6860E VRF route leak

Post Reply
maxmania
Member
Posts: 49
Joined: 19 Dec 2010 18:43

6860E VRF route leak

Post by maxmania »

Hello every one,

I have the following scenario:

2 Offices with 2 Vlans and one internet access.

I have created 3 VRF, one for each office and one for the internet access.
So far no issue.

This is my VCboot.cfg file:

!========================================!
! File: /flash/working/vcboot.cfg !
!========================================!
! Chassis:
system name "OS6860"
vrf create Net profile max
vrf create IpOne profile max
vrf create IpTwo profile max
vrf default

! Configuration:
configuration error-file-limit 2

! Capability Manager:
hash-control extended

! Virtual Flow Control:
! LFP:
! Interface:
! Port_Manager:
! Link Aggregate:
! VLAN:
vlan 1 admin-state disable
vlan 100 admin-state enable
vlan 100 name "vlan100"
vlan 110 admin-state enable
vlan 110 name "vlan110"
vlan 120 admin-state enable
vlan 120 name "vlan120"
vlan 130 admin-state enable
vlan 130 name "vlan130"
vlan 199 admin-state enable
vlan 199 name "Internet"
vlan 100 members port 1/1/1-4 untagged
vlan 110 members port 1/1/5-8 untagged
vlan 120 members port 1/1/9-12 untagged
vlan 130 members port 1/1/13-16 untagged
vlan 199 members port 1/1/24 untagged

! PVLAN:
! Spanning Tree:
spantree mode flat
spantree vlan 1 admin-state enable
spantree vlan 100 admin-state enable
spantree vlan 110 admin-state enable
spantree vlan 120 admin-state enable
spantree vlan 130 admin-state enable
spantree vlan 199 admin-state enable

! DA-UNP:
! Bridging:
! Port Mirroring:
! Port Mapping:
! IP:
! IPv6:
! IPSec:
! IPMS:
! AAA:
aaa authentication console "local"
aaa authentication ssh "local"

aaa tacacs command-authorization disable

! NTP:
ntp server clock0.ovcirrus.com
ntp server clock2.ovcirrus.com
ntp server clock3.ovcirrus.com
ntp server clock1.ovcirrus.com
ntp client admin-state enable

! QOS:
! Policy Manager:
! VLAN Stacking:
! ERP:
! MVRP:
mvrp enable

! LLDP:
! UDLD:
! Server Load Balance:
! High Availability Vlan:
! Session Manager:
session cli timeout 600
session prompt default "6860=>"

! Web:
! Trap Manager:
! Health Monitor:
! System Service:
! SNMP:
! BFD:
! IP Route Manager:
ip static-route 192.168.110.0/24 gateway 192.168.130.101 metric 1
ip static-route 192.168.120.0/24 gateway 192.168.130.101 metric 1

! VRRP:
! UDP Relay:
! RIP:
! OSPF:
! IP Multicast:
! DVMRP:
! IPMR:
! RIPng:
! OSPF3:
! BGP:
! ISIS:
! Module:
! LAN Power:
! RDP:
! DHL:
! Ethernet-OAM:
! SAA:
! SPB-ISIS:

! SVCMGR:
service stats disable

! LDP:
! EVB:
! APP-FINGERPRINT:
! FCOE:
! QMR:
! OPENFLOW:
! Dynamic auto-fabric:
auto-fabric admin-state disable

! SIP Snooping:
! DHCP Server:
! DHCPv6 Relay:
! DHCPv6 Snooping:
! DHCPv6 Server:
! DHCP Message Service:
! DHCP Active Lease Service:
! Virtual Chassis Split Protection:
! DHCP Snooping:
! APP-MONITORING:
! Loopback Detection:
! VM-SNOOPING:
! PPPOE-IA:
! Security:
! Zero Configuration:
! MAC Security:
! OVC:
! EFM-OAM:
! ALARM-MANAGER:
! DEVICE-PROFILE:
! PTP:
! IP DHCP RELAY:
! TEST-OAM:
! LOOPBACK TEST:
! UDP6 RELAY:
! MGMT AGENT:

! VRF Net
! IP:
vrf Net ip interface "Net" address 192.168.10.70 mask 255.255.255.0 vlan 199 ifindex 1

! IPv6:
! IPSec:
! IPMS:
! Web:
! BFD:
! IP Route Manager:
vrf Net ip static-route 0.0.0.0/0 gateway 192.168.10.254 metric 1
vrf Net ip route-map "R3_Net" sequence-number 50 action permit
vrf Net ip export route-map R3_Net
vrf Net ip import vrf IpOne route-map R3_Net
vrf Net ip import vrf IpTwo route-map R3_Net

! VRRP:
! UDP Relay:
! DHCPv6 Relay:
! DHCPv6 Snooping:
! IP DHCP RELAY:
! UDP6 RELAY:

! VRF IpOne
! IP:
vrf IpOne ip interface "vlan100" address 192.168.100.1 mask 255.255.255.0 vlan 100 ifindex 6
vrf IpOne ip interface "vlan110" address 192.168.110.1 mask 255.255.255.0 vlan 110 ifindex 7

! IPv6:
! IPSec:
! IPMS:
! Web:
! BFD:
! IP Route Manager:
vrf IpOne ip route-map "R1_IpOne" sequence-number 50 action permit
vrf IpOne ip export route-map R1_IpOne
vrf IpOne ip import vrf R3_Net route-map R1_IpOne

! VRRP:
! UDP Relay:
! DHCPv6 Relay:
! DHCPv6 Snooping:
! IP DHCP RELAY:
! UDP6 RELAY:

! VRF IpTwo
! IP:
vrf IpTwo ip interface "vlan120" address 192.168.120.1 mask 255.255.255.0 vlan 120 ifindex 4
vrf IpTwo ip interface "vlan130" address 192.168.130.1 mask 255.255.255.0 vlan 130 ifindex 5

! IPv6:
! IPSec:
! IPMS:
! Web:
! BFD:
! IP Route Manager:
vrf IpTwo ip route-map "R2_IpTwo" sequence-number 50 action permit
vrf IpTwo ip export route-map R2_IpTwo
vrf IpTwo ip import vrf R3_Net route-map R2_IpTwo

! VRRP:
! UDP Relay:
! DHCPv6 Relay:
! DHCPv6 Snooping:
! IP DHCP RELAY:
! UDP6 RELAY:

my issue is with the leak of routes, I can´t ping the Net Interface for the other VRF's,did I miss something?

best regards
Maxmania
Best Regards
Jose Alves

silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 1418
Joined: 01 Jul 2008 10:51
Location: Germany

Re: 6860E VRF route leak

Post by silvio »

Hi,
normal behavior. You can't ping the GW in the other VRF, but the clients.
regards
Silvio

piddalagi
Member
Posts: 1
Joined: 26 Feb 2020 03:44

Re: 6860E VRF route leak

Post by piddalagi »

Silvio,
Box-6900
client----------------------|deafult-vrf, main-vrf|-------------------DHCP server



Below is the route leaks which I have done.

-> show configuration snapshot | grep "ip "
ip interface "vlan821" address 10.140.0.1 mask 255.255.252.0 vlan 821 ifindex 1
ip router router-id 10.140.0.1
ip router primary-address 10.140.0.1
ip route-map "default" sequence-number 50 action permit
ip export all-routes
ip import vrf Main route-map default
ip dhcp relay admin-state enable
ip dhcp relay destination 192.168.80.182
vrf Main ip interface "vlan100" address 192.168.80.181 mask 255.255.255.0 vlan 100 ifindex 2
vrf Main ip route-map "mainr" sequence-number 50 action permit
vrf Main ip export all-routes
vrf Main ip import vrf default route-map mainr
->

Now I am trying to reach the DHCP server from default VRF, which says "network not reachable".
Relay is configured under default VRF.
DHCP server is reachable from Main VRF.
Hence I thought I can leak routes to make clients hitting VRF, reach the DHCP server.

But its not working.
Please help.

Post Reply

Return to “OmniSwitch 6860 / 6860E”