Cisco and their inconsistencies

Cisco is known for the inconsistencies between platforms and different IOS versions. I came across another that was rather annoying. Now between linecards.

Trying to configuring the following standard sub-interface Ethernet AToM tunnel on a Cisco 7606 with a ES+ linecard:

pseudowire-class CISCO
 encapsulation mpls
interface Te2/2.2
 encapsulation dot1Q 2
 no ip redirects
 no ip directed-broadcast
 no ip proxy-arp
 xconnect 12345 encap mpls pw-class CISCO

Yields the following misleading error…

7606(config)#int te2/2.2
7606(config-subif)# xconnect 12345 encap mpls pw-class CISCO
MPLS encap is not supported on this circuit

Continue reading “Cisco and their inconsistencies”


VRF-lite route leaking

The purpose of VRF-lite is to extend the logical separation of two different networks from a MPLS network down to a single CE router, connected to both these networks. It’s called VRF-lite because it is done without running MPLS (LDP/TDP) or MP-BGP between the PE and CE. Traffic is mapped to the VRF assigned to the ingress interface on the CE router.

But VRF-lite could be used without connecting to a MPLS network entirely! Consider what a VRF is?

A VRF is a mechanism used to provide logical separation between routing tables on the same router. It is locally significant to the router. Each interface on a router can only be assigned to one VRF, but a VRF can have multiple interfaces.

So VRF-lite could be used to separate multiple networks using the same equipment. (Not exactly something you should ever plan in a design, but it could be useful to know)

Once you have the separation you needed, you might need a way to selectively bridge that separation to allow communication between the VRF’s.

Assume the following scenario:
Continue reading “VRF-lite route leaking”

Output101- sh run vrf

Now that the hard work is behind me, the awesome holiday has past, I can finally get back to all the outstanding fun stuff. That said I have some good half completed posts are on the way :)

I came across the following command browsing the DOC-CD a couple months back, and I have used it ever since.

sh run vrf [vrf-name]

The show running vrf feature provides the option to display a subset of the running configuration on a router that is linked to a VRF instance. It can be used to display the configuration of a specific VRF or of all VRFs configured on a router. The command is unfortunately only available on the more recent IOS versions, but if available makes life easy.

Continue reading “Output101- sh run vrf”

Export RTs?

(This article assumes some understanding of MPLS VPNs)

The different methods to attach MPLS VPN RTs when routes are exported from a VRF table can be confusing.
This could be done in two ways with additional options.

  1. The default ‘all’ export RT could be used.
  2. Or the RTs could be attached using an export-map.

The first method is the most common and the easiest to understand. The command below will attach the configured RT to any routes exported from the router’s VRF RIB table into the MPBGP table for advertising.

route-target export {asn:xx}

But what if another RT should be attached in place of, or additionally but for only one prefix?

This is where the second method becomes necessary. By using an export-map one can selectively attach RTs to individual prefixes, separate or in conjunction with the default export if it is configured. This usually raises the question of when the ‘additive’ keyword is needed.

Allow me to explain by using the following diagram :

Continue reading “Export RTs?”