search

Allied Telesis C613-16164-00 User Manual

Browse online or download User Manual for Routers Allied Telesis C613-16164-00. Allied Telesis C613-16164-00 User's Manual

  • Download
  • Add to my manuals
  • Print
  • Page
    / 91
  • Table of contents
  • BOOKMARKS
    • Rated. / 5. Based on customer reviews
Page view 0
Technical Guide
alliedtelesis.com
x
How To |
C613-16164-00 REV E
Introduction
In IP-based networks, VRF stands for Virtual Routing and Forwarding. This technology allows
multiple routing domains to co-exist within the same device at the same time. As the routing
domains are independent, overlapping IP addresses can be used without causing conflict. In
large service provider networks, virtual routing and forwarding is used in conjunction with
MPLS - Multi Protocol Label Switching - to separate each customer’s traffic into its own wide
area VPN. VRF is also known as VPN Routing and Forwarding (when used with MPLS), and is
also known as Multi-VRF.
What is VRF-lite?
VRF-lite is VRF without the need to run MPLS in the network. VRF-lite is used for isolating
customer networks - it allows multiple secure customer routing domains to co-exist in one
physical device simultaneously, which remain completely isolated from each other.
VRF-lite also allows the re-use of IP addresses on the same physical device. An IP address
range in one VLAN used in one VRF domain can simultaneously be used in another VLAN in
a different VRF domain within the same device. While VRF-lite will segregate traffic from
different customers/clients, VRF-lite can also allow for route leakage between VRF domains
(inter-VRF communication), by using static inter-VRF routes and/or dynamic route leakage via
BGP and associated route maps. This provides filtered access from one VRF routing domain
to another where the IP address ranges do not overlap.
This How to Note begins with a description of VRF-lite’s key features and the generic
commands used to configure VRF-lite. There are a number of simple configuration examples
provided to illustrate its use with OSPF, RIP, and BGP routing protocols. This is followed with
a configuration breakdown of a complex inter-VRF scenario, which includes overlapping IP
addresses and a range of routing protocols. Dynamic inter-VRF communication between the
global VRF domain and a VRF instance is also explained. Finally, a short list of diagnostics
commands are provided to help troubleshoot VRF-related issues.
Configure VRF-lite
Page view 0
1 2 3 4 5 6 ... 90 91

Summary of Contents

Page 1 - Configure VRF-lite

Technical Guidealliedtelesis.com xHow To | C613-16164-00 REV EIntroductionIn IP-based networks, VRF stands for Virtual Routing and Forwarding. This te

Page 2 - Command summary

Understanding VRF-litePage 10 | Configure VRF-liteVRF-lite features in AW+ Here is a summary of the features provided by the AW+ VRF-lite implementat

Page 3 - Contents

Configure VRF-lite | Page 11Understanding VRF-liteRoute limiting per VRF instanceIn a multi-VRF network environment, it may be problematic if one V

Page 4 - Glossary

Understanding VRF-litePage 12 | Configure VRF-liteTelnet clientawplus#telnet ? WORD IPv4/IPv6 address or hostname of a remote system ip IP tel

Page 5 - Understanding VRF-lite

Configure VRF-lite | Page 13Configuring VRF-liteConfiguring VRF-liteThe following section describes the generic commands used to configure VRF-lite

Page 6 - VRF-lite security domains

Configuring VRF-litePage 14 | Configure VRF-lite CONFIGURING VLANS AND VLAN DATABASE PURPOSEStep 1 awplus(config)#vlan database VLANs are created in

Page 7 - Route management with VRF

Configure VRF-lite | Page 15Configuring VRF-liteDYNAMIC ROUTING PROTOCOL - RIP ADDRESS-FAMILY PURPOSEStep 1 awplus(config)#router rip Optional. En

Page 8 - Inter-VRF communication

Configuring VRF-litePage 16 | Configure VRF-liteSTATIC ROUTES PURPOSEStep 1 awplus(config)# ip route vrf <name> <network> {<gateway>

Page 9

Configure VRF-lite | Page 17Configuring VRF-liteStatic inter-VRF routing Static inter-VRF routing involves creating static routes in one VRF instan

Page 10 - VRF-lite features in AW+

Dynamic inter-VRF communication explainedPage 18 | Configure VRF-liteDynamic inter-VRF communication explainedThe following section explains how VRF

Page 11 - VRF aware services include

Configure VRF-lite | Page 19Dynamic inter-VRF communication explainedThe command redistribute <protocol> can be configured in an OSPF instanc

Page 12

IntroductionPage 2 | Configure VRF-liteWho should read this document?This document is aimed at advanced network engineers.Which products and software

Page 13 - Configuring VRF-lite

Dynamic inter-VRF communication explainedPage 20 | Configure VRF-liteInter-VRF communication via BGPDynamic inter-VRF route leakage is achieved by ma

Page 14

Configure VRF-lite | Page 21Dynamic inter-VRF communication explainedUsing the route-target commandWhen BGP is used for inter-VRF communication, dy

Page 15

Dynamic inter-VRF communication explainedPage 22 | Configure VRF-liteThe following three examples demonstrate how the route-target command facilitate

Page 16 - STATIC ROUTES PURPOSE

Configure VRF-lite | Page 23Dynamic inter-VRF communication explained3. If VRF red configuration includes*:ip vrf red rd 100:1 route-target export

Page 17 - Static inter-VRF routing

Dynamic inter-VRF communication explainedPage 24 | Configure VRF-liteHow VRF-lite security is maintainedIncidentally, only the original routes can be

Page 18 - Page 18

Configure VRF-lite | Page 25Simple VRF-lite configuration examplesSimple VRF-lite configuration examplesThe following section contains simple confi

Page 19

Simple VRF-lite configuration examplesPage 26 | Configure VRF-lite!interface vlan12 ip vrf forwarding red ip address 10.2.2.1/24!interface vlan13 ip

Page 20 - VRF Device

Configure VRF-lite | Page 27Simple VRF-lite configuration examplesVRFs accessing a shared network. An example of static inter-VRF routingThe partia

Page 21

Simple VRF-lite configuration examplesPage 28 | Configure VRF-liteDynamic inter-VRF communication with RIP routing to external peersThe partial confi

Page 22

Configure VRF-lite | Page 29Simple VRF-lite configuration examplesDynamic inter-VRF communication with BGP routing to external peers The partial co

Page 23

Configure VRF-lite | Page 3IntroductionContentsIntroduction ...

Page 24

Simple VRF-lite configuration examplesPage 30 | Configure VRF-liteDynamic inter-VRF communication with OSPF routing to external peersThe complete con

Page 25

Configure VRF-lite | Page 31Simple VRF-lite configuration examples!access-list standard greenBlock3334 deny 192.168.33.0/24access-list standard gre

Page 26

Simple VRF-lite configuration examplesPage 32 | Configure VRF-liteinterface vlan1 ip vrf forwarding red ip address 192.168.10.1/24!interface vlan2 ip

Page 27 - VRF domain

Configure VRF-lite | Page 33Inter-VRF configuration examples with Internet accessInter-VRF configuration examples with Internet accessThe following

Page 28

Inter-VRF configuration examples with Internet accessPage 34 | Configure VRF-liteConfiguration!ip vrf remote1 1 !ip vrf remote2 2 !ip vrf shared3 3 !

Page 29

Configure VRF-lite | Page 35Inter-VRF configuration examples with Internet access!interface vlan13 ip vrf forwarding remote1 ip address 13.0.0.1/8!

Page 30 - Page 30

Inter-VRF configuration examples with Internet accessPage 36 | Configure VRF-liteExample BInternetIntranetremote1VRF1Intranet 1 static routeIntranetr

Page 31

Configure VRF-lite | Page 37Inter-VRF configuration examples with Internet accessConfiguration!access-list standard deny_overlap deny 10.0.0.0/8acc

Page 32

Inter-VRF configuration examples with Internet accessPage 38 | Configure VRF-lite!interface port1.0.6-1.0.26 switchport switchport mode access!interf

Page 33 - Example A

Configure VRF-lite | Page 39Inter-VRF configuration examples with Internet access ! address-family ipv4 vrf remote2 redistribute connected exit-add

Page 34 - Configuration

GlossaryPage 4 | Configure VRF-liteGlossaryACRONYM DESCRIPTIONAS Autonomous SystemACL Access Control ListBGPBorder Gateway ProtocolFIB Forwarding Inf

Page 35

Inter-VRF configuration examples with Internet accessPage 40 | Configure VRF-liteExample CIntranetremote1VRF1Intranet 1 static routeIntranetremote2In

Page 36 - Example B

Configure VRF-lite | Page 41Inter-VRF configuration examples with Internet accessConfiguration!access-list standard deny_overlap deny 10.0.0.0/8acc

Page 37

Inter-VRF configuration examples with Internet accessPage 42 | Configure VRF-lite!interface port1.0.4 switchport switchport mode trunk switchport tru

Page 38

Configure VRF-lite | Page 43Inter-VRF configuration examples with Internet access exit-address-family ! address-family ipv4 vrf office4 network vla

Page 39

Configuring a complex inter-VRF solutionPage 44 | Configure VRF-liteConfiguring a complex inter-VRF solutionA network comprising of multiple devices

Page 40 - Example C

Configure VRF-lite | Page 45Configuring a complex inter-VRF solutionVRF communication plan VRF shared can access all VRFs red, green, blue and ora

Page 41

Configuring a complex inter-VRF solutionPage 46 | Configure VRF-liteConfiguration breakdown When configuring a complex inter-VFR aware device, such a

Page 42

Configure VRF-lite | Page 47Configuring a complex inter-VRF solutionLocal interfaces can be utilised by a number of protocols for various purposes.

Page 43

CONFIGURE VRFSConfiguring a complex inter-VRF solutionPage 48 | Configure VRF-liteawplus(config)#ip vrf red 1awplus(config-vrf)#rd 100:1awplus(config

Page 44 - Network description

Configure VRF-lite | Page 49Configuring a complex inter-VRF solutionConfigure the hardware ACLsThe command access-list hardware <name> create

Page 45 - VRF communication plan

Configure VRF-lite | Page 5Understanding VRF-liteUnderstanding VRF-liteThe purpose of VRF is to enable separate IP networks, possibly using overlap

Page 46 - Configuration breakdown

CONFIGURE HARDWARE ACLSConfiguring a complex inter-VRF solutionPage 50 | Configure VRF-liteConfigure the VLANsVLANs are created in the VLAN database,

Page 47

Configure VRF-lite | Page 51Configuring a complex inter-VRF solutionThe third access group allow100_deny_private permits VRF red to access shared V

Page 48 - Page 48

CONFIGURE IP ADDRESSESawplus(config-if)#exit[cont...]Configuring a complex inter-VRF solutionPage 52 | Configure VRF-liteConfigure the IP addressesAn

Page 49

Configure VRF-lite | Page 53Configuring a complex inter-VRF solutionawplus(config)#interface vlan1awplus(config-if)#ip vrf forwarding redawplus(con

Page 50 - Page 50

CONFIGURE DYNAMIC ROUTINGConfiguring a complex inter-VRF solutionPage 54 | Configure VRF-liteConfigure routingDynamic routing protocols are configure

Page 51 - CONFIGURE VLAN DATABASE

Configure VRF-lite | Page 55Configuring a complex inter-VRF solutionConnected routes associated with VRF green are redistributed into BGP, and also

Page 52 - Page 52

Configuring a complex inter-VRF solutionPage 56 | Configure VRF-liteStatic routes are configured. Each VRF instance is also configured with its own s

Page 53

CONFIGURE STATIC ROUTINGCONFIGURE ROUTE MAPS Configure VRF-lite | Page 57Configuring a complex inter-VRF solutiondenotes a static route to destinati

Page 54 - Page 54

Configuring a complex inter-VRF solutionPage 58 | Configure VRF-liteComplete show run output from VRF device is belowawplus>enaawplus#sh run!servi

Page 55 - , the VRF

Configure VRF-lite | Page 59Configuring a complex inter-VRF solution!ip vrf shared 5 rd 100:5 route-target import 100:1 route-target import 100:2 r

Page 56 - Page 56

Understanding VRF-litePage 6 | Configure VRF-liteVRF-lite security domainsVRF-lite provides network isolation on a single device at Layer 3. Each VRF

Page 57 - Confi

Configuring a complex inter-VRF solutionPage 60 | Configure VRF-lite switchport access vlan 4 access-group allow_to_self_40 access-group access43 acc

Page 58

Configure VRF-lite | Page 61Configuring a complex inter-VRF solutioninterface vlan6 ip vrf forwarding overlap ip address 192.168.10.1/24!interface

Page 59

Configuring a complex inter-VRF solutionPage 62 | Configure VRF-liteip route vrf orange 192.168.20.0/24 192.168.40.2ip route vrf orange 192.168.140.0

Page 60

Configure VRF-lite | Page 63Configuring a complex inter-VRF solution[VRF: blue]S* 0.0.0.0/0 [1/0] via 192.168.100.254, vlan5C 3.3.3.3/32

Page 61

Configuring a complex inter-VRF solutionPage 64 | Configure VRF-liteConfiguration files for each external router used in the topology and its associa

Page 62

Configure VRF-lite | Page 65Configuring a complex inter-VRF solutionhostname shared_router!vlan databasevlan 2-4 state enable!interface port1.0.2 s

Page 63

Configuring a complex inter-VRF solutionPage 66 | Configure VRF-litehostname red_ospf_peer!vlan databasevlan 2-3 state enable!interface port1.0.2 swi

Page 64

Configure VRF-lite | Page 67Configuring a complex inter-VRF solutionhostname green_i_BGP_peer!vlan databasevlan 2-3 state enable!interface port1.0.

Page 65

Configuring a complex inter-VRF solutionPage 68 | Configure VRF-litehostname blue_rip_peer!vlan databasevlan 2-3 state enable!interface port1.0.2 swi

Page 66

Configure VRF-lite | Page 69Configuring a complex inter-VRF solutionhostname orange_router!vlan databasevlan 2-3 state enable!interface port1.0.2 s

Page 67

awplus(config)#arp ? A.B.C.D IP address of the ARP entry log Arp log vrf VRF instanceawplus(config)#arp vrf <name> ? A.B.C.D IP

Page 68

Configuring a complex inter-VRF solutionPage 70 | Configure VRF-litehostname orange_ospf_peer!vlan databasevlan 2 state enable!interface port1.0.2 sw

Page 69

Configure VRF-lite | Page 71VCStack and VRF-liteVCStack and VRF-liteThe following example illustrates how to configure VRF-lite in a VCStacked envi

Page 70

VCStack and VRF-litePage 72 | Configure VRF-liteVirtual Chassis IDAlso, the optional command stack virtual-chassis-id <value> specifies the VCS

Page 71 - Stack provisioning

Configure VRF-lite | Page 73VCStack and VRF-lite ip address 11.11.11.1/24!interface vlan14 ip vrf forwarding violet ip address 192.168.14.1/24!inte

Page 72 - X610 VCStack configuration

VCStack and VRF-litePage 74 | Configure VRF-lite!interface vlan14 ip vrf forwarding violet ip address 192.168.14.2/24!interface vlan15 ip vrf forward

Page 73

Configure VRF-lite | Page 75VCStack and VRF-liteSharing VRF routing and double tagging on the same portIn this scenario, both VRF-lite traffic and

Page 74

VCStack and VRF-litePage 76 | Configure VRF-liteConfigurationsx610 Aip vrf red 1ip vrf green 2vlan database vlan 20 name nested vlan 11-12,20,111-11

Page 75 - Communication plan

Configure VRF-lite | Page 77VCStack and VRF-liteinterface port1.0.20switchport mode trunk switchport trunk allowed vlan add 11-12,20 switchport tru

Page 76 - Configurations

Dynamic inter-VRF routing between the global VRF domain and a VRF instancePage 78 | Configure VRF-liteDynamic inter-VRF routing between the global VR

Page 77

Configure VRF-lite | Page 79Dynamic inter-VRF routing between the global VRF domain and a VRF instanceFor both these examples all BGP neighbor rela

Page 78 - Additional notes

Understanding VRF-litePage 8 | Configure VRF-liteInter-VRF communicationWhilst the prime purpose of VRF-lite is to keep routing domains separate from

Page 79 - BGP configuration tips

Dynamic inter-VRF routing between the global VRF domain and a VRF instancePage 80 | Configure VRF-liteThe global parameter in the command neighbor x.

Page 80 - Page 80

Configure VRF-lite | Page 81Dynamic inter-VRF routing between the global VRF domain and a VRF instanceDynamic inter-VRF communication with i-BGP ro

Page 81

Dynamic inter-VRF routing between the global VRF domain and a VRF instancePage 82 | Configure VRF-litered routervlan databasevlan 2-3 state enable!in

Page 82

Configure VRF-lite | Page 83Dynamic inter-VRF routing between the global VRF domain and a VRF instanceredistribute connectedredistribute staticneig

Page 83

Route LimitsPage 84 | Configure VRF-liteRoute LimitsIn multi-VRF network environment, it may be disastrous if one VRF injects too many routes and fil

Page 84 - Route Limits

Configure VRF-lite | Page 85Route LimitsConfigurin g Dynamic route limitsAW+ supports the ability to limit dynamic routes via the max-fib-routes co

Page 85 - PROMPT MODE PRIVILEGE LEVEL

Route LimitsPage 86 | Configure VRF-liteawplus(config)# ip vrf redawplus(config-vrf)# max-fib-routes 2000 75Alternatively, to ensure a warning messag

Page 86 - Page 86

Configure VRF-lite | Page 87VRF-lite usage guidelinesVRF-lite usage guidelinesThe general guideline is that all current services remain available i

Page 87 - VRF-lite usage guidelines

Useful VRF-related diagnostics command listPage 88 | Configure VRF-liteUseful VRF-related diagnostics command listBelow is a summary list of diagnost

Page 88 - Routing general

Configure VRF-lite | Page 89Useful VRF-related diagnostics command list connected Connected database IP routing table database global Glo

Page 89 - Routing protocols

Configure VRF-lite | Page 9Understanding VRF-liteStatic and dynamic inter-VRF routingAs mentioned above, "Inter-VRF communication" on pag

Page 90

Useful VRF-related diagnostics command listPage 90 | Configure VRF-liteawplus#sh ip ospf interfaceawplus#sh ip ospf ? <0-65535> Process

Page 91 - HW platform table commands

C613-16164-00 REV Eawplus#show ip bgp vrf <name> ? A.B.C.D IP prefix <network>, e.g., 35.0.0.0 A.B.C.D/M IP prefix <n

Comments to this Manuals

No comments
Related products and manuals for Routers Allied Telesis C613-16164-00
Routers Allied Telesis CG-WLBARGMO User Manual   (56 pages)
Routers Allied Telesis L2TP Tunnel User Manual   (6 pages)
Routers Allied Telesis AT-WA1004G User Manual   (142 pages)
Routers Allied Telesis AT-WR2304N User Manual   (67 pages)
Routers Allied Telesis 86222-10 User Manual   (14 pages)
Routers Allied Telesis X8100 User Manual   (52 pages)
Routers Allied Telesis AT-AR256E User Manual   (35 pages)
Routers Allied Telesis AT-WR4542-50 Datasheet   (4 pages)
Routers Allied Telesis AT-WR2304N-50 Datasheet   (4 pages)
Routers Allied Telesis AT-AR770S Datasheet   (5 pages)
Routers Allied Telesis 990-000590-50 Datasheet   (6 pages)
Routers Allied Telesis AT-AR441S Datasheet   (5 pages)
Routers Allied Telesis AT-AR440S-XX Datasheet   (5 pages)
Routers Allied Telesis AT-AR442S-XX Datasheet   (5 pages)
Routers Allied Telesis AT-AR236E-YY Datasheet   (2 pages)
Routers Allied Telesis CJT-1626-4PEU-01 Datasheet   (2 pages)
Routers Allied Telesis AT-AR256E-YY Datasheet   (2 pages)
Routers Allied Telesis AT-ARW256E-YY Datasheet   (2 pages)
Routers Allied Telesis AT-AR410 Datasheet   (5 pages)
Routers Allied Telesis AT-AR750S-50 Datasheet   (5 pages)
  • Swiftech Star-lights Siemens DTS Current Audio
  • Sony Flat panel accessories Maytag Portable DVD/Blu-Ray players Nikon Power banks Leica Security device components Logitech Car speakers
  • Kitchenaid KFRS365TSS Samsung PN50B530S2F Samsung HW-N650 Behringer U-CONTROL UCA200 Electrolux EWT1066TDW
  • Dbx 234s Crossover User Manual Polaroid PDC 1100 User Manual Sony DVP-NS955V User Manual Lacie Rugged Safe User Manual Sabrent PCI-802N User Manual