MPLS Virtual Private Networks: About This Document

MPLS Virtual Private Networks
About this Document

This feature guide document (feature module) published December 1999, for Cisco IOS Release 12.0(5)T. The features and capabilities described in this document have been changed and updated; please see the documentation specic to your Cisco IOS Software release version at http://www.cisco.com/univercd/cc/td/doc/product/software/index.htm .
Feature Overview
The IP virtual private network (VPN) feature for Multiprotocol Label Switching (MPLS) allows a Cisco IOS network to deploy scalable IPv4 Layer 3 VPN backbone services. An IP VPN is the foundation companies use for deploying or administering value-added services including applications and data hosting network commerce, and telephony services to business customers. In private local area networks (LANs), IP-based intranets have fundamentally changed the way companies conduct their business. Companies are moving their business applications to their intranets to extend over a wide area network (WAN). Companies are also embracing the needs of their customers, suppliers, and partners by using extranets (an intranet that encompasses multiple businesses). With extranets, companies reduce business process costs by facilitating supply-chain automation, electronic data interchange (EDI), and other forms of network commerce. To take advantage of this business opportunity, service providers must have an IP VPN infrastructure that delivers private network services to businesses over a public infrastructure.
Tag Switching/MPLS Terminology

MPLS replaces the earlier Tag Switching technologies. The following table lists the older Tag Switching terms and the new MPLS terms found in this document.
Old Designation Tag Switching Tag (short for Tag Switching) Tag (item or packet) New Designation MPLS, Multiprotocol Label Switching MPLS Label
MPLS Virtual Private Networks 1
IP Virtual Private Networks
Old Designation TDP (Tag Distribution Protocol)
New Designation LDP (Label Distribution Protocol)

Note Cisco TDP and LDP (MPLS Label Distribution Protocol)) are nearly identical in function, but use incompatible message formats and some different procedures. Cisco will be changing from TDP to a fully compliant LDP.
Tag Switched TFIB (Tag Forwarding Information Base) TSR (Tag Switching Router) TSC (Tag Switch Controller) ATM-TSR
Label Switched LFIB (Label Forwarding Information Base) LSR (Label Switching Router) LSC (Label Switch Controller) ATM-LSR (ATM Label Switch Router, for example, BPX 8650.) LVC (Label VC, Label Virtual Circuit) LSP (Label Switch Path) XmplsATM (extended MPLS ATM port)
TVC (Tag VC, Tag Virtual Circuit) TSP (Tag Switch Path) XTagATM (extended Tag ATM port)
IP Virtual Private Networks

To effectively implement an IP VPN in your facility, ensure your IP VPN meets the following basic requirements: PrivacyAll IP VPNs offer privacy over a shared (public) network infrastructure. Most companies use an encrypted tunnel. This is only one of several ways to provide network and data privacy. ScalabilityFor proper service delivery, VPNs must scale to serve hundreds of thousands of sites and users. Besides being a managed service, VPNs are also a management tool for service providers to control access to services. One example is Closed User Groups for data and voice services. FlexibilityIP VPNs must handle the any-to-any trafc patterns characteristic of corporate intranets and extranets, in which data no longer ows to and from a central location. VPNs must also have the inherent exibility to add new sites quickly, connect users over different media, and meet the increasingly sophisticated transport and bandwidth requirements of new intranet applications. Predictable PerformancePerformance needs vary widely requiring different classes of service, but the common requirement is that the performance is predictable. Examples of the ranges of performance requirements include:
Remote access for mobile usersRequire widespread connectivity Branch ofcesRequire a sustained performance level because of the interactive nature of the intranet application in a branch ofce Video conferencingRequire specic performance characteristics

MPLS VPNs allow service providers to deploy scalable VPNs and build the foundation to deliver value-added services, including:
2 Cisco IOS Release 12.0(5)T
Connectionless ServiceA signicant technical advantage of MPLS VPNs is that they are connectionless. The Internet owes its success to its basic technology, TCP/IP. TCP/IP is built on packet-based, connectionless network paradigm. This means that no prior action is necessary to establish communication between hosts, making it easy for two parties to communicate. To establish privacy in a connectionless IP environment, current VPN solutions impose a connection-oriented, point-to-point overlay on the network. Even if it runs over a connectionless network, a VPN cannot take advantage of the ease of connectivity and multiple services available in connectionless networks. When you create a connectionless VPN, you do not need tunnels and encryption for network privacy, thus eliminating signicant complexity. Centralized ServiceBuilding VPNs in Layer 3 allows delivery of targeted services to a group of users represented by a VPN. A VPN must give service providers more than a mechanism for privately connecting users to intranet services. It must also provide a way to exibly deliver value-added services to targeted customers. Scalability is critical, because customers want to use services privately in their intranets and extranets. Because MPLS VPNs are seen as private intranets, you may use new IP services such as:
multicast quality of service (QoS) telephony support within a VPN centralized services including content and web hosting to a VPN
You can customize several combinations of specialized services for individual customers. For example, a service that combines IP multicast with a low-latency service class enables videoconferencing within an intranet. ScalabilityIf you create a VPN using connection-oriented, point-to-point overlays, Frame Relay, or ATM virtual connections (VCs), the VPNs key deciency is scalability. Specically, connection-oriented VPNs without fully meshed connections between customer sites, are not optimal. MPLS-based VPNs instead use the peer model and Layer 3 connectionless architecture to leverage a highly scalable VPN solution. The peer model requires a customer site to only a peer with one provider edge (PE) router as opposed to all other CPE or customer edge (CE) routers that are members of the VPN. The connectionless architecture allows the creation of VPNs in Layer 3, eliminating the need for tunnels or VCs. Other scalability issues of MPLS VPNs are due to the partitioning of VPN routes between PE routers and the further partitioning of VPN and IGP routes between PE routers and provider (P) routers in a core network.
PE routers must maintain VPN routes for those VPNs who are members. P routers do not maintain any VPN routes.
This increases the scalability of the providers core and ensures that no one device is a scalability bottleneck. SecurityMPLS VPNs offer the same level of security as connection-oriented VPNs. Packets from one VPN do not inadvertently go to another VPN. Security is provided
1 At the edge of a provider network, ensuring packets received from a customer are placed on the
correct VPN.
2 At the backbone, VPN trafc is kept separate. Malicious spoong (an attempt to gain access to a
PE router) is nearly impossible because the packets received from customers are IP packets. These IP packets must be received on a particular interface or subinterface to be uniquely identied with a VPN label.
Easy to CreateTo take full advantage of VPNs, it must be easy for customers to create new VPNs and user communities. Because MPLS VPNs are connectionless, no specic point-to-point connection maps or topologies are required. You can add sites to intranets and extranets and form closed user groups. When you manage VPNs in this manner, it enables membership of any given site in multiple VPNs, maximizing exibility in building intranets and extranets. Flexible AddressingTo make a VPN service more accessible, customers of a service provider can design their own addressing plan, independent of addressing plans for other service provider customers. Many customers use private address spaces, as dened in RFC 1918, and do not want to invest the time and expense of converting to public IP addresses to enable intranet connectivity. MPLS VPNs allow customers to continue to use their present address spaces without network address translation (NAT) by providing a public and private view of the address. A NAT is required only if two VPNs with overlapping address spaces want to communicate. This enables customers to use their own unregistered private addresses, and communicate freely across a public IP network. Integrated Class of Service (CoS) SupportCoS is an important requirement for many IP VPN customers. It provides the ability to address two fundamental VPN requirements:
1 Predictable performance and policy implementation 2 Support for multiple levels of service in a MPLS VPN
Network trafc is classied and labeled at the edge of the network before trafc is aggregated according to policies dened by subscribers and implemented by the provider and transported across the provider core. Trafc at the edge and core of the network can then be differentiated into different classes by drop probability or delay. Straightforward MigrationFor service providers to quickly deploy VPN services, use a straightforward migration path. MPLS VPNs are unique because you can be build them over multiple network architectures, including IP, ATM, Frame Relay, and hybrid networks. Migration for the end customer is simplied because there is no requirement to support MPLS on the customer edge (CE) router and no modications are required to a customers intranet. For a list of platforms supported by MPLS VPNs, refer to the section entitled Supported Platforms. Figure 1 shows an example of a VPN with a service provider (P) backbone network, service provider edge routers (PE), and customer edge routers (CE).
Cisco IOS Release 12.0(5)T
Figure 1
VPNs with a Service Provider Backbone
VPN 1 Site 1 PE Service provider backbone P CE P PE
VPN 2 Site 1
CE Site 2
PE CE
VPN 1 Site 2
CE
A VPN contains customer devices attached to the CE routers. These customer devices use VPNs to exchange information between devices. Only the PE routers are aware of the VPNs.
17265
VPN Operation
Figure 2 shows ve customer sites communicating within three VPNs. The VPNs can communicate with the following sites:
VPN1sites 2 and 4 VPN2sites 1, 3, and 4 VPN3sites 1,3, and 5

Customer Sites within VPNs VPN2 VPN1 Site 2 Site 4 Site 3 Site 5
17266
Figure 2
VPN3 Site 1
VPN Operation
Each VPN is associated with one or more VPN routing/forwarding instances (VRFs). A VRF denes the VPN membership of a customer site attached to a PE router. A VRF consists of an IP routing table, a derived Cisco Express Forwarding (CEF) table, a set of interfaces that use the forwarding table, and a set of rules and routing protocol parameters that control the information that is included into the routing table. A one-to-one relationship does not necessarily exist between customer sites and VPNs. A given site can be a member of multiple VPNs, as shown in Figure 2. However, a site can only associate with one (and only one) VRF. A customer sites VRF contains all the routes available to the site from the VPNs of which it is a member. Packet forwarding information is stored in the IP routing table and the CEF table for each VRF. A separate set of routing and CEF tables is maintained for each VRF. These tables prevent information from being forwarded outside a VPN, and also prevent packets that are outside a VPN from being forwarded to a router within the VPN.
VPN Route Target Communities

The distribution of VPN routing information is controlled through the use of VPN route target communities, implemented by border gateway protocol (BGP) extended communities. Distribution of VPN routing information works as follows:
When a VPN route learned from a CE router is injected into BGP, a list of VPN route target extended community attributes are associated with it. Typically the list of route target community values is set from an export list of route targets associated with the VRF from which the route was learned.
BGP Distribution of VPN Routing Information
An import list of route target extended communities is associated with each VRF. The import list denes route target extended community attributes a route must have for the route to be imported into the VRF. For example, if the import list for a particular VRF includes route target communities A, B, and C, then any VPN route that carries any of those route target extended communities A, B, or C is imported into the VRF.
BGP Distribution of VPN Routing Information

A service provider edge (PE) router can learn an IP prex from a customer edge (CE) router by static conguration, through a BGP session with the CE router, or through the routing information protocol (RIP) exchange with the CE router. The IP prex is a member of the IPv4 address family. After it learns the IP prex, the PE converts it into a VPN-IPv4 prex by combining it with an 8-byte route distinguisher (RD). The generated prex is a member of the VPN-IPv4 address family. It serves to uniquely identify the customer address, even if the customer site is using globally nonunique (unregistered private) IP addresses. The route distinguisher used to generate the VPN-IPv4 prex is specied by a conguration command associated with the VRF on the PE router. BGP distributes reachability information for VPN-IPv4 prexes for each VPN. BGP communication takes place at two levels: within IP domains, known as an autonomous systems (interior BGP or IBGP) and between autonomous systems (external BGP or EBGP). PE-PE or PE-RR (route reector) sessions are IBGP sessions, and PE-CE sessions are EBGP sessions. BGP propagates reachability information for VPN-IPv4 prexes among PE routers by means of the BGP multiprotocol extensions (see RFC 2283, Multiprotocol Extensions for BGP-4) which dene support for address families other than IPv4. It does this in a way that ensures the routes for a given VPN are learned only by other members of that VPN, enabling members of the VPN to communicate with each other.
MPLS Forwarding
Based on routing information stored in the VRF IP routing table and VRF CEF table, packets are forwarded to their destination using MPLS. A PE router binds a label to each customer prex learned from a CE router and includes the label in the network reachability information for the prex that it advertises to other PE routers. When a PE router forwards a packet received from a CE router across the provider network it labels the packet with the label learned from the destination PE router. When the destination PE router receives the labeled packet it pops the label and uses it to direct the packet to the correct CE router. Label forwarding across the provider backbone, is based on either dynamic label switching or trafc engineered paths. A customer data packet carries two levels of labels when traversing the backbone:
1 Top label directs the packet to the correct PE router 2 Second label indicates how that PE router should forward the packet to the CE router
Benefits
Benets
This section describes the benets of VPNs in general and MPLS VPNs in particular. IP VPNs are attractive because they:
1 Reduce the cost of connecting branch ofces, telecommuters, and mobile users to a corporate
intranet, which operate over the public infrastructure of the Internet

2 Are more cost-effective than private WANs constructed with leased lines
However, conventional VPNs do not scale well. They are based on creating and maintaining a full mesh of tunnels or permanent virtual circuits among all sites belonging to a particular VPN, using:
IPSec Layer 2 tunneling protocol (L2TP) Layer 2 forwarding (L2F) protocol generic routing encapsulation (GRE) Frame Relay ATM protocols
The overhead required to provision and manage these connection-based schemes cannot be supported in a provider network that must support hundreds or thousands of VPNs, each with tens or hundreds or thousands of sites and thousands or tens of thousands of routes. MPLS VPNs, which are created in Layer 3, are connectionless, and therefore substantially more scalable and easier to build and manage than conventional VPNs. In addition, you can add value-added services, such as application and data hosting, network commerce, and telephony services to a particular MPLS VPN because the service providers backbone recognizes each MPLS VPN as a separate, connectionless IP network. MPLS VPNs offer:
A platform for rapid deployment of additional value-added IP services, including intranets, extranets, voice, multimedia, and network commerce Privacy and security equal to that provided by Layer-2 VPNs by limiting the distribution of a VPNs routes to only those routers that are members of the VPN Seamless integration with customer intranets Increased scalability over current VPN implementations, with thousands of sites per VPN and hundreds of thousands of VPNs per service provider IP Class of Service (CoS), with support for multiple classes of service and priorities within VPNs, as well as between VPNs Management of VPN membership and provisioning of new VPNs for rapid deployment Scalable any-to-any connectivity for extended intranets and extranets that encompass multiple businesses
Related Features and Technologies
Related Features and Technologies

VPNs may be used with the Class of Service (CoS) feature for MPLS.
Related Documents

MPLS Class of Service Feature Guide Cisco IOS Release 12.0 Network Protocols Command Reference, Part I Internet draft draft-rosen-vpn-mpls-00.txt VPN architecture description RFC 1163, A Border Gateway Protocol RFC 1164, Application of the Border Gateway Protocol in the Internet RFC 2283, Multiprotocol Extensions for BGP-4 RFC 2547, BGP/MPLS VPNs Internet draft draft-rekhter-bgp-mpls-00.txt, Carrying Label information in BGP-4 Internet draft draft-ramachandra-bgp-ext-communities-01.txt extended community attributes
Supported Platforms
The following is a list of router platforms supported at the provider core.
Cisco 7200 series Cisco 7500 series Cisco 8540 series (MSR) Cisco 8650 series (BPX) Cisco 8800 series (MGX)
The following is a list of router platforms supported at the provider edge. Cisco 3640 series Cisco 7200 series Cisco 7500 series
Supported Standards, MIBs and RFCs

MIBs
No new or modied MIBs are supported by this feature.
RFCs
RFC 1163, A Border Gateway Protocol RFC 1164, Application of the Border Gateway Protocol in the Internet RFC 2283, Multiprotocol Extensions for BGP-4 RFC 2547, BGP/MPLS VPNs
Defining VPNs
Standards
No new or modied standards are supported by this feature.
Prerequisites
Your network must be running the following Cisco IOS services before you congure VPN operation:
MPLS in provider backbone routers, or GRE tunnel connectivity among all provider edge (PE) routers MPLS with VPN code in provider routers with VPN edge service (PE) routers BGP in all routers providing a VPN service CEF switching in every MPLS-enabled router CoS feature (optional)
Conguration Tasks
Perform the following tasks to congure and verify VPNs:
Dening VPNs Conguring BGP PE to PE Routing Sessions Conguring BGP PE to CE Routing Sessions Conguring RIP PE to CE Routing Sessions Conguring Static Route PE to CE Routing Sessions Verifying VPN Operation
Dening VPNs
To dene VPN routing instances, perform the following steps on the PE router:
Step
1 2 3 4 5
Command
Router(config)# ip vrf vrf-name
Purpose Enter VRF conguration mode and dene the VPN routing instance by assigning a VRF name. Create routing and forwarding tables. Create a list of import and/or export route target communities for the specied VRF. (Optional) Associate the specied route map with the VRF. Associate a VRF with an interface or subinterface.
Router(config-vrf)# rd route-distinguisher Router(config-vrf)# route-target {import | export | both} route-target-ext-community Router(config-vrf)# import map route-map
Router(config-if)# ip vrf forwarding vrf-name
10
Configuring BGP PE to PE Routing Sessions
Conguring BGP PE to PE Routing Sessions

To congure BGP PE to PE routing sessions in a provider network, perform the following steps on the PE routers:
Step
1
Command
Router(config)# router bgp autonomous-system
Purpose Congures the IBGP routing process with the autonomous system number passed along to other IBGP routers. Species a neighbors IP address or IBGP peer group identifying it to the local autonomous system. Activates the advertisement of the IPv4 address family.
2 3
Router(config-router)# neighbor {ip-address | peer-group-name} remote-as number Router(config-router)# neighbor ip-address activate
Conguring BGP PE to CE Routing Sessions

To congure BGP PE to CE routing sessions perform the following steps on the PE router:
Step
1 2 3
Command
Router(config)# router bgp autonomous-system
Purpose Congures a EBGP routing process with the autonomous system number passed along to other EBGP routers. Species a neighbors IP address or EBGP peer group identifying it to the local autonomous system. Activates the advertisement of the IPv4 address family.
Router(config-router)# neighbor {ip-address | peer-group-name} remote-as number Router(config-router)# neighbor ip-address activate
Conguring RIP PE to CE Routing Sessions

To congure RIP PE to CE routing sessions perform the following steps on the PE router:
Step
1 2
Command
Router(config)# router rip Router(config-router)# address-family ipv4 [unicast] vrf vrf-name
Purpose Enables RIP. Denes RIP parameters for PE to CE routing sessions.

Note The default is Off for auto-summary and synchronization in the VRF address-family submode.
Router(config-router-af)# network prefix
Enables RIP on the PE to CE link.
Conguring Static Route PE to CE Routing Sessions

To congure static route PE to CE routing sessions perform the following steps on the PE router:
Step
1 2
Command
Router(config)# ip route vrf vrf-name
Purpose Denes static route parameters for every PE to CE session. Denes static route parameters for every BGP PE to CE routing session.
Note The default is Off for auto-summary and synchronization in the VRF address-family submode.
Router(config-router)# address-family ipv4 [unicast] vrf vrf-name
3 4
Router(config-router-af)# redistribute static Router(config-router-af)# redistribute static connected
Redistributes VRF static routes into the VRF BGP table. Redistributes directly connected networks into the VRF BGP table. MPLS Virtual Private Networks 11
Verifying VPN Operation

To verify VPN operation, perform the following steps:
Step
1 2 3 4 5 6 7 8
Command
Router# show ip vrf Router# show ip vrf [{brief | detail | interfaces}] vrf-name Router# show ip route vrf vrf-name Router# show ip protocols vrf vrf-name Router# show ip cef vrf vrf-name Router# show ip interface interface-number Router# show ip bgp vpnv4 all [tags] Router# show tag-switching forwarding vrf vrf-name [prefix mask/length][detail]
Purpose Displays the set of dened VRFs and interfaces. Displays information about dened VRFs and associated interfaces. Displays the IP routing table for a VRF. Displays the routing protocol information for a VRF. Displays the CEF forwarding table associated with a VRF. Displays the VRF table associated with an interface. Displays information about all BGPs. Displays label forwarding entries that correspond to VRF routes advertised by this router.
12
Conguration Examples
This section provides a sample conguration le from a PE router.
ip cef distributed ! CEF switching is pre-requisite for label Switching frame-relay switching ! ip vrf vrf1 ! Define VPN Routing instance vrf1 rd 100:1 route-target both 100:1 ! Configure import and export route-targets for vrf1 ! ip vrf vrf2 ! Define VPN Routing instance vrf2 rd 100:2 route-target both 100:2 ! Configure import and export route-targets for vrf2 route-target import 100:1 ! Configure an additional import route-target for vrf2 import map vrf2_import ! Configure import route-map for vrf2 ! interface lo0 ip address 10.13.0.13 255.255.255.255 ! interface atm9/0/0 ! Backbone link to another Provider router ! interface atm9/0/0.1 tag-switching ip unnumbered loopback0 no ip directed-broadcast tag-switching atm vpi 2-5 tag-switching ip interface atm5/0 no ip address no ip directed-broadcast atm clock INTERNAL no atm ilmi-keepalive interface Ethernet1/0 ip address 3.3.3.5 255.255.0.0 no ip directed-broadcast no ip mroute-cache no keepalive interface Ethernet5/0/1 ! Set up Ethernet interface as VRF link to a CE router ip vrf forwarding vrf1 ip address 10.20.0.13 255.255.255.0 ! interface hssi 10/1/0 hssi internal-clock encaps fr frame-relay intf-type dce frame-relay lmi-type ansi ! interface hssi 10/1/0.16 point-to-point ip vrf forwarding vrf2 ip address 10.20.1.13 255.255.255.0 frame-relay interface-dlci 16 ! Set up Frame Relay PVC subinterface as link to another ! ! CE router router bgp 1 ! Configure BGP sessions no synchronization no bgp default ipv4-activate ! Deactivate default IPv4 advertisements neighbor 10.15.0.15 remote-as 1 ! Define IBGP session with another PE neighbor 10.15.0.15 update-source lo0 ! address-family vpnv4 unicast ! Activate PE exchange of VPNv4 NLRI
neighbor 10.15.0.15 activate exit-address-family ! address-family ipv4 unicast vrf vrf1 redistribute static redistribute connected neighbor 10.20.0.60 remote-as 65535 neighbor 10.20.0.60 activate no auto-summary exit-address-family ! address-family ipv4 unicast vrf vrf2 ! Define BGP PE-CE session for vrf2 redistribute static redistribute connected neighbor 10.20.1.11 remote-as 65535 neighbor 10.20.1.11 update-source h10/1/0.16 neighbor 10.20.1.11 activate no auto-summary exit-address-family ! ! Define a VRF static route ip route vrf vrf1 12.0.0.0 255.0.0.0 e5/0/1 10.20.0.60 ! route-map vrf2_import permit 10 ! Define import route-map for vrf2. ... ! Define BGP PE-CE session for vrf1
14
Command Reference
This section documents new or modied commands. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command references.
address-family clear ip route vrf exit-address-family import map ip route vrf ip vrf forwarding ip vrf neighbor activate rd route-target show ip bgp vpnv4 show ip cef vrf show ip protocols vrf show ip route vrf show ip vrf show tag-switching forwarding vrf
In Cisco IOS Release 12.0(1)T or later, you can search and lter the output for show and more commands. This functionality is useful when you need to sort through large amounts of output, or if you want to exclude output that you do not need to see. To use this functionality, enter a show or more command followed by the pipe character (|), one of the keywords begin, include, or exclude, and an expression that you want to search or lter on: command | {begin | include | exclude} regular-expression Following is an example of the show atm vc command in which you want the command output to begin with the rst line where the expression PeakRate appears: show atm vc | begin PeakRate For more information on the search and lter functionality, refer to the Cisco IOS Release 12.0(1)T feature module titled CLI String Search.
address-family
address-family
To enter the address family submode for conguring routing protocols, such as BGP, RIP and static routing, use the address-family global conguration command. To disable the address family submode for conguring routing protocols, use the no form of this command.
VPN-IPv4 unicast
address-family vpnv4 [unicast] no address-family vpnv4 [unicast]
IPv4 unicast
address-family ipv4 [unicast] no address-family ipv4 [unicast]
IPv4 unicast with CE router

address-family ipv4 [unicast] vrf vrf-name no address-family ipv4 [unicast] vrf vrf-name
Syntax Description
ipv4 vpnv4 Congures sessions that carry standard IPv4 address prexes. Congures sessions that carry customer VPN-IPv4 prexes, each of which has been made globally unique by adding an 8-byte route distinguisher. (Optional) Species unicast prexes. Species the name of a VPN routing/forwarding instance (VRF) to associate with submode commands.
unicast vrf vrf-name
Default
Routing information for address family IPv4 is advertised by default when you congure a BGP session using the neighbor...remote-as command unless you execute the no bgp default ipv4-activate command.
Command Mode
Router conguration
16
address-family
Command History
Release 12.0(5)T Modication This command was introduced.
Usage Guidelines
Using the address-family command puts you in address family conguration submode (prompt: (config-router-af)# ). Within this submode, you can congure address-family specic parameters for routing protocols, such as BGP, that can accommodate multiple Layer 3 address families. To leave address family conguration submode and return to router conguration mode, type exit-address-family, or simply exit.
Examples
The address-family command in the following example puts the router into address family conguration submode for the VPNv4 address family. Within the submode, you can congure advertisement of NLRI for the VPNv4 address family using neighbor activate and other related commands:
(config)# router bgp 100 (config-router)# address-family vpnv4 (config-router-af)#
The command in the following example puts the router into address family conguration submode for the IPv4 address family. Use this form of the command, which species a VRF, only to congure routing exchanges between PE and CE devices. This address-family command causes subsequent commands entered in the submode to be executed in the context of VRF vrf2. Within the submode, you can use neighbor activate and other related commands to accomplish the following:
Congure advertisement of IPv4 NLRI between the PE and CE routers. Congure translation of the IPv4 NLRI (that is, translate IPv4 into VPNv4 for NLRI received from the CE, and translate VPNv4 into IPv4 for NLRI to be sent from the PE to the CE). Enter the routing parameters that apply to this VRF.
Entered the address family submode as follows:

(config)# router bgp 100 (config-router)# address-family ipv4 unicast vrf vrf2 (config-router-af)#
Related Commands
Command exit-address-family neighbor activate Description Exits address family submode. Exchanges an address with a neighboring router.
clear ip route vrf
clear ip route vrf

To remove routes from the VRF routing table, use the clear ip route vrf EXEC command. clear ip route vrf vrf-name {* | network [mask]}
Syntax Description
vrf-name * network mask Name of the VPN routing/forwarding instance (VRF) for the static route. Deletes all routes for a given VRF. Destination to be removed, in dotted-decimal format. (Optional) Mask for the specied network destination, in dotted-decimal format.
Default
No default behavior or values.
Command Mode
EXEC
Command History
Release 12.0(5)T Modication This command was introduced
Usage Guidelines
Use this command to clear routes from the routing table. Use the asterisk (*) to delete all routes from the forwarding table for a specied VRF, or enter the address and mask of a particular network to delete the route to that network.
Example
The following command removes the route to the network 10.13.0.0 in the vpn1 routing table:
Router# clear ip route vrf vpn1 10.13.0.0
Related Command
Command show ip route vrf Description Displays the IP routing table associated with a VRF.
18
exit-address-family
exit-address-family
To exit from the address family submode, use the exit-address-family address family submode command. exit-address-family
Syntax Description
This command has no arguments or keywords.
Default
Command Mode
Address family submode
Command History
Usage Guidelines
This command can be abbreviated to exit.
Example
The following example shows how to exit the address-family command mode:
(config-router-af)# exit-address-family
Related Commands
Command address-family Description Enters the address family submode used to congure routing protocols.
import map
import map
To congure an import route map for a VRF, use the import VRF submode command. import map route-map
Syntax Description
route-map Species the route map to be used as an import route map for the VRF.
Default
There is no default. A VRF has no import route map unless one is congured using the import map command.
Command Mode
VRF submode
Command History
Usage Guidelines
Use an import route map when an application requires ner control over the routes imported into a VRF than provided by the import and export extended communities congured for the importing and exporting VRF. The import-map command associates a route map with the specied VRF. You can lter routes that are eligible for import into a VRF, based on the route target extended community attributes of the route, through the use of a route map. The route map might deny access to selected routes from a community that is on the import list.
Example
The following example shows how to congure an import route map for a VRF:
(config)# ip vrf vrf_blue (config-vrf)# import map blue_import_map
Related Commands
Command ip vrf route-target Description Enters VRF conguration mode. Congures import and export extended community attributes for the VRF.
20
import map
show ip vrf
Displays information about a VRF or all VRFs.
ip route vrf
ip route vrf
To establish static routes for a VRF, use the ip route vrf global conguration command. To disable static routes, use the no form of this command. ip route vrf vrf-name prex mask [next-hop-address] [interface {interface-number}] [global] [distance] [permanent] [tag tag] no ip route vrf vrf-name prex mask [next-hop-address] [interface {interface-number}] [global] [distance] [permanent] [tag tag]
Syntax Description
vrf-name prex mask next-hop-address interface interface-number global distance permanent tag tag Name of the VPN routing/forwarding instance (VRF) for the static route. IP route prex for the destination, in dotted-decimal format. Prex mask for the destination, in dotted-decimal format. (Optional) IP address of the next hop (the forwarding router that can be used to reach that network). (Optional) Type of network interface to use: ATM, Ethernet, loopback, POS (packet over SONET), or null. Number identifying the network interface to use. Species that the given next hop address is in the non-VRF routing table. (Optional) An administrative distance for this route. (Optional) Species that this route will not be removed, even if the interface shuts down. (Optional) Label value that can be used for controlling redistribution of routes through route maps.
Default
Command Mode
Global conguration
Command History
22
ip route vrf
Usage Guidelines
Use a static route when the Cisco IOS software cannot dynamically build a route to the destination. If you specify an administrative distance when you set up a route, you are agging a static route that can be overridden by dynamic information. For example, IGRP-derived routes have a default administrative distance of 100. To set a static route to be overridden by an IGRP dynamic route, specify an administrative distance greater than 100. Static routes each have a default administrative distance of 1. Static routes that point to an interface are advertised through RIP, IGRP, and other dynamic routing protocols, regardless of whether the routes are redistributed into those routing protocols. That is, static routes congured by specifying an interface lose their static nature when installed into the routing table. However, if you dene a static route to an interface not dened in a network command, no dynamic routing protocols advertise the route unless a redistribute static command is specied for these protocols.
Example
The following command reroutes packets addressed to network 137.23.0.0 in VRF vpn3 to router 131.108.6.6:
(config)# ip route vrf vpn3 137.23.0.0 255.255.0.0 131.108.6.6
Related Command
Command show ip route vrf Description Displays the IP routing table associated with a VRF.
ip vrf forwarding
ip vrf forwarding
To associate a VRF with an interface or subinterface, use the ip vrf forwarding interface conguration command. To disassociate a VRF, use the no form of this command. ip vrf forwarding vrf-name no ip vrf forwarding vrf-name
Syntax Description
vrf-name Name assigned to a VRF.
Default
The default for an interface is the global routing table.
Command Modes
Global conguration Interface conguration
Command History
Usage Guidelines
Use this command to associate an interface with a VRF. Executing this command on an interface removes the IP address. The IP address should be recongured.
Example
The following example shows how to link a VRF to ATM interface 0/0:
(config)# interface atm0/0 (config-if)# ip vrf forwarding vpn1
Related Commands
Command ip vrf ip route vrf Description Denes a VRF. Establishes static routes for a VRF.
24
ip vrf
ip vrf
To congure a VRF routing table, use the ip vrf global conguration command. To remove a VRF routing table, use the no form of this command. ip vrf vrf-name no ip vrf vrf-name
Syntax Description
Defaults
No VRFs are dened. No import or export lists are associated with a VRF. No route maps are associated with a VRF.
Command Modes
Router conguration Global conguration
Command History
Usage Guidelines
The ip vrf vrf-name command creates a VRF routing table and a CEF (forwarding) table, both named vrf-name. Associated with these tables is the default route distinguisher value route-distinguisher.
Example
The following example imports a route map to a VRF:
(Router-config)# ip vrf vpn1 (config-vrf)# rd 100:2 route-target both 100:2 route-target import 100:1
Related Command
Command ip vrf forwarding Description Associates a VRF with an interface or subinterface.
neighbor activate
neighbor activate
To enable the exchange of information with a BGP neighboring router, use the neighbor activate router conguration command. To disable the exchange of an address with a neighboring router, use the no form of this command. neighbor {ip-address | peer-group-name} activate no neighbor {ip-address | peer-group-name} activate
Syntax Description
ip-address peer-group-name IP address of the neighboring router. Name of BGP peer group.
Defaults
The exchange of addresses with neighbors is enabled by default for theVPN IPv4 address family. You can disable IPv4 address exchange using the general command no default bgp ipv4 activate, or you can disable it for a particular neighbor using the no form of this command. For all other address families, address exchange is disabled by default. You can explicitly activate the default command using the appropriate address family submode.
Command Modes
Router conguration
Command History
Usage Guidelines
Use this command to enable or disable the exchange of addresses with a neighboring router.
Example
In the following example, a BGP router activates the exchange of a customers IP address 10.15.0.15 to a neighboring router.
router bgp 100 neighbor 10.15.0.15 remote-as 100 neighbor 10.15.0.15 update-source loopback0 address-family vpnv4 unicast neighbor 10.15.0.15 activate exit-address-family
26
neighbor activate
Related Commands
Command address-family exit-address-family Description Enters the address family submode. Exits the address family submode.
rd
rd
To create routing and forwarding tables for a VRF, use the rd VRF submode command. rd route-distinguisher
Syntax Description
route-distinguisher Adds an 8-byte value to an IPv4 prex to create a VPN IPv4 prex.
Default
There is no default. An RD must be congured for a VRF to be functional.
Command Mode
VRF submode
Command History
Usage Guidelines
A route distinguisher (RD) creates routing and forwarding tables and species the default route-distinguisher for a VPN. The RD is added to the beginning of the customers IPv4 prexes to change them into globally unique VPN-IPv4 prexes. An RD is either ASN-relative, in which case it is composed of an autonomous system number and an arbitrary number, or it is IP-address-relative, in which case it is composed of an IP address and an arbitrary number. You can enter an RD in either of these formats: 16-bit AS number: your 32-bit number For example, 101:3 32-bit IP address: your 16-bit number For example, 192.168.122.15:1
Example
The following example congures a default RD for two VRFs. It illustrates the use of both AS-relative and IP address-relative RDs:
(config)# ip vrf (config-vrf)# rd (config-vrf)# ip (config-vrf)# rd vrf_blue 100:3 vrf vrf_red 173.13.0.12:200
28
rd
Related Commands
Command ip vrf show ip vrf Description Enters VRF conguration mode. Displays information about a VRF.
route-target
route-target
To create a route-target extended community for a VRF, use the route-target VRF submode command. To disable the conguration of a route-target community option, use the no form of this command. route-target {import | export | both} route-target-ext-community no route-target {import | export | both} route-target-ext-community
Syntax Description
import Imports routing information from the target VPN extended community. Exports routing information to the target VPN extended community. Imports both import and export routing information to the target VPN extended community. Adds the route-target extended community attributes to the VRFs list of import, export, or both (import and export) route-target extended communities.
export
both route-target-ext-community
Default
There are not defaults. A VRF has no route-target extended community attributes associated with it until specied by the route-target command.
Command Mode
VRF submode
Command History
Usage Guidelines
The route-target command creates lists of import and export route target extended communities for the specied VRF. Execute the command one time for each target community. Learned routes that carry a specic route target extended community are imported into all VRFs congured with that extended community as an import route target. Routes learned from a VRF site (for example, by BGP, RIP, or static route conguration) contain export route targets for extended communities congured for the VRF added as route attributes to control the VRFs into which the route is imported. The route-target species a target VPN extended community. Like a route-distinguisher, an extended community is composed of either an autonomous system number and an arbitrary number, or an IP address and an arbitrary number. You can enter the numbers in either of these formats:
30
route-target
16-bit AS number: your 32-bit number For example, 101:3 32-bit IP address: your 16-bit number For example, 192.168.122.15:1
Example
The following example shows how to congure route-target extended community attributes for a VRF. The result of the command sequence is that VRF vrf_blue has two export extended communities (1000:1 and 1000:2) and two import extended communities (1000:1 and 173.27.0.130:200).
(config)# ip vrf vrf_blue (config-vrf)# route-target both 1000:1 (config-vrf)# route-target export 1000:2 (config-vrf)# route-target import 173.27.0.130:200
Related Commands
Command ip vrf import Description Enters VRF conguration mode. Congures an import route map for the VRF.
show ip bgp vpnv4
show ip bgp vpnv4

To display VPN address information from the BGP table, use the show ip bgp vpnv4 EXEC command. show ip bgp vpnv4 {all | rd route-distinguisher | vrf vrf-name} [ip-prex/length [longer-prexes] [output-modiers]] [network-address [mask] [longer-prexes] [output-modiers]] [cidr-only] [community] [community-list] [dampened-paths] [lter-list] [ap-statistics] [inconsistent-as] [neighbors] [paths [line]] [peer-group] [quote-regexp] [regexp] [summary] [tags]
Syntax Description
all rd route-distinguisher vrf vrf-name ip-prex/length longer-prexes Displays the complete VPNv4 database. Displays NLRIs that have a matching route distinguisher. Displays NLRIs associated with the named VRF. (Optional) IP prex address (in dotted decimal format) and length of mask (0 to 32). (Optional) Displays the entry, if any, that exactly matches the specied prex parameter, as well as all entries that match the prex in a longest-match sense. That is, prexes for which the specied prex is an initial sub-string. (Optional) For a list of associated keywords and arguments, use context-sensitive help. (Optional) IP address of a network in the BGP routing table. (Optional) Mask of the network address, in dotted decimal format. (Optional) Displays only routes that have nonnatural net masks. (Optional) Displays routes matching this community. (Optional) Displays routes matching this community list. (Optional) Displays paths suppressed due to dampening (BGP route from peer is up and down). (Optional) Displays routes conforming to the lter list. (Optional) Displays ap statistics of routes. (Optional) Displays only routes that have inconsistent autonomous systems of origin. (Optional) Displays details about TCP and BGP neighbor connections. (Optional) Displays path information. (Optional) A regular expression to match the BGP AS paths. (Optional) Displays information about peer groups. (Optional) Displays routes matching the AS path regular expression.
output-modiers network-address mask cidr-only community community-list dampened-paths lter-list ap-statistics inconsistent-as neighbors paths line peer-group quote-regexp
32
show ip bgp vpnv4
regexp summary tags
(Optional) Displays routes matching the AS path regular expression. (Optional) Displays BGP neighbor status. (Optional) Displays incoming and outgoing BGP labels for each NLRI.
Default
Command Mode
EXEC
Command History
Usage Guidelines
Use this command to display VPNv4 information from the BGP database. The command show ip bgp vpnv4 all displays all available VPNv4 information. The command show ip bgp vpnv4 summary displays BGP neighbor status.
Examples
The following example shows output for all available VPNv4 information in a BGP routing table:
Router# show ip bgp vpnv4 all BGP table version is 18, local router ID is 14.14.14.14 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Route Distinguisher: 100:1 (vrf1) *> 11.0.0.0 50.0.0.1 0 *>i12.0.0.0 13.13.13.13 0 100 *> 50.0.0.0 50.0.0.1 0 *>i51.0.0.0 13.13.13.13 0 100 Weight 0 0 0 0 Path 101 102 101 102 i i i i
show ip bgp vpnv4
Table 1 describes the elds shown in this example.
Table 1 Field
Show IP BGP VPNv4 Field Descriptions Description
Network Next Hop Metric LocPrf Weight Path
Displays the network address from the BGP table. Displays the address of the BGP next hop. Displays the BGP metric. Displays the local preference. Displays the BGP weight. Displays the BGP path per route.
The following example shows how to display a table of labels for NLRIs that have a route-distinguisher value of 100:1.
Router# show ip bgp vpnv4 rd 100:1 tags Network Next Hop In tag/Out tag Route Distinguisher: 100:1 (vrf1) 2.0.0.0 10.20.0.60 34/notag 10.0.0.0 10.20.0.60 35/notag 12.0.0.0 10.20.0.60 26/notag 10.20.0.60 26/notag 13.0.0.0 10.15.0.15 notag/26
Table 2 Field
Show IP BGP VPNv4 rd Tags Field Descriptions Description
Network Next Hop In Tag Out Tag
Displays the network address from the BGP table. Species the BGP next hop address. Displays the label (if any) assigned by this router. Displays the label assigned by the BGP next hop router.
The following example shows VPNv4 routing entries for the VRF called vrf1.
Router# show ip bgp vpnv4 vrf vrf1 BGP table version is 18, local router ID is 14.14.14.14 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Route Distinguisher: 100:1 (vrf1) *> 11.0.0.0 50.0.0.1 0 *>i12.0.0.0 13.13.13.13 0 100 *> 50.0.0.0 50.0.0.1 0 *>i51.0.0.0 13.13.13.13 0 100 Weight 0 0 0 0 Path 101 102 101 102 i i i i
34
show ip bgp vpnv4
Table 3 Field
Show IP BGP VPNv4 Field Descriptions Description
Network Next Hop Metric LocPrf Weight Path
Displays network address from the BGP table. Displays address of the BGP next hop. Displays the BGP metric. Displays the local preference. Displays the BGP weight. Displays the BGP path per route.
Related Command
Command show ip vrf Description Displays VRFs and associated interfaces.
show ip cef vrf
show ip cef vrf

To display the CEF forwarding table associated with a VRF, use the show ip cef vrf EXEC command. show ip cef vrf vrf-name [ip-prex [mask [longer-prexes]] [detail] [output-modiers]] [interface interface-number] [adjacency [interface interface-number] [detail] [discard] [drop] [glean] [null] [punt] [output-modiers]] [detail [output-modiers]] [non-recursive [detail] [output-modiers]] [summary [output-modiers]] [trafc [prex-length] [output-modiers]] [unresolved [detail] [output-modiers]]
Syntax Description
vrf-name ip-prex mask longer-prexes detail output-modiers
interface interface-number
Name assigned to the VRF.

(Optional) IP prex of entries to show, in dotted decimal format
(A.B.C.D).
(Optional) Mask of the IP prex, in dotted decimal format. (Optional) Displays table entries for all of the more specic
routes.
(Optional) Displays detailed information for each CEF table
entry.
(Optional) For a list of associated keywords and arguments, use context-sensitive help. (Optional) Type of network interface to use: ATM, Ethernet, Loopback, POS (packet over SONET) or Null. Number identifying the network interface to use. (Optional) Displays all prexes resolving through adjacency.
adjacency discard drop glean null punt non-recursive summary trafc prex-length unresolved
Discards adjacency. Drops adjacency. Gleans adjacency. Null adjacency. Punts adjacency.
(Optional) Displays only nonrecursive routes. (Optional) Displays a CEF table summary. (Optional) Displays trafc statistics. (Optional) Displays trafc statistics by prex size. (Optional) Displays only unresolved routes.
Default
Command Mode
EXEC
36 Cisco IOS Release 12.0(5)T
show ip cef vrf
Command History
Usage Guidelines
Used with only the vrf-name argument, the show ip cef vrf command shows a shortened display of the CEF table. Used with the detail argument, the show ip cef vrf command shows detailed information for all CEF table entries.
Example
This example shows the forwarding table associated with the VRF called vrf1.
Router# show ip cef Prefix 0.0.0.0/32 11.0.0.0/8 12.0.0.0/8 50.0.0.0/8 50.0.0.0/32 50.0.0.1/32 50.0.0.2/32 50.255.255.255/32 51.0.0.0/8 224.0.0.0/24 255.255.255.255/32 vrf vrf1 Next Hop receive 50.0.0.1 52.0.0.2 attached receive 50.0.0.1 receive receive 52.0.0.2 receive receive Interface Ethernet1/3 POS6/0 Ethernet1/3 Ethernet1/3
POS6/0
Table 4 Field
Show IP CEF vrf Field Descriptions Description
Prex Next Hop Interface
Species the network prex. Species the BGP next hop address. Species the VRF interface.
Related Commands
Command show ip route vrf show ip vrf Description Displays the IP routing table associated with a VRF. Displays VRF interfaces.
show ip protocols vrf

To display the routing protocol information associated with a VRF, use the show ip protocols vrf EXEC command. show ip protocols vrf vrf-name
Syntax Description
Default
Command Mode
EXEC
Command History
Usage Guidelines
Use this command to display routing information associated with a VRF.
Example
The following example shows information about a VRF called vpn1:
Router# show ip protocols vrf vpn2 Routing Protocol is "bgp 100" Sending updates every 60 seconds, next due in 0 sec Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is IGP synchronization is disabled Automatic route summarization is disabled Redistributing:connected, static Routing for Networks: Routing Information Sources: Gateway Distance Last Update 13.13.13.13 200 02:20:54 18.18.18.18 200 03:26:15 Distance:external 20 internal 200 local 200
38
Table 5 Field
Show IP Protocols vrf Field Descriptions Description
Gateway Distance Last update
Displays the IP address of the router identier for all routers in the network. Displays the metric used to access the destination route. Displays the last time the routing table was updated from the source.
Related Command
Command show ip vrf Description Displays VRF interfaces.
show ip route vrf
show ip route vrf

To display the IP routing table associated with a VRF (VPN routing/forwarding instance), use the show ip route vrf EXEC command. show ip route vrf vrf-name [connected] [protocol [as-number] [tag] [output-modiers]] [list number [output-modiers]] [prole] [static [output-modiers]] [summary [output-modiers]] [supernets-only [output-modiers]] [trafc-engineering [output-modiers]]
Syntax Description
vrf-name connected protocol as-number tag output-modiers list number prole static summary supernets-only trafc-engineering Name assigned to the VRF. Displays all connected routes in a VRF. To specify a routing protocol, use one of the following keywords: bgp, egp, eigrp, hello, igrp, isis, ospf, or rip. Autonomous system number. IOS routing area label. (Optional) For a list of associated keywords and arguments, use context-sensitive help. Species the IP access list to display. Displays the IP routing table prole. Displays static routes. Displays a summary of routes. Displays supernet entries only. Displays only trafc-engineered routes.
Default
Command Mode
EXEC
Command History
Usage Guidelines
This command displays specied information from the IP routing table of a VRF.
40
show ip route vrf
Examples
This example shows the IP routing table associated with the VRF called vrf1:
Router# show ip route vrf vrf1 Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR T - traffic engineered route Gateway of last resort is not set B C B B 51.0.0.0/8 50.0.0.0/8 11.0.0.0/8 12.0.0.0/8 [200/0] via 13.13.13.13, 00:24:19 is directly connected, Ethernet1/3 [20/0] via 50.0.0.1, 02:10:22 [200/0] via 13.13.13.13, 00:24:20
This example shows BGP entries in the IP routing table associated with the VRF called vrf1:
Router# show ip route vrf vrf1 bgp B 51.0.0.0/8 [200/0] via 13.13.13.13, 03:44:14 B 11.0.0.0/8 [20/0] via 51.0.0.1, 03:44:12 B 12.0.0.0/8 [200/0] via 13.13.13.13, 03:43:14
Related Commands
Command show ip cef vrf show ip vrf Description Displays the CEF forwarding table associated with a VRF. Displays VRFs and associated interfaces.
show ip vrf
show ip vrf
To display the set of dened VRFs (VPN routing/forwarding instances) and associated interfaces, use the show ip vrf EXEC command. show ip vrf [{brief | detail | interfaces}] [vrf-name] [output-modiers]
Syntax Description
brief detail interfaces vrf-name output-modiers (Optional) Displays concise information on the VRF(s) and associated interfaces. (Optional) Displays detailed information on the VRF(s) and associated interfaces. (Optional) Displays detailed information about all interfaces bound to a particular VRF, or any VRF. Name assigned to a VRF. (Optional) For a list of associated keywords and arguments, use context-sensitive help.
Default
When no optional parameters are specied the command shows concise information about all congured VRFs.
Command Mode
EXEC
Command History
Usage Guidelines
Use this command to display information about VRFs. Two levels of detail are available: use the brief keyword or no keyword to display concise information, or use the detail keyword to display all information. To display information about all interfaces bound to a particular VRF, or to any VRF, use the interfaces keyword.
Examples
This example shows brief information for the VRFs currently congured:
Router# show ip vrf Name vrf1 vrf2 Default RD 100:1 100:2 Interfaces Ethernet1/3 Ethernet0/3
42
show ip vrf
Table 6 Field
Show vrf Field Descriptions Description
Name Default RD Interfaces
Species the VRF name. Species the default route distinguisher. Species the network interfaces.
This example shows detailed information for the VRF called vrf1:
Router# show ip vrf detail vrf1 VRF vrf1; default RD 100:1 Interfaces: Ethernet1/3 Connected addresses are in global routing table Export VPN route-target communities RT:100:1 Import VPN route-target communities RT:100:1 No import route-map
Table 7 Field
Show IP vrf Detail Field Descriptions Description
Interfaces Export Import
Species the network interfaces. Species VPN route-target export communities. Species VPN route-target import communities.
This example shows the interfaces bound to a particular VRF:

router# show ip vrf interfaces Interface IP-Address Ethernet2 130.22.0.33 Ethernet4 130.77.0.33 router# VRF blue_vrf hub Protocol up up
show ip vrf
Table 8 Field
Show IP vrf Interfaces Field Descriptions Description
Interface IP-Address VRF Protocol
Species the network interfaces for a VRF. Species the IP address of a VRF interface. Species the VRF name. Displays the state of the protocol (up/down) for each VRF interface.
Related Commands
Command ip vrf rd route-target Description Enters VRF conguration mode. Congures a default route distinguisher (RD) for a VRF. Congures import and export extended community attributes for the VRF. Congures an import route map for a VRF. Associates a VRF with an interface or subinterface.
import ip vrf forwarding
44
show tag-switching forwarding vrf

To display label forwarding information for advertised VRF routes, use the show tag-switching forwarding vrf EXEC command. To disable the display of label forwarding information, use the no form of this command. show tag-switching forwarding vrf vrf-name [ip-prex/length [mask]] [detail] [output-modiers] no show tag-switching forwarding vrf vrf-name [ip-prex/length [mask]] [detail] [output-modiers]
Syntax Description
vrf-name ip-prex/length mask detail output-modiers Displays NLRIs associated with the named VRF. (Optional) IP prex address (in dotted decimal format) and length of mask (0 to 32). (Optional) Destination network mask, in dotted decimal format. (Optional) Displays detailed information on the VRF routes. (Optional) For a list of associated keywords and arguments, use context-sensitive help.
Default
Command Mode
EXEC
Command History
Usage Guidelines
Use this command to display label forwarding entries associated with a particular VRF or IP prex.
Example
The following example shows label forwarding entries that correspond to the VRF called vpn1:
Router# show tag-switching forwarding vrf vrf1 detail
Related Commands
Command show tag-switching forwarding show ip cef vrf Description Displays label forwarding information. Displays VRFs and associated interfaces.
46
debug ip bgp
Debug Commands
This section documents new debug commands. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command references.
debug ip bgp
debug ip bgp
To display information related to processing BGPs, use the debug ip bgp EXEC command. To disable the display of BGP information, use the no form of this command. debug ip bgp [A.B.C.D. | dampening | events | in | keepalives | out | updates | vpnv4] no debug ip bgp [A.B.C.D. | dampening | events | in | keepalives | out | updates | vpnv4]
Syntax Description
A.B.C.D. dampening events in keepalives out updates vpnv4 (Optional) Displays the BGP neighbor IP address. (Optional) Displays BGP dampening. (Optional) Displays BGP events. (Optional) BGP inbound information. (Optional) Displays BGP keepalives. (Optional) Displays BGP outbound information. (Optional) Displays BGP updates. (Optional) Displays VPNv4 NLRI information.
Default
Command Mode
EXEC
Command History
debug ip bgp
Example
The following example displays the output from this command:
Router# debug ip bgp vpnv4 03:47:14:vpn:bgp_vpnv4_bnetinit:100:2:58.0.0.0/8 03:47:14:vpn:bnettable add:100:2:58.0.0.0 / 8 03:47:14:vpn:bestpath_hook route_tag_change for vpn2:58.0.0.0/255.0.0.0(ok) 03:47:14:vpn:bgp_vpnv4_bnetinit:100:2:57.0.0.0/8 03:47:14:vpn:bnettable add:100:2:57.0.0.0 / 8 03:47:14:vpn:bestpath_hook route_tag_change for vpn2:57.0.0.0/255.0.0.0(ok) 03:47:14:vpn:bgp_vpnv4_bnetinit:100:2:14.0.0.0/8 03:47:14:vpn:bnettable add:100:2:14.0.0.0 / 8 03:47:14:vpn:bestpath_hook route_tag_chacle ip bgp *nge for vpn2:14.0.0.0/255.0.0.0(ok)
48
debug ip bgp
Glossary
ATM-LSRA label switch router with a number of LSC-ATM interfaces. The router forwards the cells among these interfaces using labels carried in the VPI/VCI eld. ATM edge LSRA router that is connected to the ATM-LSR cloud through LSC-ATM interfaces. The ATM edge LSR adds labels to unlabeled packets and strips labels from labeled packets. BGPBorder Gateway Protocol. Interdomain routing protocol that exchanges reachability information with other BGP systems. It is dened in RFC 1163. CEFCisco Express Forwarding. An advanced Layer 3 IP switching technology. CEF optimizes network performance and scalability for networks with large and dynamic trafc patterns. CE routerCustomer edge router. A router that is part of a customer network and that interfaces to a provider edge (PE) router. CE routers are not aware of associated VPNs. CoSClass of Service. A feature that provides scalable, differentiated types of service across an MPLS network. GREGeneric routing encapsulation. A tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork. By connecting multiprotocol subnetworks in a single-protocol backbone environment, IP tunneling that uses GRE allows network expansion across a single-protocol backbone environment. IGPInterior Gateway Protocol. An Internet protocol used to exchange routing information within an autonomous system. Examples of common IBGPs include IGRP, OSPF, and RIP. IS-ISIntermediate system-to-intermediate system. OSI link-state hierarchical routing protocol in which ISs (routers) exchange routing information based on a single metric to determine network topology. Label-switched path (LSP)A sequence of hops (R0...Rn) in which a packet travels from R0 to Rn through label switching mechanisms. A label-switched path can be established dynamically, based on normal routing mechanisms, or through conguration. Label-switched path (LSP) tunnelA congured connection between two routers, in which MPLS is used to carry the packet. LSALink-state advertisement. A broadcast packet used by link-state protocols. The LSA contains information about neighbors and path costs and is used by the receiving router to maintain a routing table. MPLSMultiprotocol Label Switching. An emerging industry standard. NLRINetwork layer reachability information. BGP sends routing update messages containing NLRI to describe a route and how to get there. In this context, an NLRI is a prex. A BGP update message carries one or more NLRI prexes and the attributes of a route for the NLRI prexes; the route attributes include a BGP next hop gateway address, community values, and other information. PE routerProvider edge router. A router that is part of a service providers network connected to a customer edge (CE) router. All VPN processing occurs in the PE router. RDRoute distinguisher. An 8-byte value that is concatenated with an IPv4 prex to create a unique VPN IPv4 prex. RIPRouting Information Protocol. An IGP used to exchange routing information within an autonomous system, RIP uses hop count as a routing metric.
debug ip bgp
trafc engineeringThe techniques and processes used to cause routed trafc to travel through the network on a path other than the one that would have been chosen if standard routing methods had been used. trafc engineering tunnelA label-switched path tunnel that is used for engineering trafc. It is set up through means other than normal Layer 3 routing and is used to direct trafc over a path different from the one that Layer 3 routing would cause it to take. tunnelingArchitecture providing the services necessary to implement any standard point-to-point data encapsulation scheme. VPNVirtual private network. A secure IP-based network that shares resources on one or more physical networks. A VPN contains geographically dispersed sites that can communicate securely over a shared backbone. vpnv4Used as a keyword in commands to indicate VPN-IPv4 prexes. These prexes are customer VPN addresses, each of which has been made unique by the addition of an 8-byte route distinguisher. VRFVPN routing/forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that denes a customer VPN site that is attached to a PE router.
50

MPLS Virtual Private Networks: About This Document

Uploaded by

Copyright:

Available Formats

MPLS Virtual Private Networks: About This Document

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MPLS Virtual Private Networks: About This Document

Uploaded by

Copyright:

Available Formats

MPLS Virtual Private Networks

About this Document

Tag Switching/MPLS Terminology

MPLS Virtual Private Networks 1

IP Virtual Private Networks

Old Designation TDP (Tag Distribution Protocol)

New Designation LDP (Label Distribution Protocol)

IP Virtual Private Networks