config-sbc-dbe)# vdbe
|
Enters into vDBE configuration submode.
Note In the initial release only one vDBE (the global vDBE) is supported. The vdbe name is not required. If specified, it must be global.
|
Step 5
|
unexpected-source-alerting
Example:
host1/Admin(config-sbc-dbe-vdbe-global)#
unexpected-source-alerting
|
Sets alerting for unexpected source addresses.
The no form of this command removes alerting for any unexpected source addresses that are received.
|
Step 6
|
local-port {abcd}
Example:
host1/Admin(config-sbc-dbe)# local-port 5090
|
Configures a DBE to use a specific local port.
|
Step 7
|
control-address h248 ipv4 A.B.C.D
Example:
host1/Admin(config-sbc-dbe)# control-address
h248 ipv4 10.0.0.1
|
Configures a DBE to use a specific IPv4 H.248 control address.
|
Step 8
|
controller h248 controller-index
Example:
host1/Admin(config-sbc-dbe)# controller h248 1
|
Identifies the H.248 controller for the DBE and enters into Controller H.248 configuration mode.
|
Step 9
|
remote-address ipv4 remote-address
Example:
host1/Admin(config-sbc-dbe-vdbe-h248)#
remote-address ipv4 1.1.1.1
|
Configures the IPv4 remote address of the H.248 controller.
|
Step 10
|
remote-port [port-num]
Example:
host1/Admin(config-sbc-dbe-h248)# remote-port
2094
|
Defines the port to connect to on the SBE for an H.248 controller.
|
Step 11
|
transport udp
Example:
host1/Admin(config-sbc-dbe-h248)# transport udp
|
Configures a DBE to use User Datagram Protocol (UDP) for H.248 control signaling.
|
Step 12
|
attach-controllers
Example:
host1/Admin(config-sbc-dbe)# attach-controllers
|
Configure a DBE to attach to an H.248 controller.
|
Step 13
|
media-address pool ipv4 A.B.C.D E.F.G.H vrf
vrfname
Example:
host1/Admin(config-sbc-dbe)# media-address pool
ipv4 10.10.10.1 10.10.10.20 vrf my_vrf1
|
Create a pool of sequential IPv4 media addresses for an IPv4 address associated with a specific VRF instance.
Note The vrf name under the adjacency must match the context name.
|
Step 14
|
media-timeout timeout
Example:
host1/Admin(config-sbc-dbe)# media-timeout 10
|
Sets the maximum time a DBE waits after receiving the last media packet on a call and before cleaning up the call resources.
|
Step 15
|
overload-time-threshold time
Example:
host1/Admin(config-sbc-dbe)#
overload-time-threshold 400
|
Configures the threshold for media gateway (MG) overload control detection.
|
Step 16
|
deact-mode normal
Example:
host1/Admin(config-sbc-dbe)# deactivation-mode
normal
|
Specifies that the DBE of an SBC signals a service change and terminates all calls upon deactivation of the DBE service.
|
Step 17
|
activate
Example:
host1/Admin(config-sbc-dbe)# activate
|
Initiates the SBC service.
|
Configuration Examples for Implementing Multi-VRF
This section provides the following configuration examples:
•Configuring Multi-VRF: Example
•Associating an H.323 Adjacency with a VRF: Example
•Associating a SIP Adjacency with a VRF: Example
•Configuring DBE with VRF (Distributed Model Only): Example
Configuring Multi-VRF: Example
This sample configuration shows how the Service Virtual Interface (SVI) and adjacencies are added to associate a VPN to them.
1. Configure the line card interface associated with vrf my_vrf1 on Supervisor.
2. Configure the line card interface associated with vrf my_vrf1 on supervisor.
interface GigabitEthernet1/3
description ''Connected to CAT-3550-101 Fa 0/13 vlan919''
ip address 10.122.3.3 255.255.255.0
ip address 99.101.1.1 255.255.255.0
3. Configure the context on ACE card and assign the VLAN.
allocate-interface vlan 99
4. Configure the FT group.
Note You must configure the FT group 1 with the default (Admin) context (in this instance, my_vrf1).
associate-context my_vrf1
5. Configure the interface on my_vrf1 context for which you need to use change to CLI for changing the context.
ACE-101-UUT1-1/Admin# changeto my_vrf1
ip address 99.101.1.2 255.255.255.0
alias 99.101.1.100 255.255.255.0
peer ip address 99.101.1.3 255.255.255.0
ip route 10.0.0.0 255.0.0.0 99.101.1.1
ip route 100.0.0.0 255.0.0.0 99.101.1.1
6. Configure the DBE.
media-address pool ipv4 88.88.101.12 88.88.101.15 vrf my_vrf1
DNS Query Configuration: Example
This sample configuration configures a DNS query.
allocate-interface vlan 110
allocate-interface vlan 120
host1/Admin# changeto vrf110
ip name-server 192.168.110.2
host1/Admin# changeto vrf120
ip name-server 192.168.120.2
Associating an H.323 Adjacency with a VRF: Example
This sample configuration creates an H.323 adjacency associated with a VPN.
adjacency h323 h323my_vrf1
signaling-address ipv4 88.88.101.11
remote-address ipv4 10.10.101.4 255.255.255.255
signaling-peer 10.10.101.4
Associating a SIP Adjacency with a VRF: Example
This example configuration creates a SIP adjacency associated with a VPN. Note that there is an ft group configured for each context.
ip address 10.10.10.15 255.255.255.0
peer ip address 10.10.10.16 255.255.255.0
ip route 10.10.0.0 255.255.0.0 101.101.101.100 ip route 20.20.20.0 255.255.255.0
101.101.101.4
allocate-interface vlan 100
associate-context vlan100
username admin password 5 $1$faXJEFBj$TJR1Nx7sLPTi5BZ97v08c/ role Admin domain
default-domain username www password 5 $1$UZIiwUk7$QMVYN1JASaycabrHkhGcS/ role Admin
domain default-domain
inherit profile preset-core
redirect-mode pass-through
authentication nonce timeout 300
signaling-address ipv4 101.101.101.3
remote-address ipv4 0.0.0.0 0.0.0.0
signaling-peer 101.101.101.5
inherit profile preset-access
redirect-mode pass-through
authentication nonce timeout 300
signaling-address ipv4 101.101.101.3
remote-address ipv4 0.0.0.0 0.0.0.0
signaling-peer 101.101.101.4
inherit profile preset-core
redirect-mode pass-through
authentication nonce timeout 300
signaling-address ipv4 101.101.101.3
remote-address ipv4 0.0.0.0 0.0.0.0
signaling-peer 101.101.101.5
sip inherit profile preset-standard-non-ims
first-call-routing-table invite-table
first-reg-routing-table start-table
rtg-src-adjacency-table invite-table
rtg-src-adjacency-table start-table
udp-response-linger-period 32000
udp-first-retransmit-interval 500
udp-max-retransmit-interval 4000
media-address ipv4 101.101.101.160 vrf vlan100 port-range 11000 20000 any
newace4/Admin# changeto vlan100
Generating configuration....
ip address 101.101.101.1 255.255.255.0
alias 101.101.101.3 255.255.255.0
peer ip address 101.101.101.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 101.101.101.100
Configuring DBE with VRF (Distributed Model Only): Example
In this example, a context called my_vrf1 is created and a VLAN is allocated for my_vrf1.
context my_vrf1
allocate-interface vlan 97
A fault-tolerant group is created and associated with the context my_vrf1.
ft group 2
peer 1
priority 127
peer priority 126
associate-context my_vrf1
inservice
An SBC is configured with a media address associated to the my_vrf1 context.
sbc j
dbe
vdbe global
unexpected-source-alerting
local-port 2985
control-address h248 ipv4 87.87.29.100
controller h248 1
remote-address ipv4 200.200.200.123
remote-port 2985
transport udp
attach-controllers
media-address ipv4 97.97.29.100 vrf my_vrf1
media-address pool ipv4 87.87.29.100 87.87.29.101
media-timeout 3600
overload-time-threshold 100
deact-mode normal
activate
(in the newly created context my_vrf1)
An VLAN interface is created
interface vlan 97
ip address 97.97.29.2 255.255.255.0
alias 97.97.29.100 255.255.255.0
peer ip address 97.97.29.252 255.255.255.0
no shutdown
ip route 200.200.200.0 255.255.255.0 97.97.29.1
ip route 20.20.29.0 255.255.255.0 97.97.29.1
The VLAN interface is associated with my_vrf1 on the supervisor engine:
interface Vlan 97
vrf forwarding my_vrf1
ip address 97.97.29.1 255.255.255.0
