Hello Don
Can you repost just the commands you used to configure the EVN trunk and the OSPF routing? It will make it clearer and easier to troubleshoot. Thanks!
Laz
1 Like
Hopefully, this will be easier. I donât know what it means when it says please use the âcodeâ button to post configurations.
ISP1:
vrf definition Blue
vnet tag 10
!
address-family ipv4
exit-address-family
!
vrf definition Red
vnet tag 20
!
address-family ipv4
exit-address-family
!
interface GigabitEthernet1
vrf forwarding Blue
ip address 192.168.1.254 255.255.255.0
negotiation auto
!
interface GigabitEthernet2
vrf forwarding Red
ip address 192.168.2.254 255.255.255.0
negotiation auto
!
interface GigabitEthernet3
vnet trunk
ip address 192.168.56.5 255.255.255.0
negotiation auto
!
!
router ospf 1 vrf Blue
network 192.168.1.0 0.0.0.255 area 0
network 192.168.56.0 0.0.0.255 area 0
!
router ospf 2 vrf Red
network 192.168.2.0 0.0.0.255 area 0
network 192.168.56.0 0.0.0.255 area 0
!
ISP2:
vrf definition Blue
vnet tag 10
!
address-family ipv4
exit-address-family
!
vrf definition Red
vnet tag 20
!
address-family ipv4
exit-address-family
!
interface GigabitEthernet1
vrf forwarding Blue
ip address 192.168.3.254 255.255.255.0
negotiation auto
!
interface GigabitEthernet2
vrf forwarding Red
ip address 192.168.4.254 255.255.255.0
negotiation auto
!
interface GigabitEthernet3
vnet trunk
ip address 192.168.56.6 255.255.255.0
negotiation auto
!
!
router ospf 1 vrf Blue
network 192.168.3.0 0.0.0.255 area 0
network 192.168.56.0 0.0.0.255 area 0
!
router ospf 2 vrf Red
network 192.168.4.0 0.0.0.255 area 0
network 192.168.56.0 0.0.0.255 area 0
!Hello Don.
Iâm assuming the EVN trunk is working and that youâve checked the VRF configuration, and youâve successfully verified that the vnet trunk has been created with the appropriate show and ping commands. Iâm also assuming youâve checked the output from the command show derived-confg and that the subinterfaces Gi3.10 and Gi3.20 are showing up. Check these first to see that the EVN is working correctly before any routing has been configured.
Looking through your config, Iâm not able to find something that stands out as an error. It seems like it should work. Are you using GNS3, real devices or VIRL? Try doing a debug on OSPF to see that hello packets are being sent and see if any are being rejected on the other end or if theyâre not actually reaching their destination.
I hope this at least gives you a fresh starting point for your troubleshooting. Keep us posted!
Laz
1 Like
Yes to all of your config questions. I can ping across the trunk, but no neighborship. It is GNS3 with csr1000v (free trial) routers. The vrf config is good. It behaves as expected from the ISP router to the Bluex and Redx routers.
I did turn on ospf debugging and I see the hello going out, but nothing comes back.
Hello Don.
Iâm not sure how else I can be of help. It looks to me to be a glitch within the GNS3 engine. If everything else is functioning, it is very strange. I will have @ReneMolenaar take a look and see if he has any suggestions.
Thanks!
Laz
Hi Rene,
I would like to understand why vrf Green gets all connected and ospf routes replicated from Red and Blue, however when you check vrf Blue route table, for example, only the connected route from Red (replicated from Green) is there, but not the ospf route:
ISP1#show ip route vrf Green (snippet only showing routes copied from vrf Blue & Red)
C + 192.168.1.0/24 is directly connected, GigabitEthernet1
L 192.168.1.254/32 is directly connected, GigabitEthernet1
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C + 192.168.2.0/24 is directly connected, GigabitEthernet2
L 192.168.2.254/32 is directly connected, GigabitEthernet2
O + 192.168.3.0/24
[110/2] via 192.168.56.6 (Blue), 01:26:38, GigabitEthernet3.10
O + 192.168.4.0/24
[110/2] via 192.168.56.6 (Red), 01:19:37, GigabitEthernet3.20ISP1#show ip route vrf Blue (snippet only showing routes copied from Green/Red)
C + 5.5.5.0/24 is directly connected, Loopback0 (copied from Green)
L 5.5.5.5/32 is directly connected, Loopback0
192.168.2.0/32 is subnetted, 1 subnets
L + 192.168.2.254 is directly connected, GigabitEthernet2 (copied from Green but originally a Red route)I was also expecting to see this, since that is an originally ospf route in vrf Red that got copied to Green and since all Green routes are replicated to Blue, still donât get why this one doesnât make it.
O + 192.168.4.0/24
[110/2] via 192.168.56.6 (Red), 01:19:37, GigabitEthernet3.20Hi Mercedes,
Good question, I canât think of any technical reason why those routes donât show up but I think they did it on purpose. EVN is one of those âautomaticallyâ solutions (unlike VRF lite) and I think they do it so you donât accidentally share routes from VRF X > Y > Z unintentionally.
If you look at vrf Blue on ISP1, it doesnât have the entire 192.168.2.0/254 network from VRF Red but only 192.168.2.254 (its own IP address).
Rene
1 Like
Hi not a big deal since all the configs work for me and I can lab this, but I am using the
c7200-adventerprisek9-mz.152-4.S3.image not a XE router and everything seems to work fine for me. Am I not running a âtrueâ EVN? Thanks for any help you can give me!
Hi Kevin,
If the commands are supported and it works then itâs all good. I didnât know the 7200 also supported this.
Rene
1 Like
Dear Rene, in your video explaining EVN, What kind of SSH/Telnet client are you using? The blue lined background caught my eyes lol
Oh and thanks for the easy and clear explanation of the topic, choosing red and blue client is really smart.
Hello Fady
Based on other answers that Rene has given, I believe he uses SecureCRT. The colours and backgrounds can be configured accordingly.
I hope this has been helpful!
Laz
1 Like
Hello!
Can you please let me know the difference between:
ip vrf forwarding and vrf forwarding under interface configuration.
1 Like
Hello Johnson
The vrf forwarding command can only be used under the interface configuration. You may be referring to the ip vrf forwarding command which can also be implemented in global configuration mode.
Cisco explains the difference like so:
In earlier Cisco IOS releases, you created a VRF to be applied only to an IPv4 address family (single-protocol VRF) by entering the ip vrf command. To activate the single-protocol VRF on an interface, you entered the ip vrf forwarding (interface configuration) command.
You can now define multiple address families under the same VRF or configure separate VRFs for each IPv4 or IPv6 address family by entering the vrf definition command. To activate the multiprotocol VRF on an interface, you enter the vrf forwarding command. A given VRF, identified by its name and a set of policies, can apply to both an IPv4 VPN and an IPv6 VPN at the same time. This VRF can be activated on a given interface, even though the routing and forwarding tables are different for the IPv4 and IPv6 protocols.
This has been taken from the following Cisco documentation:
I hope this has been helpful!
Laz
3 Likes
In the VRF Lite lesson, a VRF was created with the ip vrf command, but in this lesson itâs vrf definition. Whatâs the difference between these?
1 Like
Hello Jeremy
By using the ip vrf command, we are creating a single protocol VRF, namely using IPv4. The vrf definition command creates a VRF with multiprotocol support. So such a VRF can function using IPv4 and IPv6. Notice in this lesson that there is the added command address-family ipv4 which is required to specify the participating protocols, whereas under the ip vrf command, IP is already specified.
Essentially, both configurations are the same, from the moment that only IPv4 is being used.
I hope this has been helpful!
Laz
3 Likes
My question is about a particular situation. What if we have another router in the middle, and we do not want any of its interfaces in any particular vrf but we do want his links to be used as VNET TRUNKS. Is there a way to accomplish such a task ?
I have tried to stick a router in the middle and have created two VRFâs on this router also enabled both interfaces connecting two neighboring routers as VNET TRUNKS.
These two remaining routers have the same vrfâs configured with the same VNET TAGS and enabled on some interfaces and if they were directly connected to each other they would have formed a VNET TRUNK no problem.
Than I have configured super simple OSPF to encompass all of the interfaces on the router in the middle and specific OSPF on both routers connecting to that middle one 
Unfortunately neighborships are not being formed and I am wandering what could I do to solve this. I did not really find any solution in Ciscoâs docs for now, so decided to ask here. Sorry for the trouble âŚ
Regards,
Kamil
1 Like
Hello Kamil
The EVN configuration should indeed work with three routers in the core network. Take a look at this Cisco documentation especially Figure 3 within it:
When you create such a topology, keep the following in mind:
- You must create a VRF definition of RED and BLUE in all three ISP routers and include the VNET tags appropriately
- Employ the
vnet trunkcommand on all intervening interfaces within the core network including the two interfaces connecting to ISP1 and ISP2, that is, the ISP routers connected to the customer equipment. - Configure OSPF on all three ISP routers such that the included networks in OSPF are those of the core interfaces (those not connecting to end equipment) and are included in both the RED and BLUE OSPF configuration.
If you can get OSPF to function between ISP1 and ISP2 in the original topology (without the third router) then you should be able to get the neighborhood relation up and running between ISP1 and the intervening router, and the intervening router and ISP 2.
I hope this has been helpful!
Laz
2 Likes
Hello Lazaros
Thank you a lot for this nice reply, I think that I have already tried doing it in a similar way my friend although I am going to give it another bash tonight after I finish with revising BGP
Kind Regards,
Kamil
Hello Kamil
Great, and thanks for the reply. Let us know your results when you make your second attempt.
Laz
Hello Laz,
Does EVN supports ipv6 ?
Thanks,
Sachin
1 Like