Allied Telesis C613-16164-00 Manual de usuario

Technical Guidealliedtelesis.com xHow To | C613-16164-00 REV EIntroductionIn IP-based networks, VRF stands for Virtual Routing and Forwarding. This te

Understanding VRF-litePage 10 | Configure VRF-liteVRF-lite features in AW+ Here is a summary of the features provided by the AW+ VRF-lite implementat

Configure VRF-lite | Page 11Understanding VRF-liteRoute limiting per VRF instanceIn a multi-VRF network environment, it may be problematic if one V

Understanding VRF-litePage 12 | Configure VRF-liteTelnet clientawplus#telnet ? WORD IPv4/IPv6 address or hostname of a remote system ip IP tel

Configure VRF-lite | Page 13Configuring VRF-liteConfiguring VRF-liteThe following section describes the generic commands used to configure VRF-lite

Configuring VRF-litePage 14 | Configure VRF-lite CONFIGURING VLANS AND VLAN DATABASE PURPOSEStep 1 awplus(config)#vlan database VLANs are created in

Configure VRF-lite | Page 15Configuring VRF-liteDYNAMIC ROUTING PROTOCOL - RIP ADDRESS-FAMILY PURPOSEStep 1 awplus(config)#router rip Optional. En

Configuring VRF-litePage 16 | Configure VRF-liteSTATIC ROUTES PURPOSEStep 1 awplus(config)# ip route vrf <name> <network> {<gateway>

Configure VRF-lite | Page 17Configuring VRF-liteStatic inter-VRF routing Static inter-VRF routing involves creating static routes in one VRF instan

Dynamic inter-VRF communication explainedPage 18 | Configure VRF-liteDynamic inter-VRF communication explainedThe following section explains how VRF

Configure VRF-lite | Page 19Dynamic inter-VRF communication explainedThe command redistribute <protocol> can be configured in an OSPF instanc

IntroductionPage 2 | Configure VRF-liteWho should read this document?This document is aimed at advanced network engineers.Which products and software

Dynamic inter-VRF communication explainedPage 20 | Configure VRF-liteInter-VRF communication via BGPDynamic inter-VRF route leakage is achieved by ma

Configure VRF-lite | Page 21Dynamic inter-VRF communication explainedUsing the route-target commandWhen BGP is used for inter-VRF communication, dy

Dynamic inter-VRF communication explainedPage 22 | Configure VRF-liteThe following three examples demonstrate how the route-target command facilitate

Configure VRF-lite | Page 23Dynamic inter-VRF communication explained3. If VRF red configuration includes*:ip vrf red rd 100:1 route-target export

Dynamic inter-VRF communication explainedPage 24 | Configure VRF-liteHow VRF-lite security is maintainedIncidentally, only the original routes can be

Configure VRF-lite | Page 25Simple VRF-lite configuration examplesSimple VRF-lite configuration examplesThe following section contains simple confi

Simple VRF-lite configuration examplesPage 26 | Configure VRF-lite!interface vlan12 ip vrf forwarding red ip address 10.2.2.1/24!interface vlan13 ip

Configure VRF-lite | Page 27Simple VRF-lite configuration examplesVRFs accessing a shared network. An example of static inter-VRF routingThe partia

Simple VRF-lite configuration examplesPage 28 | Configure VRF-liteDynamic inter-VRF communication with RIP routing to external peersThe partial confi

Configure VRF-lite | Page 29Simple VRF-lite configuration examplesDynamic inter-VRF communication with BGP routing to external peers The partial co

Configure VRF-lite | Page 3IntroductionContentsIntroduction ...

Simple VRF-lite configuration examplesPage 30 | Configure VRF-liteDynamic inter-VRF communication with OSPF routing to external peersThe complete con

Configure VRF-lite | Page 31Simple VRF-lite configuration examples!access-list standard greenBlock3334 deny 192.168.33.0/24access-list standard gre

Simple VRF-lite configuration examplesPage 32 | Configure VRF-liteinterface vlan1 ip vrf forwarding red ip address 192.168.10.1/24!interface vlan2 ip

Configure VRF-lite | Page 33Inter-VRF configuration examples with Internet accessInter-VRF configuration examples with Internet accessThe following

Inter-VRF configuration examples with Internet accessPage 34 | Configure VRF-liteConfiguration!ip vrf remote1 1 !ip vrf remote2 2 !ip vrf shared3 3 !

Configure VRF-lite | Page 35Inter-VRF configuration examples with Internet access!interface vlan13 ip vrf forwarding remote1 ip address 13.0.0.1/8!

Inter-VRF configuration examples with Internet accessPage 36 | Configure VRF-liteExample BInternetIntranetremote1VRF1Intranet 1 static routeIntranetr

Configure VRF-lite | Page 37Inter-VRF configuration examples with Internet accessConfiguration!access-list standard deny_overlap deny 10.0.0.0/8acc

Inter-VRF configuration examples with Internet accessPage 38 | Configure VRF-lite!interface port1.0.6-1.0.26 switchport switchport mode access!interf

Configure VRF-lite | Page 39Inter-VRF configuration examples with Internet access ! address-family ipv4 vrf remote2 redistribute connected exit-add

GlossaryPage 4 | Configure VRF-liteGlossaryACRONYM DESCRIPTIONAS Autonomous SystemACL Access Control ListBGPBorder Gateway ProtocolFIB Forwarding Inf

Inter-VRF configuration examples with Internet accessPage 40 | Configure VRF-liteExample CIntranetremote1VRF1Intranet 1 static routeIntranetremote2In

Configure VRF-lite | Page 41Inter-VRF configuration examples with Internet accessConfiguration!access-list standard deny_overlap deny 10.0.0.0/8acc

Inter-VRF configuration examples with Internet accessPage 42 | Configure VRF-lite!interface port1.0.4 switchport switchport mode trunk switchport tru

Configure VRF-lite | Page 43Inter-VRF configuration examples with Internet access exit-address-family ! address-family ipv4 vrf office4 network vla

Configuring a complex inter-VRF solutionPage 44 | Configure VRF-liteConfiguring a complex inter-VRF solutionA network comprising of multiple devices

Configure VRF-lite | Page 45Configuring a complex inter-VRF solutionVRF communication plan VRF shared can access all VRFs red, green, blue and ora

Configuring a complex inter-VRF solutionPage 46 | Configure VRF-liteConfiguration breakdown When configuring a complex inter-VFR aware device, such a

Configure VRF-lite | Page 47Configuring a complex inter-VRF solutionLocal interfaces can be utilised by a number of protocols for various purposes.

CONFIGURE VRFSConfiguring a complex inter-VRF solutionPage 48 | Configure VRF-liteawplus(config)#ip vrf red 1awplus(config-vrf)#rd 100:1awplus(config

Configure VRF-lite | Page 49Configuring a complex inter-VRF solutionConfigure the hardware ACLsThe command access-list hardware <name> create

Configure VRF-lite | Page 5Understanding VRF-liteUnderstanding VRF-liteThe purpose of VRF is to enable separate IP networks, possibly using overlap

CONFIGURE HARDWARE ACLSConfiguring a complex inter-VRF solutionPage 50 | Configure VRF-liteConfigure the VLANsVLANs are created in the VLAN database,

Configure VRF-lite | Page 51Configuring a complex inter-VRF solutionThe third access group allow100_deny_private permits VRF red to access shared V

CONFIGURE IP ADDRESSESawplus(config-if)#exit[cont...]Configuring a complex inter-VRF solutionPage 52 | Configure VRF-liteConfigure the IP addressesAn

Configure VRF-lite | Page 53Configuring a complex inter-VRF solutionawplus(config)#interface vlan1awplus(config-if)#ip vrf forwarding redawplus(con

CONFIGURE DYNAMIC ROUTINGConfiguring a complex inter-VRF solutionPage 54 | Configure VRF-liteConfigure routingDynamic routing protocols are configure

Configure VRF-lite | Page 55Configuring a complex inter-VRF solutionConnected routes associated with VRF green are redistributed into BGP, and also

Configuring a complex inter-VRF solutionPage 56 | Configure VRF-liteStatic routes are configured. Each VRF instance is also configured with its own s

CONFIGURE STATIC ROUTINGCONFIGURE ROUTE MAPS Configure VRF-lite | Page 57Configuring a complex inter-VRF solutiondenotes a static route to destinati

Configuring a complex inter-VRF solutionPage 58 | Configure VRF-liteComplete show run output from VRF device is belowawplus>enaawplus#sh run!servi

Configure VRF-lite | Page 59Configuring a complex inter-VRF solution!ip vrf shared 5 rd 100:5 route-target import 100:1 route-target import 100:2 r

Understanding VRF-litePage 6 | Configure VRF-liteVRF-lite security domainsVRF-lite provides network isolation on a single device at Layer 3. Each VRF

Configuring a complex inter-VRF solutionPage 60 | Configure VRF-lite switchport access vlan 4 access-group allow_to_self_40 access-group access43 acc

Configure VRF-lite | Page 61Configuring a complex inter-VRF solutioninterface vlan6 ip vrf forwarding overlap ip address 192.168.10.1/24!interface

Configuring a complex inter-VRF solutionPage 62 | Configure VRF-liteip route vrf orange 192.168.20.0/24 192.168.40.2ip route vrf orange 192.168.140.0

Configure VRF-lite | Page 63Configuring a complex inter-VRF solution[VRF: blue]S* 0.0.0.0/0 [1/0] via 192.168.100.254, vlan5C 3.3.3.3/32

Configuring a complex inter-VRF solutionPage 64 | Configure VRF-liteConfiguration files for each external router used in the topology and its associa

Configure VRF-lite | Page 65Configuring a complex inter-VRF solutionhostname shared_router!vlan databasevlan 2-4 state enable!interface port1.0.2 s

Configuring a complex inter-VRF solutionPage 66 | Configure VRF-litehostname red_ospf_peer!vlan databasevlan 2-3 state enable!interface port1.0.2 swi

Configure VRF-lite | Page 67Configuring a complex inter-VRF solutionhostname green_i_BGP_peer!vlan databasevlan 2-3 state enable!interface port1.0.

Configuring a complex inter-VRF solutionPage 68 | Configure VRF-litehostname blue_rip_peer!vlan databasevlan 2-3 state enable!interface port1.0.2 swi

Configure VRF-lite | Page 69Configuring a complex inter-VRF solutionhostname orange_router!vlan databasevlan 2-3 state enable!interface port1.0.2 s

awplus(config)#arp ? A.B.C.D IP address of the ARP entry log Arp log vrf VRF instanceawplus(config)#arp vrf <name> ? A.B.C.D IP

Configuring a complex inter-VRF solutionPage 70 | Configure VRF-litehostname orange_ospf_peer!vlan databasevlan 2 state enable!interface port1.0.2 sw

Configure VRF-lite | Page 71VCStack and VRF-liteVCStack and VRF-liteThe following example illustrates how to configure VRF-lite in a VCStacked envi

VCStack and VRF-litePage 72 | Configure VRF-liteVirtual Chassis IDAlso, the optional command stack virtual-chassis-id <value> specifies the VCS

Configure VRF-lite | Page 73VCStack and VRF-lite ip address 11.11.11.1/24!interface vlan14 ip vrf forwarding violet ip address 192.168.14.1/24!inte

VCStack and VRF-litePage 74 | Configure VRF-lite!interface vlan14 ip vrf forwarding violet ip address 192.168.14.2/24!interface vlan15 ip vrf forward

Configure VRF-lite | Page 75VCStack and VRF-liteSharing VRF routing and double tagging on the same portIn this scenario, both VRF-lite traffic and

VCStack and VRF-litePage 76 | Configure VRF-liteConfigurationsx610 Aip vrf red 1ip vrf green 2vlan database vlan 20 name nested vlan 11-12,20,111-11

Configure VRF-lite | Page 77VCStack and VRF-liteinterface port1.0.20switchport mode trunk switchport trunk allowed vlan add 11-12,20 switchport tru

Dynamic inter-VRF routing between the global VRF domain and a VRF instancePage 78 | Configure VRF-liteDynamic inter-VRF routing between the global VR

Configure VRF-lite | Page 79Dynamic inter-VRF routing between the global VRF domain and a VRF instanceFor both these examples all BGP neighbor rela

Understanding VRF-litePage 8 | Configure VRF-liteInter-VRF communicationWhilst the prime purpose of VRF-lite is to keep routing domains separate from

Dynamic inter-VRF routing between the global VRF domain and a VRF instancePage 80 | Configure VRF-liteThe global parameter in the command neighbor x.

Configure VRF-lite | Page 81Dynamic inter-VRF routing between the global VRF domain and a VRF instanceDynamic inter-VRF communication with i-BGP ro

Dynamic inter-VRF routing between the global VRF domain and a VRF instancePage 82 | Configure VRF-litered routervlan databasevlan 2-3 state enable!in

Configure VRF-lite | Page 83Dynamic inter-VRF routing between the global VRF domain and a VRF instanceredistribute connectedredistribute staticneig

Route LimitsPage 84 | Configure VRF-liteRoute LimitsIn multi-VRF network environment, it may be disastrous if one VRF injects too many routes and fil

Configure VRF-lite | Page 85Route LimitsConfigurin g Dynamic route limitsAW+ supports the ability to limit dynamic routes via the max-fib-routes co

Route LimitsPage 86 | Configure VRF-liteawplus(config)# ip vrf redawplus(config-vrf)# max-fib-routes 2000 75Alternatively, to ensure a warning messag

Configure VRF-lite | Page 87VRF-lite usage guidelinesVRF-lite usage guidelinesThe general guideline is that all current services remain available i

Useful VRF-related diagnostics command listPage 88 | Configure VRF-liteUseful VRF-related diagnostics command listBelow is a summary list of diagnost

Configure VRF-lite | Page 89Useful VRF-related diagnostics command list connected Connected database IP routing table database global Glo

Configure VRF-lite | Page 9Understanding VRF-liteStatic and dynamic inter-VRF routingAs mentioned above, "Inter-VRF communication" on pag

Useful VRF-related diagnostics command listPage 90 | Configure VRF-liteawplus#sh ip ospf interfaceawplus#sh ip ospf ? <0-65535> Process

C613-16164-00 REV Eawplus#show ip bgp vrf <name> ? A.B.C.D IP prefix <network>, e.g., 35.0.0.0 A.B.C.D/M IP prefix <n