Minggu, 23 September 2012

L3 interfaces in each VRF

VRF-lite is a feature that allows a network device to be able to support two or more VPNs, where the VPN-IP VPN uses overlapping. VRF-lite uses interfaces to distinguish routes / routing on a different VPN forwarding and create virtual tables by associating one or more L3 interfaces in each VRF. In addition to using the interface / physical port (eg Ethernet), VRF interface can also be associated with a virtual / logical, such as loopback. But keep in mind that one interface can only be associated with one VRF, although one VRF can be associated with multiple interfaces. Using VRF-lite, multiple network-in this case-to share VPN using only one CE, and only needed one physical line to connect to the PE. CE is used to run many separate VRF tables for each VPN and send packets to each VPN based routing table respectively. Thus, VRF-lite can be used as an extension of the PE to reach beneath the VPN network further. As an open standard, VRF-Lite basically can be applied on all devices that support. However, this time the author will only discuss the configuration in Cisco networking devices, by using more or less similar to other branded devices. As the material is used in the form of network devices L3 Switch Cisco ME-3400 with IOS ME340x-METROIPACCESSK9-M 12.2 (58). Configuration can be done either via the console or remotely via telnet or SSH. For remote configuration, just make sure to keep it running during the connection process. The first step, turn on IP Routing feature. By default, L3 routing features in Cisco switches are not active and should be activated manually Switch (config) # ip routing Second, please make the necessary VRF, complete with a RD (route distinguisher) Switch (config) # ip VRF anu Switch (config-VRF) # rd 65000:10 Third, the VRF associated with the interface that leads to the corresponding VPN Switch (config) # interface vlan 330 Switch (config-if) # description VPN Gateway ANU Switch (config-if) # ip forward VRF Switch (config-if) # ip VRF forwarding anu Switch (config-if) # ip address 10.11.12.13 255.255.255.0 Switch (config-if) # no shutdown END ..!! To verify, use the command show ip ping VRF and VRF. Switch # sh ip VRF Name Default RD Interfaces anu 65000:10 Vl330 Switch # ping 10.11.12.120 VRF anu Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.11.12.120, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min / avg / max = 1/2/9 ms Now, the next-hop gateway or IP for the customer (VPN) is no longer IP PE, but just IP CE.

Tidak ada komentar:

Posting Komentar