Cisco IOS – How to Ping VRF Loopback Interface

cisco-iosvrf

I'm doing a Lab and it's very simple. it's just like I need to confirm some commands but I'm really getting upset.

here is my lab. I configured a vrf and a loopback interface which I apply it under the vrf. the loopback has been disappear from the global table and it's inserted in the vrf table. so I added a static route to be able to ping the interface from the global table. Now I can see the loopback interface in the global table inserted as static but i can't pings.

I feel there is something silly missing becasue everything seems ok and it should work. the output of my router configuratuion is shown below:

ip vrf HQ
 rd 30:50

!
!
!
!
!
!
!

interface Loopback1
 ip vrf forwarding HQ
 ip address 1.1.1.1 255.255.255.255
!

ip classless
ip route 1.1.1.1 255.255.255.255 Loopback1
no ip http server
no ip http secure-server
!
!
!
!


R2#sh ip ro
R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
S       1.1.1.1 is directly connected, Loopback1



R2#sh ip ro
R2#sh ip route vrf HQ

Routing Table: HQ
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback1
R2#

Note: I can traceroute the ip of the interface

Best Answer

What you need is route leaking from VRF into Global Routing Table (you already did) and route leaking from Global Routing Table into VRF.

I assume your network diagram is as simple as the following

On R2, you already have ip route 1.1.1.1 255.255.255.255 Loopback1.

Now you will need another static VRF route to leak the route 10.0.0.0/24 into VRF HQ:

  ip route vrf HQ 10.0.0.0 255.255.255.0 10.0.0.1 global

Verification on R2:

R2#show run | i route
ip route 1.1.1.1 255.255.255.255 Loopback1
ip route vrf HQ 10.0.0.0 255.255.255.0 10.0.0.1 global


R2#show ip route | beg Gateway
Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
S       1.1.1.1 is directly connected, Loopback1
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/0


R2#show ip route vrf HQ | beg Gateway
Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback1
     10.0.0.0/24 is subnetted, 1 subnets
S       10.0.0.0 [1/0] via 10.0.0.1


R2#ping 1.1.1.1 source 10.0.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/70/72 ms

Verification on R1:

R1#show run | i route
ip route 1.1.1.1 255.255.255.255 10.0.0.2


R1#ping 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/36/64 ms

I hope it is helpful and answers your question.

Summary

is this on the right track?

Yes... very similar to the link in the comment... As you mentioned, you only need to do two things...

Configure NAT overload on the global interface
Put a static route in the VRF for the speed test server...

Details

Assume your speed test server is at 172.16.10.5... and you're trying to ping it from a CE switch in VRF01.

  To Speed Test Server
  (172.16.10.5, NH 172.16.1.1)
   <-------

Fa0/0 (global table) +-----+ Fa1/0 (VRF01)             Fa0/17 +-----+
        172.16.1.200 |     | 192.0.2.1/24      192.0.2.100/24 |     |
---------------------| PE1 |----------------------------------| CE1 |
                     |     |                                  |     |
                     +-----+                                  +-----+

PE1's Config

!!! PE1 Config
!
hostname PE1
!
ip vrf VRF01
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
interface FastEthernet0/0
 description global table interface
 ip address 172.16.1.200 255.255.255.0
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
!
!
interface FastEthernet1/0
 ip vrf forwarding VRF01
 ip address 192.0.2.1 255.255.255.0
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
!
ip route vrf VRF01 172.16.10.5 255.255.255.255 172.16.1.1 global
!
!! Insert other PE1 global routing configs

CE1's config

!!! CE1 Config
!
hostname CE1
!
interface FastEthernet0/17
 switchport access vlan 11
 switchport mode access
 switchport nonegotiate
!
!
interface Vlan11
 ip address 192.0.2.100 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.0.2.1

Ping proof...

CE1#ping 172.16.10.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
CE1#

NAT entry...

PE1#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
icmp 172.16.1.200:3    192.0.2.100:3      172.16.10.5:3      172.16.10.5:3
PE1#

Cisco OSPF – Type 5 /32 Routes in Database but Not in Routing Table

As pointed out by DanielDib, the problem is the wrong forward address set in the type 5 LSA.

According to the Cisco documentation, the forward address is basically set, if the next hop Interface of the static route generated by RRI participates in the OSPF routing process. Further details can be found in the linked documentation.

The next-hop of the RRI static routes is set to the default gateway of the ASA interface where the crypto map is applied, in our case the outside interface pointing to the MLS. This next-hop IP is the IP of the interface of the MLS.

At the MLS, the forward address of the LSA (xx.xx.192.21) is an IP address of one of its own interfaces. As the foward address needs to be known as internal OSPF route, the route is not considered to be added to the routing table. The solution hence may be either to have a correct forward address, or to supress the forward address, if required. This question may include further details on this solution.

Best Answer

Related Solutions

Nat – IOS – Nat from a VRF to WAN interface in global routing table

Summary

Details

Cisco OSPF – Type 5 /32 Routes in Database but Not in Routing Table

Related Topic