We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 588 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

314 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Hi Collin,

    That's right, it's a little side effect of replicating everything. All routes are replicated from blue/red to green and vice versa.

    To solve this, it's better to use a route-map to define what should/shouldn't be replicated:

    ISP1(config-vrf-af)#route-replicate from vrf Green unicast all route-map RED_PREFIXES

    Rene

  2. Hello,
    really nice explanation. Thanks for it.

    I have one question about config:
    Lets say i dont want to use EVN to configure trunk between ISP1 and ISP2. How does the router know it shloud use VRF Blue with tag 10 and not 20?
    Is there another command to use?

    Thanks you :wink:

  3. EVN only knows what tags to use since we configured the tags on the VRFs.

    Also, it basically only does this for us:

    interface GigabitEthernet3.10
     description Subinterface for VNET Blue
     encapsulation dot1Q 10
     vrf forwarding Blue
     ip address 192.168.56.5 255.255.255.0

    The sub-interface above was created by EVN. If you don't want to use EVN, you could configure sub-interfaces like this yourself.

  4. I can't seem to get an ospf neighborship across the evn trunk. I've looked over my config 3 or 4 times and cannot figure out why.

    Blue1#sh run
    Building configuration...
    
    Current configuration : 1229 bytes
    !
    ! Last configuration change at 01:20:27 UTC Fri May 5 2017
    !
    version 15.6
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no platform punt-keepalive disable-kernel-core
    platform console serial
    !
    hostname Blue1
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no logging console
    !
    no aaa new-model
    !
    !
    !
    !         
    !
    !
    !
    !
    !
    
    
    
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    subscriber templating
    !
    !
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    license udi pid CSR1000V sn 9J8YYZOLADL
    !
    spanning-tree extend system-id
    !
    !
    redundancy
    !
    !
    !
    !         
    !
    !
    ! 
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    ! 
    ! 
    ! 
    ! 
    ! 
    ! 
    !
    !         
    interface GigabitEthernet1
     ip address 192.168.1.1 255.255.255.0
     negotiation auto
    !
    interface GigabitEthernet2
     no ip address
     shutdown
     negotiation auto
    !
    interface GigabitEthernet3
     no ip address
     shutdown
     negotiation auto
    !
    interface GigabitEthernet4
     no ip address
     shutdown
     negotiation auto
    !
    router ospf 1
     network 192.168.1.0 0.0.0.255 area 0
    !
    !         
    virtual-service csr_mgmt
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    control-plane
    !
     !
     !
     !
     !
    !
    !
    !
    !
    alias exec srs sh run | s router
    !         
    line con 0
     stopbits 1
    line vty 0
     login
    line vty 1
     login
     length 0
    line vty 2 4
     login
    !
    !
    end
    
    Blue1#              
    
    
    
    Red1#sh run
    Building configuration...
    
    Current configuration : 1228 bytes
    !
    ! Last configuration change at 01:23:05 UTC Fri May 5 2017
    !
    version 15.6
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no platform punt-keepalive disable-kernel-core
    platform console serial
    !
    hostname Red1
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no logging console
    !
    no aaa new-model
    !
    !
    !
    !         
    !
    !
    !
    !
    !
    
    
    
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    subscriber templating
    !
    !
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    license udi pid CSR1000V sn 97QJRXFRQP2
    !
    spanning-tree extend system-id
    !
    !
    redundancy
    !
    !
    !
    !         
    !
    !
    ! 
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    ! 
    ! 
    ! 
    ! 
    ! 
    ! 
    !
    !         
    interface GigabitEthernet1
     ip address 192.168.2.2 255.255.255.0
     negotiation auto
    !
    interface GigabitEthernet2
     no ip address
     shutdown
     negotiation auto
    !
    interface GigabitEthernet3
     no ip address
     shutdown
     negotiation auto
    !
    interface GigabitEthernet4
     no ip address
     shutdown
     negotiation auto
    !
    router ospf 2
     network 192.168.2.0 0.0.0.255 area 0
    !
    !         
    virtual-service csr_mgmt
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    control-plane
    !
     !
     !
     !
     !
    !
    !
    !
    !
    alias exec srs sh run | s router
    !         
    line con 0
     stopbits 1
    line vty 0
     login
    line vty 1
     login
     length 0
    line vty 2 4
     login
    !
    !
    end
    
    Red1#     
    
    
    
    ISP1#sh run
    Building configuration...
    
    Current configuration : 1676 bytes
    !
    ! Last configuration change at 01:32:03 UTC Fri May 5 2017
    !
    version 15.6
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no platform punt-keepalive disable-kernel-core
    platform console serial
    !
    hostname ISP1
    !
    boot-start-marker
    boot-end-marker
    !
    !
    vrf definition Blue
     vnet tag 10
     !
     address-family ipv4
     exit-address-family
    !
    vrf definition Red
     vnet tag 20
     !
     address-family ipv4
     exit-address-family
    !
    no logging console
    !
    no aaa new-model
    !
    !
    !
    !
    !
    !
    !
    !
    !
    
    
    
    !
    !
    !         
    !
    !
    !
    !
    !
    !
    !
    subscriber templating
    !
    !
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !         
    !
    !
    license udi pid CSR1000V sn 9DJH6OB907Y
    !
    spanning-tree extend system-id
    !
    !
    redundancy
    !
    !
    !
    !
    !
    !
    ! 
    !
    !
    !
    !
    !
    !
    !
    !         
    !
    !
    !
    !
    ! 
    ! 
    ! 
    ! 
    ! 
    ! 
    !
    !
    interface GigabitEthernet1
     vrf forwarding Blue
     ip address 192.168.1.254 255.255.255.0
     negotiation auto
    !
    interface GigabitEthernet2
     vrf forwarding Red
     ip address 192.168.2.254 255.255.255.0
     negotiation auto
    !
    interface GigabitEthernet3
     vnet trunk
     ip address 192.168.56.5 255.255.255.0
     negotiation auto
    !
    interface GigabitEthernet4
     no ip address
     shutdown
     negotiation auto
    !
    router ospf 1 vrf Blue
     network 192.168.1.0 0.0.0.255 area 0
     network 192.168.56.0 0.0.0.255 area 0
    !
    router ospf 2 vrf Red
     network 192.168.2.0 0.0.0.255 area 0
     network 192.168.56.0 0.0.0.255 area 0
    !
    !
    virtual-service csr_mgmt
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    control-plane
    !
     !
     !
     !
     !
    !
    !
    !
    !
    alias exec dc3 show derived-config | b GigabitEthernet3
    alias exec srs sh run | s router
    !
    line con 0
     stopbits 1
    line vty 0
     login    
    line vty 1
     login
     length 0
    line vty 2 4
     login
    !
    !
    end
    
    ISP1#          
    
    ISP2#sh run
    Building configuration...
    
    Current configuration : 1657 bytes
    !
    ! Last configuration change at 01:39:55 UTC Fri May 5 2017
    !
    version 15.6
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no platform punt-keepalive disable-kernel-core
    platform console serial
    !
    hostname ISP2
    !
    boot-start-marker
    boot-end-marker
    !
    !
    vrf definition Blue
     vnet tag 10
     !
     address-family ipv4
     exit-address-family
    !
    vrf definition Red
     vnet tag 20
     !
     address-family ipv4
     exit-address-family
    !
    !
    no aaa new-model
    !
    !
    !
    !
    !
    !
    !
    !
    !
    
    
    
    !
    !
    !
    !         
    !
    !
    !
    !
    !
    !
    subscriber templating
    !
    !
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !         
    !
    license udi pid CSR1000V sn 98KHYWG4AV9
    !
    spanning-tree extend system-id
    !
    !
    redundancy
    !
    !
    !
    !
    !
    !
    ! 
    !
    !
    !
    !
    !
    !
    !
    !
    !         
    !
    !
    !
    ! 
    ! 
    ! 
    ! 
    ! 
    ! 
    !
    !
    interface GigabitEthernet1
     vrf forwarding Blue
     ip address 192.168.3.254 255.255.255.0
     negotiation auto
    !
    interface GigabitEthernet2
     vrf forwarding Red
     ip address 192.168.4.254 255.255.255.0
     negotiation auto
    !
    interface GigabitEthernet3
     vnet trunk
     ip address 192.168.56.6 255.255.255.0
     negotiation auto
    !
    interface GigabitEthernet4
     no ip address
     shutdown
     negotiation auto
    !
    router ospf 1 vrf Blue
     network 192.168.3.0 0.0.0.255 area 0
     network 192.168.56.0 0.0.0.255 area 0
    !
    router ospf 2 vrf Red
     network 192.168.4.0 0.0.0.255 area 0
     network 192.168.56.0 0.0.0.255 area 0
    !
    !
    virtual-service csr_mgmt
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    control-plane
    !
     !
     !
     !
     !
    !
    !
    !
    !
    alias exec dc3 show derived-config | b GigabitEthernet3
    alias exec srs sh run | s router
    !
    line con 0
     stopbits 1
    line vty 0
     login
    line vty 1
     login
     length 0
    line vty 2 4
     login
    !
    !
    end
    
    ISP2#   
    
    Blue2#sh run
    Building configuration...
    
    Current configuration : 1229 bytes
    !
    ! Last configuration change at 01:23:16 UTC Fri May 5 2017
    !
    version 15.6
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no platform punt-keepalive disable-kernel-core
    platform console serial
    !
    hostname Blue2
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no logging console
    !
    no aaa new-model
    !
    !
    !
    !         
    !
    !
    !
    !
    !
    
    
    
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    subscriber templating
    !
    !
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    license udi pid CSR1000V sn 91RY9ZNDXH1
    !
    spanning-tree extend system-id
    !
    !
    redundancy
    !
    !
    !
    !         
    !
    !
    ! 
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    ! 
    ! 
    ! 
    ! 
    ! 
    ! 
    !
    !         
    interface GigabitEthernet1
     ip address 192.168.3.3 255.255.255.0
     negotiation auto
    !
    interface GigabitEthernet2
     no ip address
     shutdown
     negotiation auto
    !
    interface GigabitEthernet3
     no ip address
     shutdown
     negotiation auto
    !
    interface GigabitEthernet4
     no ip address
     shutdown
     negotiation auto
    !
    router ospf 1
     network 192.168.3.0 0.0.0.255 area 0
    !
    !         
    virtual-service csr_mgmt
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    control-plane
    !
     !
     !
     !
     !
    !
    !
    !
    !
    alias exec srs sh run | s router
    !         
    line con 0
     stopbits 1
    line vty 0
     login
    line vty 1
     login
     length 0
    line vty 2 4
     login
    !
    !
    end
    
    Blue2#          
    
    
    Red2#sh run
    Building configuration...
    
    Current configuration : 1228 bytes
    !
    ! Last configuration change at 01:23:20 UTC Fri May 5 2017
    !
    version 15.6
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no platform punt-keepalive disable-kernel-core
    platform console serial
    !
    hostname Red2
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no logging console
    !
    no aaa new-model
    !
    !
    !
    !         
    !
    !
    !
    !
    !
    
    
    
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    subscriber templating
    !
    !
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    license udi pid CSR1000V sn 9XQ8OPC55ZT
    !
    spanning-tree extend system-id
    !
    !
    redundancy
    !
    !
    !
    !         
    !
    !
    ! 
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    ! 
    ! 
    ! 
    ! 
    ! 
    ! 
    !
    !         
    interface GigabitEthernet1
     ip address 192.168.4.4 255.255.255.0
     negotiation auto
    !
    interface GigabitEthernet2
     no ip address
     shutdown
     negotiation auto
    !
    interface GigabitEthernet3
     no ip address
     shutdown
     negotiation auto
    !
    interface GigabitEthernet4
     no ip address
     shutdown
     negotiation auto
    !
    router ospf 2
     network 192.168.4.0 0.0.0.255 area 0
    !
    !         
    virtual-service csr_mgmt
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    !
    !
    !
    !
    control-plane
    !
     !
     !
     !
     !
    !
    !
    !
    !
    alias exec srs sh run | s router
    !         
    line con 0
     stopbits 1
    line vty 0
     login
    line vty 1
     login
     length 0
    line vty 2 4
     login
    !
    !
    end
    
    Red2#
  5. Hello Don.

    I'm assuming the EVN trunk is working and that you've checked the VRF configuration, and you've successfully verified that the vnet trunk has been created with the appropriate show and ping commands. I'm also assuming you've checked the output from the command show derived-confg and that the subinterfaces Gi3.10 and Gi3.20 are showing up. Check these first to see that the EVN is working correctly before any routing has been configured.

    Looking through your config, I'm not able to find something that stands out as an error. It seems like it should work. Are you using GNS3, real devices or VIRL? Try doing a debug on OSPF to see that hello packets are being sent and see if any are being rejected on the other end or if they're not actually reaching their destination.

    I hope this at least gives you a fresh starting point for your troubleshooting. Keep us posted!

    Laz

19 more replies! Ask a question or join the discussion by visiting our Community Forum