Scenario:
As the captain of an interstellar spaceship you are responsible for the well-being of your ship. You need to setup a secure line to exchange information between your crewmembers. You are going to use a technique that was created 200 years ago called VRF Routing. Back then this technique was the basis of MPLS and you need to make sure your crewmembers fully understand it before they dive deeper into MPLS….engage!
Goal:
All IP addresses have been preconfigured for you.
- Router Sulu and Chekov both have a loopback0 and loopback1 interface we are going to use for VRFs.
- Configure VRF SULU on router Sulu, add the loopback0 and loopback1 interface to this VRF.
- Configure VRF CHEKOV on router Chekov, add the loopback0 and loopback1 interface to this VRF.
- Configure the tunnel1 interface on both routers. Make sure the source and destination IP addresses of the Fastethernet link are used for this.
- Make sure the tunnel1 interface is added to VRF SULU and CHEKOV.
- Configure the 192.168.21.0 /24 subnet on the tunnel1 interface.
- Configure EIGRP AS 12 as the routing protocol for these VRFs. Make sure both routers can ping each others loopback interfaces.
IOS:
c3640-jk9o3s-mz.124-16.bin
Topology:
Video Solution:
Configuration Files
You need to register to download the GNS3 topology file. (Registration is free!)Once you are logged in you will find the configuration files right here.
Do you want your CCNA or CCNP Certificate?
The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.
Written by René Molenaar - CCIE #41726
can we plz have the solution to this? 🙂
basically we want vrf SULU to communicate with vrf CHEKOV, right?
I cant seem to get the 2 Vrf’s ping each other. hmmmm
Don’t forget to include the AS within EIGRP like I always seem to
I will add the solution next week.
Chekov#show run
Building configuration…
Current configuration : 1000 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Chekov
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf CHEKOV
rd 2:2
!
!
interface Loopback0
ip vrf forwarding CHEKOV
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding CHEKOV
ip address 11.11.11.11 255.255.255.0
!
interface Tunnel1
ip vrf forwarding CHEKOV
ip address 172.68.12.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.1
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
router eigrp 12
network 1.0.0.0
network 11.0.0.0
network 192.168.12.0
no auto-summary
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
Current configuration : 990 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Sulu
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf SULU
rd 1:1
!
!
interface Loopback0
ip vrf forwarding SULU
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding SULU
ip address 11.11.11.11 255.255.255.0
!
interface Tunnel1
ip vrf forwarding SULU
ip address 172.68.12.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.2
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
router eigrp 12
network 1.0.0.0
network 11.0.0.0
network 192.168.12.0
no auto-summary
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
Ty to James
@Mauro
On EIGRP on CHEKOV, You have to put network prefixes under “address-family ipv4 vrf CHEKOV.
Like this:
Chekov(config-router)# address-family ipv4 vrf CHEKOV
Chekov(config-router-af)# network 2.2.2.0 0.0.0.255
Chekov(config-router-af)# network 22.22.22.0 0.0.0.255
Chekov(config-router-af)# network 192.168.21.0
Chekov(config-router-af)# no auto-summary
Chekov(config-router-af)# autonomous-system 12
Chekov(config-router-af)# exit-address-family
This autonomous-system number is very important because remember these are separate VRF’s. So basically once EIGRP transfer the packet from the tunnel interface, its going to look for autonomous-sytem to see if it matches. Other wise EIGRP will think that his/she going be in separate EIGRP domain.
Thanks you Mauro for the discussion we had on FB regarding this task. I am new to MPLS too. By the way thank you too for reminding of the task as I did not pay close attension to what was specifically said. You said, that both loopback interfaces should be pingable from each end regardless which VRF you are pinging from. This solution below did just that. May be someone else or Rene can help us complete of fine tune the solution. The Tunnel is reachable from each end BUT can be improved to behave just like the loopback interfaces for VRFs SULU and CHEKOV.
Note to Mr. Rene. I watched you newly uploaded videos on Youtube two weeks ago. From what, I’ve seen, I can imagine the same can be applied to this task. Thanks to you and Mauro. Lets keep learning….!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CONFIGURATION FOR CHEKOV:
Sulu#show run
Building configuration…
!
hostname Sulu
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf CHEKOV
rd 2:2
!
ip vrf SULU
rd 1:1
!
!
interface Loopback0
ip vrf forwarding CHEKOV
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding CHEKOV
ip address 11.11.11.11 255.255.255.0
!
interface Loopback3
ip address 111.111.111.111 255.255.255.0
!
interface Tunnel1
ip vrf forwarding SULU
ip address 172.68.12.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.2
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
router eigrp 12
network 1.0.0.0
network 11.0.0.0
network 111.0.0.0
network 172.68.0.0
network 192.168.12.0
no auto-summary
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CONFIGURATION FOR CHEKOV:
Chekov#show run
Building configuration…
hostname Chekov
!
!
ip vrf CHEKOV
rd 2:2
!
ip vrf SULU
rd 1:1
!
!
interface Loopback0
ip vrf forwarding SULU
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding SULU
ip address 11.11.11.11 255.255.255.0
!
interface Loopback3
ip address 222.222.222.222 255.255.255.0
!
interface Tunnel1
ip vrf forwarding CHEKOV
ip address 172.68.12.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.1
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
router eigrp 12
network 1.0.0.0
network 11.0.0.0
network 172.68.0.0
network 192.168.12.0
network 222.222.222.0
no auto-summary
I thought that idea too , but the lab ask : Configure VRF SULU on router Sulu, add the loopback0 and loopback1 interface to this VRF.
Configure VRF CHEKOV on router Chekov, add the loopback0 and loopback1 interface to this VRF.
So no local VRF SULU ON CHEKOV and viceversa.
See u next update ^^
Sulu#sh run
Building configuration…
Current configuration : 1248 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Sulu
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf CHEKOV
rd 2:2
route-target export 2:200
route-target import 2:200
!
ip vrf SULU
rd 1:1
route-target export 1:100
route-target import 1:100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip address 11.11.11.11 255.255.255.0
!
interface Tunnel1
ip address 172.68.12.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.2
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
router eigrp 12
no auto-summary
!
address-family ipv4 vrf CHEKOV
network 172.68.12.1 0.0.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router eigrp 1
network 1.1.1.0 0.0.0.255
network 11.11.11.0 0.0.0.255
network 172.68.12.0 0.0.0.255
no auto-summary
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
Chekov#sh run
Building configuration…
Current configuration : 1350 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Chekov
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf CHEKOV
rd 2:2
route-target export 2:200
route-target import 2:200
!
ip vrf SULU
rd 1:1
route-target export 1:100
route-target import 1:100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip address 11.11.11.11 255.255.255.0
!
interface Tunnel1
ip vrf forwarding SULU
ip address 172.68.12.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.1
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 12
no auto-summary
!
address-family ipv4 vrf SULU
network 172.68.12.2 0.0.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router eigrp 1
network 1.1.1.0 0.0.0.255
network 11.11.11.0 0.0.0.255
network 172.68.12.0 0.0.0.255
no auto-summary
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
Chekov#ping vrf SULU 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/89/104 ms
Chekov#ping vrf SULU 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/91/112 ms
Chekov#
FInal part is to share the same tunne for Both ip vrf forwarding SULU and CHEKOV…
Hi Guys,
I’ll upload the solution this week. I think this is a good lab because it teaches you the basics of VRF before moving on to more complex MPLS scenarios.
Come back in a couple of days and you’ll find the solution here 8)
Rene
Sulu:
ip vrf Sulu
rd 1:1
interface Loopback0
ip vrf forwarding Sulu
ip address 1.1.1.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding Sulu
ip address 11.11.11.11 255.255.255.0
!
interface Tunnel1
ip vrf forwarding Sulu
ip address 192.168.21.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.2
router eigrp 12
auto-summary
!
address-family ipv4 vrf Sulu
network 0.0.0.0
no auto-summary
autonomous-system 12
exit-address-family
Chekov:
ip vrf Chekov
rd 2:2
interface Loopback0
ip vrf forwarding Chekov
ip address 2.2.2.2 255.255.255.0
!
interface Loopback1
ip vrf forwarding Chekov
ip address 22.22.22.22 255.255.255.0
!
interface Tunnel1
ip vrf forwarding Chekov
ip address 192.168.21.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 192.168.12.1
router eigrp 12
auto-summary
!
address-family ipv4 vrf Chekov
network 0.0.0.0
no auto-summary
autonomous-system 12
exit-address-family
Chekov#ping vrf Chekov 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/16/24 ms
Chekov#ping vrf Chekov 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/16/20 ms
Sulu#ping vrf Sulu 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/16/20 ms
Sulu#ping vrf Sulu 22.22.22.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms
Good one.
Nice solution with help Tunneling
Here is my video solution:
http://www.youtube.com/watch?v=1ggrVqnKGAw
I’ll add it to this article soon.
Rene
Hi Rene,
the topology picture says that loopbacks on each router should have the same addresses(1.1.1.1 and 11.11.11.11) but there are different addresses in your video solution (1’s for SULU and 2’s for CHEKOV). It may confuse peoples and misleads from what they really should achieve in this lab.
I am not able to download the GNs3 although I am registered
nice explanation
As the captain of an interstellar spaceship…
That is hell of a scenario :))
Hi , Recently, I brought CCNP switch book so i just want to know that is VRF part of CCNP route ? if no then have you introduced any book which is relating to VRF and MPLS. Currently, I am CCNA certified but i do not know about VRF relating configuration. Currently, In my organization there is a use of VRF. I want to become master for VRF and other thing. I am new to my organization.
I have the exact same config as the video solution but I am still not able to make it work. Also, my tunnel interface is showing down. Here is my config.
Sulu
****
ip vrf Sulu
interface Loopback0
ip vrf forwarding Sulu
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip vrf forwarding Sulu
ip address 11.11.11.11 255.255.255.255
!
interface Tunnel1
ip vrf forwarding Sulu
ip address 192.168.21.1 255.255.255.252
keepalive 10 3
tunnel source FastEthernet0/0
tunnel destination 192.168.12.2
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.252
duplex auto
speed auto
router eigrp 1
no auto-summary
!
address-family ipv4 vrf Sulu
network 1.0.0.0
network 11.0.0.0
network 192.168.21.0
no auto-summary
autonomous-system 1
exit-address-family
Chekov
*******
ip vrf Chekov
interface Loopback0
ip vrf forwarding Chekov
ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
ip vrf forwarding Chekov
ip address 22.22.22.22 255.255.255.255
!
interface Tunnel1
ip vrf forwarding Chekov
ip address 192.168.21.2 255.255.255.252
keepalive 10 3
tunnel source FastEthernet0/0
tunnel destination 192.168.12.1
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.252
duplex auto
speed auto
router eigrp 1
no auto-summary
!
address-family ipv4 vrf Chekov
network 2.0.0.0
network 22.0.0.0
network 192.168.21.0
no auto-summary
autonomous-system 1
exit-address-family
Thanks
Hi Rene,I have the exact same config as the video solution ,my all interface are up and i am able to work and ping all the interfaces
Thanks