Table Of Contents
VRF Aware System Message Logging (Syslog)
Finding Feature Information
Contents
Prerequisites for VRF Aware System Message Logging
Restrictions for VRF Aware System Message Logging
Information About VRF Aware System Message Logging
VRF Aware System Message Logging Benefit—Monitoring and Troubleshooting Network Traffic Connected Through a VRF
VRF Aware System Message Logging on Provider Edge Router in an MPLS VPN Network
VRF Aware System Message Logging on a Customer Edge Device with VRF-Lite Configured
Message Levels for Logging Commands
How to Configure and Verify VRF Aware System Message Logging
Configuring a VRF on a Routing Device
Associating a VRF with an Interface
Configuring VRF Aware System Message Logging on a Routing Device
Prerequisites
Verifying VRF Aware System Message Logging Operation
Configuration Examples for VRF Aware System Message Logging
Configuring a VRF on a Routing Device: Example
Associating a VRF with an Interface: Example
Configuring VRF Aware System Message Logging on a Routing Device: Example
Additional References
Related Documents
Standards
MIBs
RFCs
Technical Assistance
Command Reference
Feature Information for VRF Aware System Message Logging
Glossary
VRF Aware System Message Logging (Syslog)
First Published: June 12, 2006
Last Updated: September 23, 2008
The VRF Aware System Message Logging (Syslog) feature allows a router to send system logging (syslog) messages to a syslog server host connected through a Virtual Private Network (VPN) routing and forwarding (VRF) interface.
You can use logging information for network monitoring and troubleshooting. This feature extends this capability to network traffic connected through VRFs.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for VRF Aware System Message Logging" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•Prerequisites for VRF Aware System Message Logging
•Restrictions for VRF Aware System Message Logging
•Information About VRF Aware System Message Logging
•How to Configure and Verify VRF Aware System Message Logging
•Configuration Examples for VRF Aware System Message Logging
•Additional References
•Command Reference
•Feature Information for VRF Aware System Message Logging
•Glossary
Prerequisites for VRF Aware System Message Logging
You must configure a VRF on a routing device and associate the VRF with an interface (see "Associating a VRF with an Interface" section) before you can configure the VRF Aware System Message Logging feature.
Restrictions for VRF Aware System Message Logging
You cannot specify a source address for VRF system logging messages. The VRF Aware System Message Logging feature uses the VRF interface address as the source address for all VRF-aware system logging messages.
Information About VRF Aware System Message Logging
You should understand the following concepts before configuring the VRF Aware System Message Logging feature:
•VRF Aware System Message Logging Benefit—Monitoring and Troubleshooting Network Traffic Connected Through a VRF
•VRF Aware System Message Logging on Provider Edge Router in an MPLS VPN Network
•VRF Aware System Message Logging on a Customer Edge Device with VRF-Lite Configured
•Message Levels for Logging Commands
VRF Aware System Message Logging Benefit—Monitoring and Troubleshooting Network Traffic Connected Through a VRF
A VPN routing and VRF instance is an extension of IP routing that provides multiple routing instances. A VRF provides a separate IP routing and forwarding table to each VPN. You must configure a VRF on a routing device before you configure the VRF Aware System Message Logging feature.
After you configure the VRF Aware System Message Logging feature on a routing device, the device can send syslog messages to a syslog host through a VRF interface. Then you can use logging messages to monitor and troubleshoot network traffic connected through a VRF. Without the VRF Aware System Message Logging feature on a routing device, you do not have this benefit; the routing device can send syslog messages to the syslog host only through the global routing table.
You can receive system logging messages through a VRF interface on any router where you can configure a VRF, that is:
•On a provider edge (PE) router that is used with Multiprotocol Label Switching (MPLS) and multiprotocol Border Gateway Protocol (BGP) to provide a Layer 3 MPLS VPN network service.
•On a customer edge (CE) device (switch or router) that is configured for VRF-Lite, which is a VRF implementation without multiprotocol BGP.
VRF Aware System Message Logging on Provider Edge Router in an MPLS VPN Network
You can configure the VRF Aware System Message Logging feature on a PE router in a Layer 3 MPLS VPN network. The PE router can then send syslog messages through a VRF interface to a syslog server located in the VPN.
Figure 1 shows an MPLS VPN network and the VRF Aware System Message Logging feature configured on a PE router associated with VRF VPN1. The PE router sends log messages through a VRF interface to a syslog server located in VPN1. You can display the messages from the syslog server on a terminal.
Figure 1 MPLS VPN and VRF Aware System Message Logging Configured on a Customer Edge Router
VRF Aware System Message Logging on a Customer Edge Device with VRF-Lite Configured
You can configure the VRF Aware System Message Logging feature on a CE device where you have configured the VRF-Lite feature. The CE device can then send syslog messages through a VRF interface to syslog servers in multiple VPNs. The CE device can be either a router or a switch.
Figure 2 shows the VRF Aware System Message Logging feature configured on a VRF-Lite CE device. The CE device can send VRF syslog messages to syslog servers in VPN1 or VPN2 or to servers in both VPN1 and VPN2. You can configure multiple VRFs on a VRF-Lite CE device, and the device can serve many customers.
Figure 2 VRF Aware System Message Logging Configured on a VRF-Lite Customer Edge Device
Message Levels for Logging Commands
Table 1 lists message levels for logging commands that you can use when you configure the VRF Aware System Message Logging feature. Information provided by Table 1 includes keyword level names and numbers, their description, and the associated syslog definitions. You can use either the level keyword name or number with the logging trap level and logging buffered severity-level commands.
Table 1 Message Levels for logging Commands
Level Name
|
Level Number
|
Description
|
Syslog Definition
|
emergencies
|
0
|
System unusable
|
LOG_EMERG
|
alerts
|
1
|
Immediate action needed
|
LOG_ALERT
|
critical
|
2
|
Critical conditions
|
LOG_CRIT
|
errors
|
3
|
Error conditions
|
LOG_ERR
|
warnings
|
4
|
Warning conditions
|
LOG_WARNING
|
notifications
|
5
|
Normal but significant condition
|
LOG_NOTICE
|
informational
|
6
|
Informational messages only
|
LOG_INFO
|
debugging
|
7
|
Debugging messages
|
LOG_DEBUG
|
How to Configure and Verify VRF Aware System Message Logging
This section contains the following procedures:
•Configuring a VRF on a Routing Device (required)
•Associating a VRF with an Interface (required)
•Configuring VRF Aware System Message Logging on a Routing Device (required)
•Verifying VRF Aware System Message Logging Operation (optional)
Configuring a VRF on a Routing Device
Configuring a VRF on a routing device helps provides customer connectivity to a VPN. The routing device can be a PE router connected to an MPLS VPN network or a CE (switch or router) that is configured for VRF-Lite.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip vrf-name
4. rd route-distinguisher
5. route-target {import | export | both} route-target-ext-community
6. end
DETAILED STEPS
|
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
ip vrf vrf-name
Example:
Router(config)# ip vrf vpn1
|
Defines a VRF and enters VRF configuration mode.
•The vrf-name argument is a name assigned to the VRF.
|
Step 4
|
rd route-distinguisher
Example:
Router(config-vrf)# rd 100:1
|
Creates routing and forwarding tables for a VRF.
•The route-distinguisher argument adds an 8-byte value to an IPv4 prefix to create a VPN IPv4 prefix.
•The route distinquisher (RD) is either an autonomous system number (ASN)-relative RD, in which case it is composed of an autonomous system number and an arbitrary number, or it is an IP-address-relative RD, in which case it is composed of an IP address and an arbitrary number.
•You can enter an RD in either of these formats:
–16-bit autonomous system number: your 32-bit number For example, 101:3.
–32-bit IP address: your 16-bit number For example, 192.168.122.15:1.
|
Step 5
|
route-target {import | export | both}
route-target-ext-community
Example:
Router(config-vrf)# route-target both 100:1
|
Creates a route-target extended community for a VRF.
•The import keyword imports routing information from the target VPN extended community.
•The export keyword exports routing information to the target VPN extended community.
•The both keyword imports routing information from and exports routing information to the target VPN extended community.
•The route-target-ext-community argument adds the route-target extended community attributes to the VRF's list of import, export, or both (import and export) route-target extended communities.
The route target specifies a target VPN extended community. Like a route distinguisher, an extended community is composed of either an autonomous system number and an arbitrary number or an IP address and an arbitrary number. You can enter the numbers in either of these formats:
•16-bit autonomous system 1 32-bit number For example, 101:3.
•32-bit IP address: your 16-bit number For example, 192.168.122.15: 1.
|
Step 6
|
end
Example:
Router(config-vrf)# end
|
Exits to privileged EXEC mode.
|
Associating a VRF with an Interface
Perform this task to associate a VRF instance with an interface. A VRF must be associated with an interface before you can forward VPN traffic.
Note You cannot configure a source address for VRF system logging messages. The VRF Aware System Message Logging feature uses the VRF interface address as the source address for all VRF-aware system logging messages.
After configuring the VRF and associating it with an interface, you can configure the VRF Aware System Message Logging feature on the routing device.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. ip vrf forwarding vrf-name
5. end
6. copy running-config startup-config
DETAILED STEPS
|
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
interface type number
Example:
Router(config)# interface FastEthernet 0/0
|
Configures an interface type and enters interface configuration mode.
•The type argument is the type of interface to be configured.
•The number argument is the port, connector, or interface card number. On Cisco 4700 series routers, it specifies the network interface module (NIM) or network processor module (NPM) number. The numbers are assigned at the factory at the time of installation or when the port, connector, or interface card is added to a system, and can be displayed with the show interfaces command.
|
Step 4
|
ip vrf forwarding vrf-name
Example:
Router(config-if)# ip vrf forwarding vpn1
|
Associates a VRF with an interface or subinterface.
•The vrf-name argument associates the interface with the specified VRF.
|
Step 5
|
end
Example:
Router(config-if)# end
|
Exits to privileged EXEC mode.
|
Step 6
|
copy running-config startup-config
Example:
Router# copy running-config startup-config
|
(Optional) Saves configuration changes to NVRAM.
|
Configuring VRF Aware System Message Logging on a Routing Device
Configure the VRF Aware System Message Logging feature on a routing device so that logging messages can be used to monitor and troubleshoot network traffic connected through VRF instances.
Prerequisites
You must perform the following tasks before you perform this task:
•Configuring a VRF on a Routing Device
•Associating a VRF with an Interface
SUMMARY STEPS
1. enable
2. configure terminal
3. logging host {ip-address | hostname} [vrf vrf-name]
4. logging trap level
5. logging facility facility-type
6. logging buffered [buffer-size | severity-level]
7. end
DETAILED STEPS
|
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
logging host {ip-address | hostname} [vrf
vrf-name]
Example:
Router(config)# logging host 10.0.150.63 vrf
vpn1
|
Specifies a host to receive syslog messages.
•The ip-address argument is the IP address of the syslog server host.
•The hostname argument is the name of the IP or IPv6 host that receives the syslog messages.
•The vrf vrf-name keyword argument pair specifies a VRF that connects to the syslog server host.
|
Step 4
|
logging trap level
Example:
Router(config)# logging trap debugging
|
Limits messages logged to the syslog servers based on severity.
•The level argument limits the logging of messages to the syslog servers to a specified level. You can enter the level number or level name. See Table 1 for a description of acceptable keywords.
|
Step 5
|
logging facility facility-type
Example:
Router(config)# logging facility local6
|
(Optional) Configures the syslog facility in which error messages are sent.
•The facility-type argument names the syslog facility type keyword. For locally defined messages, the range of acceptable keywords is local0 to local7. The default is local7.
|
Step 6
|
logging buffered [buffer-size | severity-level]
Example:
Router(config)# logging buffered debugging
|
(Optional) Limits messages logged to an internal buffer on the router based on severity.
•The buffer-size argument is the size of the buffer from 4096 to 4,294,967,295 bytes. The default size varies by platform.
•The severity-level argument limits the logging of messages to the buffer to a specified level. You can enter the level name or level number. See Table 1 for a list of the acceptable level name or level number keywords. The default logging level varies by platform, but is generally 7, meaning that messages at all levels (0-7) are logged to the buffer.
|
Step 7
|
end
Example:
Router(config)# end
|
(Optional) Exits to privileged EXEC mode.
|
Verifying VRF Aware System Message Logging Operation
Perform this task to verify VRF Aware System Message Logging operation.
SUMMARY STEPS
1. enable
2. show running-config | include logging
3. show ip vrf interfaces
4. show running-config [interface type number]
5. ping vrf vrf-name target-ip-address
6. exit
DETAILED STEPS
Step 1 enable
Use this command to enable privileged EXEC mode. You can also enter this command in user EXEC mode. Enter your password if prompted. For example:
Step 2 show running-config | include logging
Use this command to display the logging configuration for the router and the logging host for a VRF. For example:
Router# show running-config | include logging
logging buffered 100000 debugging
mpls ldp logging neighbor-changes
logging host vrf vpn1 10.0.150.63
This example shows the configuration of a syslog server in VRF vpn1 with a server host address of 10.0.150.63.
Step 3 show ip vrf interfaces
Use this command to display the interfaces associated with the VRF that links to a syslog server host. The following example displays a list of VRF interfaces and their associated IP addresses that are configured on the router:
Router# show ip vrf interfaces
Interface IP-Address VRF Protocol
FastEthernet0/0 10.0.0.98 vpn1 up
Ethernet1/4 172.16.0.1 vpn1 up
Loopback1 10.66.66.66 vpn1 up
Step 4 show running-config [interface type number]
Use this command to display interface specific configuration information for an interface associated with a VRF. For example:
Router# show running-config interface FastEthernet 0/0
Building configuration...
Current configuration : 116 bytes
interface FastEthernet0/0
ip address 10.0.0.98 255.0.0.0
This example displays configuration information for Fast Ethernet interface 0/0 in VRF vpn1.
Step 5 ping vrf vrf-name target-ip-address
Use this command to verify that you can reach the syslog server host, the target-ip-address, through the specified VRF. For example:
Router# ping vrf vpn1 10.3.199.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.199.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
In this example, the syslog server has an IP address of 10.3.199.1 and the VRF is named vpn1. The server is reached successfully four of five times.
Step 6 exit
Use this command to exit privileged EXEC mode. For example:
Configuration Examples for VRF Aware System Message Logging
This section contains the following configuration examples for the VRF Aware System Message Logging feature:
•Configuring a VRF on a Routing Device: Example
•Associating a VRF with an Interface: Example
•Configuring VRF Aware System Message Logging on a Routing Device: Example
Configuring a VRF on a Routing Device: Example
The following example shows how to configure a VRF on a routing device:
Associating a VRF with an Interface: Example
The following example shows how to associate a VRF with an interface:
interface FastEthernet 0/0
Configuring VRF Aware System Message Logging on a Routing Device: Example
The following example shows how to configure the VRF Aware System Message Logging feature on a routing device. The IP address of the syslog server host is 10.10.150.63 and the VRF is vpn1.
logging host 10.0.150.63 vrf vpn1
logging buffered debugging
The following example shows how to turn off logging to the syslog server:
Additional References
The following sections provide references related to configuring the VRF Aware System Message Logging feature.
Related Documents
Standards
Standard
|
Title
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
|
—
|
MIBs
MIB
|
MIBs Link
|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.
|
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://www.cisco.com/go/mibs
|
RFCs
RFC
|
Title
|
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
|
—
|
Technical Assistance
Description
|
Link
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
|
http://www.cisco.com/techsupport
|
Command Reference
The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS Multiprotocol Label Switching Command Reference at http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_book.html. For information about all Cisco IOS commands, use the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or the Cisco IOS Master Command List, All Releases, at http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html.
•logging host
Feature Information for VRF Aware System Message Logging
Table 2 lists the release history for this feature.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
Table 2 Feature Information for VRF Aware System Message Logging
Feature Name
|
Releases
|
Feature Information
|
VRF Aware System Message Logging (Syslog)
|
12.4(4)T 12.2(33)SRA 12.2(31)SB2 12.4(13) 12.2(33)SXH
|
The VRF Aware System Message Logging feature allows a router to send syslog messages to a syslog server host connected through a VPN VRF interface.
In 12.4(4)T, this feature was introduced.
In 12.2(33)SRA, this feature was integrated.
In 12.2(31)SB2, support was added for the Cisco 10000 series routers.
In 12.4(13), this feature was integrated.
In 12.2(33)SXH, this feature was integrated. The following command was modified by this feature: logging host.
|
Glossary
CE router—customer edge router. A router on the border between a VPN provider and a VPN customer that belongs to the customer.
LSR—label switching router. A device that forwards MPLS packets based on the value of a fixed-length label encapsulated in each packet.
MPLS—Multiprotocol Label Switching. A method for forwarding packets (frames) through a network. It enables routers at the edge of a network to apply labels to packets (frames). ATM switches or existing routers in the network core can switch packets according to the labels with minimal lookup overhead.
MPLS VPN—Multiprotocol Label Switching Virtual Private Network. An IP network infrastructure delivering private network services over a public infrastructure using a Layer 3 backbone. Using MPLS VPNs in a Cisco IOS network provides the capability to deploy and administer scalable Layer 3 VPN backbone services including applications, data hosting network commerce, and telephony services to business customers.
PE router—provider edge router. A router on the border between a VPN provider and a VPN customer that belongs to the provider.
VPN—Virtual Private Network. A group of sites that, as the result of a set of administrative policies, are able to communicate with each other over a shared backbone network. A VPN is a secure IP-based network that shares resources on one or more physical networks. A VPN contains geographically dispersed sites that can communicate securely over a shared backbone. See also MPLS VPN.
VRF—VPN routing and forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that defines a customer VPN site that is attached to a PE router.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2006-2008 Cisco Systems, Inc. All rights reserved.