can we plz have the solution to this? 
VRF Routing
Scenario:
As the captain of an interstellar spaceship you are responsible for the well-being of your ship. You need to setup a secure line to exchange information between your crewmembers. You are going to use a technique that was created 200 years ago called VRF Routing. Back then this technique was the basis of MPLS and you need to make sure your crewmembers fully understand it before they dive deeper into MPLS....engage!
Goal:
All IP addresses have been preconfigured for you.
- Router Sulu and Chekov both have a loopback0 and loopback1 interface we are going to use for VRFs.
- Configure VRF SULU on router Sulu, add the loopback0 and loopback1 interface to this VRF.
- Configure VRF CHEKOV on router Chekov, add the loopback0 and loopback1 interface to this VRF.
- Configure the tunnel1 interface on both routers. Make sure the source and destination IP addresses of the Fastethernet link are used for this.
- Make sure the tunnel1 interface is added to VRF SULU and CHEKOV.
- Configure the 192.168.21.0 /24 subnet on the tunnel1 interface.
- Configure EIGRP AS 12 as the routing protocol for these VRFs. Make sure both routers can ping each others loopback interfaces.
IOS:
c3640-jk9o3s-mz.124-16.bin
Topology:
Video Solution:
You need to register to download the GNS3 Topology File. (Registration is Free!)
- Related Articles
Only registered users can write comments!
Comments (13)
-
talaltk 2011-08-04 16:07:46basically we want vrf SULU to communicate with vrf CHEKOV, right?
-
talaltk 2011-08-04 17:00:37
I cant seem to get the 2 Vrf's ping each other. hmmmm
-
etiedem 2011-08-12 03:02:31Don't forget to include the AS within EIGRP like I always seem to
-
ReneMolenaar 2011-08-12 13:40:27I will add the solution next week.
-
Mauro1980 2011-08-17 18:49:38Chekov#show run
Building configuration...Current configuration : 1000 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Chekov
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf CHEKOV
rd 2:2
!
!
interface Loopback0
ip vrf forwarding CHEKOV
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding CHEKOV
ip address 11.11.11.11 255.255.255.0
!
interface Tunnel1
ip vrf forwarding CHEKOV
ip address 172.68.12.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.1
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
router eigrp 12
network 1.0.0.0
network 11.0.0.0
network 192.168.12.0
no auto-summary
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
Current configuration : 990 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Sulu
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf SULU
rd 1:1
!
!
interface Loopback0
ip vrf forwarding SULU
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding SULU
ip address 11.11.11.11 255.255.255.0
!
interface Tunnel1
ip vrf forwarding SULU
ip address 172.68.12.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.2
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
router eigrp 12
network 1.0.0.0
network 11.0.0.0
network 192.168.12.0
no auto-summary
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
Ty to James
-
mymsnacc 2011-08-18 03:01:16Thanks you Mauro for the discussion we had on FB regarding this task. I am new to MPLS too. By the way thank you too for reminding of the task as I did not pay close attension to what was specifically said. You said, that both loopback interfaces should be pingable from each end regardless which VRF you are pinging from. This solution below did just that. May be someone else or Rene can help us complete of fine tune the solution. The Tunnel is reachable from each end BUT can be improved to behave just like the loopback interfaces for VRFs SULU and CHEKOV.
Note to Mr. Rene. I watched you newly uploaded videos on Youtube two weeks ago. From what, I've seen, I can imagine the same can be applied to this task. Thanks to you and Mauro. Lets keep learning....!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CONFIGURATION FOR CHEKOV:Sulu#show run
Building configuration...
!
hostname Sulu
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf CHEKOV
rd 2:2
!
ip vrf SULU
rd 1:1
!
!
interface Loopback0
ip vrf forwarding CHEKOV
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding CHEKOV
ip address 11.11.11.11 255.255.255.0
!
interface Loopback3
ip address 111.111.111.111 255.255.255.0
!
interface Tunnel1
ip vrf forwarding SULU
ip address 172.68.12.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.2
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
router eigrp 12
network 1.0.0.0
network 11.0.0.0
network 111.0.0.0
network 172.68.0.0
network 192.168.12.0
no auto-summary~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CONFIGURATION FOR CHEKOV:Chekov#show run
Building configuration...hostname Chekov
!
!
ip vrf CHEKOV
rd 2:2
!
ip vrf SULU
rd 1:1
!
!
interface Loopback0
ip vrf forwarding SULU
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding SULU
ip address 11.11.11.11 255.255.255.0
!
interface Loopback3
ip address 222.222.222.222 255.255.255.0
!
interface Tunnel1
ip vrf forwarding CHEKOV
ip address 172.68.12.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.1
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
router eigrp 12
network 1.0.0.0
network 11.0.0.0
network 172.68.0.0
network 192.168.12.0
network 222.222.222.0
no auto-summary
-
Mauro1980 2011-08-18 05:20:20
I thought that idea too , but the lab ask : Configure VRF SULU on router Sulu, add the loopback0 and loopback1 interface to this VRF.
Configure VRF CHEKOV on router Chekov, add the loopback0 and loopback1 interface to this VRF.
So no local VRF SULU ON CHEKOV and viceversa.See u next update ^^
-
Mauro1980 2011-08-18 10:14:13
Sulu#sh run
Building configuration...Current configuration : 1248 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Sulu
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf CHEKOV
rd 2:2
route-target export 2:200
route-target import 2:200
!
ip vrf SULU
rd 1:1
route-target export 1:100
route-target import 1:100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip address 11.11.11.11 255.255.255.0
!
interface Tunnel1
ip address 172.68.12.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.2
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
router eigrp 12
no auto-summary
!
address-family ipv4 vrf CHEKOV
network 172.68.12.1 0.0.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router eigrp 1
network 1.1.1.0 0.0.0.255
network 11.11.11.0 0.0.0.255
network 172.68.12.0 0.0.0.255
no auto-summary
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
Chekov#sh run
Building configuration...Current configuration : 1350 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Chekov
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf CHEKOV
rd 2:2
route-target export 2:200
route-target import 2:200
!
ip vrf SULU
rd 1:1
route-target export 1:100
route-target import 1:100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip address 11.11.11.11 255.255.255.0
!
interface Tunnel1
ip vrf forwarding SULU
ip address 172.68.12.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.1
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 12
no auto-summary
!
address-family ipv4 vrf SULU
network 172.68.12.2 0.0.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router eigrp 1
network 1.1.1.0 0.0.0.255
network 11.11.11.0 0.0.0.255
network 172.68.12.0 0.0.0.255
no auto-summary
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
endChekov#ping vrf SULU 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/89/104 ms
Chekov#ping vrf SULU 11.11.11.11Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/91/112 ms
Chekov#FInal part is to share the same tunne for Both ip vrf forwarding SULU and CHEKOV...
-
ReneMolenaar 2011-09-06 12:34:28
Hi Guys,
I'll upload the solution this week. I think this is a good lab because it teaches you the basics of VRF before moving on to more complex MPLS scenarios.
Come back in a couple of days and you'll find the solution here
Rene
-
ulici 2011-09-17 10:16:10Sulu:
ip vrf Sulu
rd 1:1
interface Loopback0
ip vrf forwarding Sulu
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding Sulu
ip address 11.11.11.11 255.255.255.0
!
interface Tunnel1
ip vrf forwarding Sulu
ip address 192.168.21.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.2
router eigrp 12
auto-summary
!
address-family ipv4 vrf Sulu
network 0.0.0.0
no auto-summary
autonomous-system 12
exit-address-familyChekov:
ip vrf Chekov
rd 2:2
interface Loopback0
ip vrf forwarding Chekov
ip address 2.2.2.2 255.255.255.0
!
interface Loopback1
ip vrf forwarding Chekov
ip address 22.22.22.22 255.255.255.0
!
interface Tunnel1
ip vrf forwarding Chekov
ip address 192.168.21.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.1
router eigrp 12
auto-summary
!
address-family ipv4 vrf Chekov
network 0.0.0.0
no auto-summary
autonomous-system 12
exit-address-family
Chekov#ping vrf Chekov 1.1.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/16/24 ms
Chekov#ping vrf Chekov 11.11.11.11Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/16/20 ms
Sulu#ping vrf Sulu 2.2.2.2Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/16/20 ms
Sulu#ping vrf Sulu 22.22.22.22Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
-
ReneMolenaar 2011-09-19 17:25:12
Here is my video solution:
http://www.youtube.com/watch?v=1ggrVqnKGAw
I'll add it to this article soon.
Rene
-
neatro 2012-01-19 16:32:42Hi Rene,
the topology picture says that loopbacks on each router should have the same addresses(1.1.1.1 and 11.11.11.11) but there are different addresses in your video solution (1's for SULU and 2's for CHEKOV). It may confuse peoples and misleads from what they really should achieve in this lab.