Hello everyone,
Does anybody know if it is possible to write static routes under vprn service that will point to next-hop which is visible under global routing table?
I mean something like "ip route vrf ABC XXXX YYYY ZZZZ global" in Cisco ????
Best` Armen
Vrf-Global Routing
Re: Vrf-Global Routing
I dont know if you have figured this one out, but you can do it like this;
\configure service vprn 10000
grt-lookup enable-grt static-route x.x.x.x/y grt
Here is my test;
configure
service
vprn "10000"
-------------------------------------------------------------------------------
*A:P1_SR01>config>service>vprn# info
----------------------------------------------
route-distinguisher 1:1
interface "vprn" create
address 192.168.1.1/24
loopback
exit
grt-lookup
enable-grt
static-route 10.0.0.0/25 grt
exit
exit
no shutdown
configure
router "Base"
interface "lo1"
-------------------------------------------------------------------------------
*A:P1_SR01>config>router>if# info
----------------------------------------------
address 10.0.0.1/32
loopback
no shutdown
*A:P1_SR01# ping router 10000 10.0.0.1
PING 10.0.0.1 56 data bytes
^C
ping aborted by user
---- 10.0.0.1 PING Statistics ----
3 packets transmitted, 0 packets received, 100% packet loss
*A:P1_SR01# show debug
debug
router "Base"
ip
packet lo1
exit
exit
exit
*A:P1_SR01# show log log-id 10
===============================================================================
Event Log 10
===============================================================================
Description : From DEBUG to MEMORY
Memory Log contents
3 2014/09/22 20:34:40.52 CEST MINOR: DEBUG #2001 Base PIP
"PIP: PACKET
instance 1 (Base), interface index 7 (lo1),
ingressing on lo1 at 000 00:17:10.680
IP header:
ver: 4 hlen: 20 tos: 0x00 (dscp be) len: 84
id: 0x040f flags: 000 off: 0 ttl: 64 proto: ICMP (1)
xsum: 0xaaf0 192.168.1.1 -> 10.0.0.1
ICMP header:
type: Echo (8) code: No Code (0) xsum: 0x95f0
iden: 0xc002
sequ: 0x0003
--Christoffer
\configure service vprn 10000
grt-lookup enable-grt static-route x.x.x.x/y grt
Here is my test;
configure
service
vprn "10000"
-------------------------------------------------------------------------------
*A:P1_SR01>config>service>vprn# info
----------------------------------------------
route-distinguisher 1:1
interface "vprn" create
address 192.168.1.1/24
loopback
exit
grt-lookup
enable-grt
static-route 10.0.0.0/25 grt
exit
exit
no shutdown
configure
router "Base"
interface "lo1"
-------------------------------------------------------------------------------
*A:P1_SR01>config>router>if# info
----------------------------------------------
address 10.0.0.1/32
loopback
no shutdown
*A:P1_SR01# ping router 10000 10.0.0.1
PING 10.0.0.1 56 data bytes
^C
ping aborted by user
---- 10.0.0.1 PING Statistics ----
3 packets transmitted, 0 packets received, 100% packet loss
*A:P1_SR01# show debug
debug
router "Base"
ip
packet lo1
exit
exit
exit
*A:P1_SR01# show log log-id 10
===============================================================================
Event Log 10
===============================================================================
Description : From DEBUG to MEMORY
Memory Log contents
3 2014/09/22 20:34:40.52 CEST MINOR: DEBUG #2001 Base PIP
"PIP: PACKET
instance 1 (Base), interface index 7 (lo1),
ingressing on lo1 at 000 00:17:10.680
IP header:
ver: 4 hlen: 20 tos: 0x00 (dscp be) len: 84
id: 0x040f flags: 000 off: 0 ttl: 64 proto: ICMP (1)
xsum: 0xaaf0 192.168.1.1 -> 10.0.0.1
ICMP header:
type: Echo (8) code: No Code (0) xsum: 0x95f0
iden: 0xc002
sequ: 0x0003
--Christoffer
[flash=]
Christoffer
Network System Expert Norway
Nokia SRA #265
Alcatel-Lucent SRC 3RP Certified #552
Alcatel-Lucent SRC NRS-2 Certified #1104
Huawei HCNP Routing & Switching certified
Cisco CCNP Certified
LinkedIN
[/flash]
Christoffer
Network System Expert Norway
Nokia SRA #265
Alcatel-Lucent SRC 3RP Certified #552
Alcatel-Lucent SRC NRS-2 Certified #1104
Huawei HCNP Routing & Switching certified
Cisco CCNP Certified
[/flash]
Re: Vrf-Global Routing
If someone knows of a way to create a static route from GRT to VPRN, please let me know.
I cannot see a way to do that without a physical loop cable...
I cannot see a way to do that without a physical loop cable...
[flash=]
Christoffer
Network System Expert Norway
Nokia SRA #265
Alcatel-Lucent SRC 3RP Certified #552
Alcatel-Lucent SRC NRS-2 Certified #1104
Huawei HCNP Routing & Switching certified
Cisco CCNP Certified
LinkedIN
[/flash]
Christoffer
Network System Expert Norway
Nokia SRA #265
Alcatel-Lucent SRC 3RP Certified #552
Alcatel-Lucent SRC NRS-2 Certified #1104
Huawei HCNP Routing & Switching certified
Cisco CCNP Certified
[/flash]
Re: Vrf-Global Routing
Thanks to my friend Hesam for clearing this oneStoffen wrote:If someone knows of a way to create a static route from GRT to VPRN, please let me know.
I cannot see a way to do that without a physical loop cable...
\configure router policy-options
begin
prefix-list "VPRN2GRT"
prefix 192.168.0.0/16 longer
exit
policy-statement "VPRN2GRT"
entry 10
from
prefix-list "VPRN2GRT"
exit
action accept
exit
exit
exit
commit
\configure service vprn 10000
grt-lookup
enable-grt
static-route 10.0.0.0/24 grt
exit
export-grt "VPRN2GRT"
exit
*A:P1_SR01# show router 10000 route-table
===============================================================================
Route Table (Service: 10000)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.0.0/24 Blackh* Static 00h02m31s 5
Black Hole 1
192.168.1.0/24 Local Local 00h02m52s 0
vprn 0
-------------------------------------------------------------------------------
*A:P1_SR01# show router route-table 192.168.0.0/16 longer
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
192.168.1.0/24 Remote VPN Leak 00h02m59s 180
vprn 0
-------------------------------------------------------------------------------
No. of Routes: 1
*A:P1_SR01# ping router 10000 10.0.0.1
PING 10.0.0.1 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.188ms.
[flash=]
Christoffer
Network System Expert Norway
Nokia SRA #265
Alcatel-Lucent SRC 3RP Certified #552
Alcatel-Lucent SRC NRS-2 Certified #1104
Huawei HCNP Routing & Switching certified
Cisco CCNP Certified
LinkedIN
[/flash]
Christoffer
Network System Expert Norway
Nokia SRA #265
Alcatel-Lucent SRC 3RP Certified #552
Alcatel-Lucent SRC NRS-2 Certified #1104
Huawei HCNP Routing & Switching certified
Cisco CCNP Certified
[/flash]
-
Marko Radosavljevic
Re: Vrf-Global Routing
Hi guys,
We are looking to implement DDoS solution using clean vrf to deliver clean traffic to the protected customer.
(if you want to read more about this, you can look at this link:
https://ripe66.ripe.net/presentations/3 ... andeve.pdf)
We have topology like this:
************************************************************************************
///MPLS NETWORK///P1---PE1----------------CE-----10.10.10.10/32
Global routing table on PE1:
10.10.10.10/32 ---> P1 router
*************************************************************************************
VPRN on PE1 router doesn't have any interface assigned. We should create static route in VPRN to forward traffic toward 10.10.10.10/32 via GRT, using next-hop address of CE. Problem is that global routing table on PE has route 10.10.10.10/32 leading back toward network (P1 router).
Once the vpn traffic reached PE router which is directly connected with customer, I can't force it to go toward specific next hop (CE address) which is in GRT.
I have tried to configure:
grt-lookup
enable-grt
static-route 10.10.10.10/32 grt
exit
but in GRT this routes leads back toward "network", not toward customer.
So, it is not enough just to do lookup in GRT. It should send traffic to the next-hop which is CE's link address. After traffic reaches CE, it will be routed correctly.
On Cisco device this command solves the problem:
ip route vrf TEST <network> <mask> <next-hop> global
It will use the next-hop from GRT and send traffic to that next hop.
How can I do this on AlcatelLucent?
I hope that you have understood the what is the problem.
Please help!
Thank you in advance.
BR,
Marko
We are looking to implement DDoS solution using clean vrf to deliver clean traffic to the protected customer.
(if you want to read more about this, you can look at this link:
https://ripe66.ripe.net/presentations/3 ... andeve.pdf)
We have topology like this:
************************************************************************************
///MPLS NETWORK///P1---PE1----------------CE-----10.10.10.10/32
Global routing table on PE1:
10.10.10.10/32 ---> P1 router
*************************************************************************************
VPRN on PE1 router doesn't have any interface assigned. We should create static route in VPRN to forward traffic toward 10.10.10.10/32 via GRT, using next-hop address of CE. Problem is that global routing table on PE has route 10.10.10.10/32 leading back toward network (P1 router).
Once the vpn traffic reached PE router which is directly connected with customer, I can't force it to go toward specific next hop (CE address) which is in GRT.
I have tried to configure:
grt-lookup
enable-grt
static-route 10.10.10.10/32 grt
exit
but in GRT this routes leads back toward "network", not toward customer.
So, it is not enough just to do lookup in GRT. It should send traffic to the next-hop which is CE's link address. After traffic reaches CE, it will be routed correctly.
On Cisco device this command solves the problem:
ip route vrf TEST <network> <mask> <next-hop> global
It will use the next-hop from GRT and send traffic to that next hop.
How can I do this on AlcatelLucent?
I hope that you have understood the what is the problem.
Please help!
Thank you in advance.
BR,
Marko
-
zeips
Re: Vrf-Global Routing
Hi,
I ve checked the document you attached. According to the doc, do you have problem on scrubber side or server?
It seems to me that the PE connected to the customer decides to choose farend IP adress(scrubber?) to send traffic to, rather then to directly connected customer device. Which could mean its not a problem with leaking. Its just the routing that directs traffic elsewhere than to your directly connected customer. Is that the case?
I ve checked the document you attached. According to the doc, do you have problem on scrubber side or server?
It seems to me that the PE connected to the customer decides to choose farend IP adress(scrubber?) to send traffic to, rather then to directly connected customer device. Which could mean its not a problem with leaking. Its just the routing that directs traffic elsewhere than to your directly connected customer. Is that the case?
-
thekotaksampah
- Member
- Posts: 100
- Joined: 06 Jan 2014 20:04
Re: Vrf-Global Routing
Hello everyone I do that config and have configuration like below
|Pe1|-----------------ospf net|------------------------------|pe2|--vprn--ce..
1. When I ping from PE1 to CE, I found RTO
2. When I ping from PE1 to interface on vprn, I found RTO too.
3. I ping from PE2 to CE, RTO
4. I ping from PE2 to interface on vprn no. RTO.
I need your advice about this case guys..
|Pe1|-----------------ospf net|------------------------------|pe2|--vprn--ce..
1. When I ping from PE1 to CE, I found RTO
2. When I ping from PE1 to interface on vprn, I found RTO too.
3. I ping from PE2 to CE, RTO
4. I ping from PE2 to interface on vprn no. RTO.
I need your advice about this case guys..
Technical Blog: ngoprek.achyarnurandi.id
-
thekotaksampah
- Member
- Posts: 100
- Joined: 06 Jan 2014 20:04
Re: Vrf-Global Routing
hello.. sorry guys, I have found the problem. I need to define export policy in ospf then re-define my CE router. Sorry for make annoying question hehhe
Technical Blog: ngoprek.achyarnurandi.id
