vrf-lite for ethernet routing switch 8600 / 8800 technical

53
VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical Configuration Guide Avaya Data Solutions Document Date: April 2011 Document Number: NN48500-570 Document Version: 2.0 Ethernet Routing Switch 8600 / 8800 Engineering

Upload: others

Post on 07-Jan-2022

14 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical Configuration Guide

Avaya Data Solutions Document Date: April 2011 Document Number: NN48500-570 Document Version: 2.0

Ethernet Routing Switch

8600 / 8800

Engineering

Page 2: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 2 April 2011

avaya.com

© 2010 Avaya Inc. All Rights Reserved.

Notices While reasonable efforts have been made to ensure that the information in this document is complete and accurate at the time of printing, Avaya assumes no liability for any errors. Avaya reserves the right to make changes and corrections to the information in this document without the obligation to notify any person or organization of such changes.

Documentation disclaimer Avaya shall not be responsible for any modifications, additions, or deletions to the original published version of this documentation unless such modifications, additions, or deletions were performed by Avaya. End User agree to indemnify and hold harmless Avaya, Avaya‟s agents, servants and employees against all claims, lawsuits, demands and judgments arising out of, or in connection with, subsequent modifications, additions or deletions to this documentation, to the extent made by End User.

Link disclaimer Avaya is not responsible for the contents or reliability of any linked Web sites referenced within this site or documentation(s) provided by Avaya. Avaya is not responsible for the accuracy of any information, statement or content provided on these sites and does not necessarily endorse the products, services, or information described or offered within them. Avaya does not guarantee that these links will work all the time and has no control over the availability of the linked pages.

Warranty Avaya provides a limited warranty on this product. Refer to your sales agreement to establish the terms of the limited warranty. In addition, Avaya‟s standard warranty language, as well as information regarding support for this product, while under warranty, is available to Avaya customers and other parties through the Avaya Support Web site: http://www.avaya.com/support Please note that if you acquired the product from an authorized reseller, the warranty is provided to you by said reseller and not by Avaya.

Licenses THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA WEBSITE, HTTP://SUPPORT.AVAYA.COM/LICENSEINFO/ ARE APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC., ANY AVAYA AFFILIATE, OR AN AUTHORIZED AVAYA RESELLER (AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH AVAYA OR AN AUTHORIZED AVAYA RESELLER. UNLESS OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES NOT EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINED FROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE OR AN AVAYA AUTHORIZED RESELLER, AND AVAYA RESERVES THE RIGHT TO TAKE LEGAL ACTION AGAINST YOU AND ANYONE ELSE USING OR SELLING THE SOFTWARE WITHOUT A LICENSE. BY INSTALLING, DOWNLOADING OR USING THE SOFTWARE, OR AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING, DOWNLOADING OR USING THE SOFTWARE (HEREINAFTER REFERRED TO INTERCHANGEABLY AS "YOU" AND "END USER"), AGREE TO THESE TERMS AND CONDITIONS AND CREATE A BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE APPLICABLE AVAYA AFFILIATE ("AVAYA").

Copyright Except where expressly stated otherwise, no use should be made of the Documentation(s) and Product(s) provided by Avaya. All content in this documentation(s) and the product(s) provided by Avaya including the selection, arrangement and design of the content is owned either by Avaya or its licensors and is protected by copyright and other intellectual property laws including the sui generis rights relating to the protection of databases. You may not modify, copy, reproduce, republish, upload, post, transmit or distribute in any way any content, in whole or in part, including any code and software. Unauthorized reproduction, transmission, dissemination, storage, and or use without the express written consent of Avaya can be a criminal, as well as a civil offense under the applicable law.

Third Party Components Certain software programs or portions thereof included in the Product may contain software distributed under third party agreements ("Third Party Components"), which may contain terms that expand or limit rights to use certain portions of the Product ("Third Party Terms"). Information regarding distributed Linux OS source code (for those Products that have distributed the Linux OS source code), and identifying the copyright holders of the Third Party Components and the Third Party Terms that apply to them is available on the Avaya Support Web site: http://support.avaya.com/Copyright.

Trademarks The trademarks, logos and service marks ("Marks") displayed in this site, the documentation(s) and product(s) provided by Avaya are the registered or unregistered Marks of Avaya, its affiliates, or other third parties. Users are not permitted to use such Marks without prior written consent from Avaya or such third party which may own the Mark. Nothing contained in this site, the documentation(s) and product(s) should be construed as granting, by implication, estoppel, or otherwise, any license or right in and to the Marks without the express written permission of Avaya or the applicable third party. Avaya is a registered trademark of Avaya Inc. All non-Avaya trademarks are the property of their respective owners.

Downloading documents For the most current versions of documentation, see the Avaya Support. Web site: http://www.avaya.com/support

Contact Avaya Support Avaya provides a telephone number for you to use to report problems or to ask questions about your product. The support telephone number is 1-800-242-2121 in the United States. For additional support telephone numbers, see the Avaya Web site: http://www.avaya.com/support

Page 3: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 3 April 2011

avaya.com

Abstract

This Technical Configuration Guide provides a brief summary for the configuration of VRF-Lite for the Avaya Ethernet Routing Switch 8600/8800.

Acronym Key

AS : Autonomous System

EDM : Enterprise Device Manager

GRT : Global Route Table

IPVPN : IP Virtual Private Network

IST : Inter Switch Trunk (Avaya SMLT Clustering)

JDM : Java Device Manager

LACP : Link Aggregation Control Protocol

LLDP : Link Layer Discovery Protocol; IEEE 802.1AB

LSDB : Link State Data Base

MAC : Media Access Control

MLT : Multi Link Trunk

MPLS : Multiprotocol Label Switching

MVR : Multicast VLAN Registration

PIM : Protocol Independent Multicast

PIM-SM : Protocol Independent Multicast – Sparse Mode

PIM-SSM : Protocol Independent Multicast – Source Specfic Multicast

SNMP : Simple Network Management Protocol

SMLT : Split MLT (Avaya Clustering)

SPB : Shortest Path Bridging

SPBM : Shortest Path Bridging MAC

VID : VLAN identifier

VLACP : Virtual LACP

VLAN : Virtual LAN

VPN : Virtual Private Network

VRF : Virtual Routing and Forwarding

Page 4: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 4 April 2011

avaya.com

Revision Control

No Date Version Revised by Remarks

1 1/23/2008 1.0 JVE Initial release

2 7/4/2008 1.1 JVE Updates

3 4/28/2011 2.0 PRMGT Updates

Page 5: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 5 April 2011

avaya.com

Table of Contents

Figures ......................................................................................................................................................... 6

Document Updates ..................................................................................................................................... 7

Conventions ................................................................................................................................................ 7

1. Overview: VRF-Lite ............................................................................................................................. 8

2. Base Scenario: .................................................................................................................................. 16

2.1 Assumptions: ............................................................................................................................... 16

2.2 VRF-Lite Configuration ................................................................................................................ 16

2.3 Basic VRF-Lite Configuration Steps ........................................................................................... 17

3. VRF-Lite Configuration Example ..................................................................................................... 27

3.1 Configuration – Adding VRF Instance ......................................................................................... 28

3.2 Verification ................................................................................................................................... 40

4. Routing between VRF’s .................................................................................................................... 47

4.1 Configuration – Leaking Routes between VRF Instances .......................................................... 47

5. Software Baseline: ............................................................................................................................ 52

6. Reference Documentation: .............................................................................................................. 52

7. Customer service .............................................................................................................................. 53

7.1 Getting technical documentation ................................................................................................. 53

7.2 Getting product training ............................................................................................................... 53

7.3 Getting help from a distributor or reseller .................................................................................... 53

7.4 Getting technical support from the Avaya Web site .................................................................... 53

Page 6: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 6 April 2011

avaya.com

Figures

Figure 1: VRF-Lite Overview ......................................................................................................................... 8

Figure 2: IP-VPN VRF between Switches ................................................................................................... 11

Figure 3: VRRP and VRF in SMLT topology ............................................................................................... 11

Figure 4: Router Redundacy for multiple routing instances (RSMLT) ........................................................ 12

Figure 5: MPLS IP-VPN PE Combined with IP-VRF .................................................................................. 12

Figure 6: IP-VPN VRF-Lite Interactions ...................................................................................................... 13

Figure 7: SPBM L3 VSN ............................................................................................................................. 13

Figure 8: Internal Multicast Virtualization for VRF-Lite ............................................................................... 14

Figure 9: MVR for VRF-Lite......................................................................................................................... 15

Figure 10: VF-Lite Configuration Example .................................................................................................. 27

Page 7: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 7 April 2011

avaya.com

Document Updates

April 2011

Conventions

This section describes the text, image, and command conventions used in this document.

Symbols

Tip – Highlights a configuration or technical tip.

Note – Highlights important information to the reader.

Warning – Highlights important information about an action that may result in equipment damage, configuration or data loss.

Text

Bold text indicates emphasis.

Italic text in a Courier New font indicates text the user must enter or select in a menu item, button or command:

ERS8600:5# show config

Output examples from Avaya devices are displayed in a Lucida Console font:

ERS8600:5# show config

Preparing to Display Configuration...

#

# WED JAN 23 12:15:28 2008 UTC

# box type : ERS-8006

Page 8: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 8 April 2011

avaya.com

1. Overview: VRF-Lite

Figure 1: VRF-Lite Overview

VRF-light provides multiple independent IPv4 routing and forwarding instances within the Ethernet Routing Switch 8600/8800. In addition to the global routing table (VRF0), up to 255 virtual route forwarding (VRF) instances are supported.

Each VRF-Lite instance supports the following features:

256 VPNs for each system

VRF routing protocols (OSPF, RIP, or BGP)

IPv4 only

Filtering support

VRRP, ARP, and DHCP Relay

Overlapping address space

Inter-VRF forwarding policies

SMLT and RSMLT support for VRFs

IEEE 802.3ad and MLT support

SMLT and RSMLT for CE connectivity

ECMP

VRF-based ping and traceroute

Interoperability with RFC2547/4364 layer 3 VPNs

256K total routes per switch; 256K routes in one VRF or spread among all VRF‟s

32K ARP table size shared between global route table and VRF

VLAN01 IP01

IP03

IP02

VLAN03

VLAN02

RIP0 OSPF0 VRF

0

VLAN11 IP11

IP13

IP12

VLAN13

VLAN12 RIP1

OSPF1

VRF1

Global Routing Table / VRF 0

Second Routing Instance / VRF 1

IP04

IP04

IPv6 R

Third Routing Instance / VRF 2

Page 9: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 9 April 2011

avaya.com

Virtualized SNMP Management – restrict access at a VRF-Lite level using either SNMPv1/2 or SNMPv3 – applies to release 5.x

Starting in release 7.0, Enterprise Device Manager (EDM) can be used to configure VRF-Lite

VRF-Lite Multicast Support (software release ≥ 5.1):

PIM-SM, PIM-SSM, IGMPv1,v2,v3 protocols are virtualized and can be configure in non-zero VRF

PIM-SM / PIM-SSM support upto 64 instances

Max number of OSPF and RIP v1/v2 instances have also been increased to 64 in this release.

Virtualized multicast features support on MLT/SMLT/RSMLT related topologies

Partial HA support for virtualized multicast functionalities

The following multicast features are not virtualized: o PIM-DM o IGAP o DVMRP o PGM o PIM-MBR

Virtualization is supported only on R/RS modules and on 8692 CPU card

Multicast Virtualization is available only in „Premier‟ license

Multicast VLAN registration (software release ≥ 7.0)

Multicast VLAN Registration (MVR) allows the single multicast VLAN to be shared in the network while subscribers remain in separate VLANs

MVR is based upon IGMP Snoop, but these 2 features can work independently of each other

When a multicast data stream is received to MVR vlan, it will be replicated to all receiver vlan associated/bind to MVR vlan

MVR functionality is virtualized, it means each vrf can have its own MVR vlan

Only one vlan can be configured as MVR vlan in a vrf

When a Report/Leave is received, it will be forwarded to mrouter port

IP-VPN‟s can be connected together in several ways across a core network using any of the following methods:

VRF

o Multiple VRF instances are used between ERS 8600/8800 switches as shown in figure 2, 3, and 4 below showing VRF support between switches, VRRP, RSMLT, and SMLT support

o For each VRF, a separate VLAN must be created between ERS 8600/8800 switches o VLAN tagging can be used between

MPLS

o MPLS network is used as a transport for IP-VPN‟s using RFC 4364 as shown in figure 5 below

IP VPN-Lite

o IP VPN-Lite can be used to build IP-VPN‟s across any routed IP core using MP-iBGP for VPN exchange as shown in figure 6 below

o Please refer to Technical Brief titled “Technical Brief for IP VPN-Lite for Ethernet Routing Switch 8600” for more details

Page 10: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 10 April 2011

avaya.com

SPBM

o SPB L3 VSNs can be used to build IP-VPN‟s across an SPBM core using IPVSN Reachability TLV 184 to distribution IPVSN reachability between IS-IS peers as shown in figure 7 below

o A Backbone Service Instance Identifier (I-SID) is assigned at a Virtual Router (VRF) level

All VRFs that share the same I-SID can participate in the same VSN

o Please refer to Technical Configuration Guide titled “ Shortest Path Bridging (802.1aq) for ERS 8600 / 8800 Technical Configuration Guide” for more details

Multicast

o Multicast virtualization for VRF-Lite is supported and shown in figure 8 below in addition to support for MVR as illustrated in figure 9

Requirement for VRF support include the following:

Software release 5.0 or higher for VRF support

Software release 5.1 or higher for VRF multicast support

Software release 7.0 or higher for MVR support

R or RS Modules

8692SF with Super Mezzaine daughter card or an 8895SF

Premier software license

Page 11: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 11 April 2011

avaya.com

Figure 2: IP-VPN VRF between Switches

Figure 3: VRRP and VRF in SMLT topology

Page 12: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 12 April 2011

avaya.com

Figure 4: Router Redundacy for multiple routing instances (RSMLT)

Figure 5: MPLS IP-VPN PE Combined with IP-VRF

Page 13: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 13 April 2011

avaya.com

Figure 6: IP-VPN VRF-Lite Interactions

Figure 7: SPBM L3 VSN

IP VPN-Lite

RIP/OSPF/Static

VLAN

SMLT/RSMLT/VRRP/ DHCP relay

VLAN

VRF-Lite (CE) VRF-Lite (CE) P L2

VRF1 VRF2 VRF3

VRF1 VRF2 VRF3

VRF1 VRF2 VRF3

VRF1 VRF2 VRF3

SMLT/RSMLT/VRRP/ DHCP relay

Page 14: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 14 April 2011

avaya.com

Figure 8: Internal Multicast Virtualization for VRF-Lite

Page 15: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 15 April 2011

avaya.com

Figure 9: MVR for VRF-Lite

Page 16: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 16 April 2011

avaya.com

2. Base Scenario:

This technical brief covers configuration examples only pertaining to VRF-light for the ERS 8600/8800.

2.1 Assumptions:

It is assumed that general knowledge of routing and SMLT on Avaya switches is understood.

2.2 VRF-Lite Configuration

In the 5.0 software release or latter, the concept of global routing table and virtual routing table(s) is introduced. The global route table (GRT) is also referred to as VRF0 and refers to the main global routing table. For each virtual routing instance, it will be referred to by the instance number you assign to the VRF; for example VRF1 refers to virtual router instance 1. Overall, there is only one global routing table (VRF0) and up to 255 virtual routing tables (VRF1 up to VRF255). The VRF instance can be created using either CLI, SNMP (5.x), or EDM (≥7.0).

For each VRF-Lite instance that you create, you will need to specify the routing protocol or protocols that you wish to enable for this VRF instance. This can include OSPF, RIP, and/or BGP. As an option, you can also limit the number of routes allowed per VRF instance.

The order of VRF-Lite configuration is as follows:

1. Create VRF instance(s) 2. Enable IGP routing protocol you wish to enable per VRF, i.e. enable OSPF, RIP, and/or BGP per

VRF instance 3. As an option, configure the number of routes allowed for each VRF 4. Create the VRF VLAN(s) and add port members 5. If using JDM

a. At this stage, only if using Java Device Manager (JDM) for software release 5.x, you must select the VRF instance to further configure the VRF if you are a JDM Super User.

b. If you are a JDM VRF user, you must logon to the switch with the appropriate credentials (community string if SNMPv1/2 or USM user if SNMPv3).

c. Please see section titled JDM : VRF-Lite SNMP Access for ERS 8600 software release 5.x below for more details.

6. If using EDM, a. If using software release 7.0, you can select the VRF context at the EDM login screen b. If using software level 7.1 or higher, after loggin in via the global user credentials, you

can select the VRF context available via the left navigation plane VRF Context view c. Please see section titled EDM: VRF-Lite http Access for ERS 8800 software release 7.x

for more details 7. Add IP address and routing protocol(s) at a VLAN level for each VRF instance. 8. Add optional route policies if required. You can also use route policies if you wish to leak routes

between VRF instances or to the global route table.

Page 17: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 17 April 2011

avaya.com

2.3 Basic VRF-Lite Configuration Steps

The following are the steps used to configure a VRF instance, adding an IP address, and enable a routing protocol using CLI, JDM (5.x), and EDM (≥7.0) .

2.3.1 Initial VRF Configuration

2.3.1.1 Logon to the ERS 8600/8800 switch using ether CLI, Java Device Manger (5.x), or EDM (7.0 or higher)

You can use either CLI, JDM, or EDM to configure the ERS 8600/8800 for VRF-Light.

2.3.1.2 Create VRF instances

By default, the maximum routes per VRF instance is set to 10,000 routes

By default, SNMP trap is enabled is the maximum route is reached

CLI Step 1 – Create VRF instance, add maximum routes (optional), and routing protocol

CLI

ERS8000-1:5# config ip vrf <name 1..64> create id <1-255>

ERS8000-1:5# config ip vrf <name 1..64> max-routes <0..250000>

ERS8000-1:5# config ip vrf <name 1..64> <rip|ospf|bgp> create

ERS8000-1:5# config ip vrf <name 1..64> <rip|ospf|bgp> enable

ACLI

ERS8000-1:5(config)# ip vrf <name 0-64> vrfid <1-255>

ERS8000-1:5(config)# ip vrf <name 0-64> max-routes <0..250000>

ERS8000-1:5(config)# router vrf <name 0-64>

ERS8000-1:5(router-vrf)# ip <rip|ospf|bgp>

ERS8000-1:5(router-vrf)# exit

Page 18: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 18 April 2011

avaya.com

JDM (release 5.x) Step 1 – Create VRF instance. To to IP -> VRF -> Insert and select the routing protocol(s) and maximum routes (optional)

EDM (release ≥ 7.0) Step 1 – Create VRF instance. To to IP -> VRF -> Insert and select the routing protocol(s) and maximum routes (optional)

Page 19: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 19 April 2011

avaya.com

2.3.1.3 Create VLANs

Create VLAN(s) and add port members

Once you have create the VLAN(s), you can add the VRF instance to the corresponding VLAN

CLI Step 1 – Assign VRF instance to VLAN

CLI

ERS8000-1:5# config vlan <1..4094> vrf <vrf name>

ACLI

ERS8000-1:5(config)# interface vlan <1..4094>

ERS8000-1:5(config-if)# vrf <vrf name>

ERS8000-1:5(config-if)# exit

JDM (release 5.x) Step 1 – Assign VRF instance to VLAN. After you have created the VLAN(s), via VLAN -> VLANs GloblRouter (vrf 0) -> Basic (click on corresponding VLAN id, click on Vrfid and select the VRF ID you wish to use for this VLAN

Page 20: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 20 April 2011

avaya.com

EDM (release ≥ 7.0) Step 1 – Create VRF instance. After you have created the VLAN(s), via Configuration ->VLAN -> VLANs -> Basic (go to the corresponding VLAN id, click on Vrfid and enter the VRF ID you wish to use for this VLAN

2.3.2 VRF Context – User access to VRF context using SNMP / WEB Browser

Depending of the software release used, you can change the way a user can access VRF context.

In software release 5.x, SNMP is used to access a specific VRF instance or instances.

In software release 7.0, when logging into EDM, in addition to entering a user name and password, you will also have to enter a VRF Name. By default, a VRF name of GlobalRouter is used to access the Global Router view.

In software release 7.1, when logging into EDM the user is only offered the Global Router view. A user can select a specific VRF where a new browser tab will be opened for the selected VRF view. A user can choose to view and manipulate the different VRF view simultaneously.

2.3.2.1 JDM : VRF-Lite SNMP Access for ERS 8600 software release 5.x

As mentioned above, SNMP (release 5.x) can be used to allow 3rd

party or partner access to a specific VRF instance or instances. Please note that only SNMP can be used to visualize management access at a VRF level; CLI access at a VRF level is not supported at this time.

If you wish to enable SNMP at a VRF level, both SMNPv1/2 and SNMPv3 can be used. SNMPv3 access control at a VRF level is accomplished using the USM model. If SNMPv1/2 is used, access is controlled via community strings.

Overall, there are two types of users supported with VRF-light, Super Users and VRF users.

Super User

Has full access to switch using ether JDM or CLI

Has access to global route (GRT) and each VRF instance o The Super User must either select Global Router instance or a specific VRF instance

Configures all VLAN‟s (global and VRF) and assign‟s initial IP address for each VRF via the Global Router instance

The Super User must ether select the Global Router instance or a VRF instance o Cannot select both at the same time

Page 21: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 21 April 2011

avaya.com

o If a VRF instance is selected, only the VFP specific fields and parameters will be configurable and displayed

o The Super User must select Global Router instance initially to configure the VRF instances, VRF VLAN(s), and routing protocols allowed for each VRF instance

At this stage, either the Super User or a VRF User can be used to continue the VRF configuration

If the Super User wishes to continue the VRF configuration, he/she must first select the VRF instance.

VRF User

Has access only at a VRF level

SMNP access only

VRF access level is configured by the Super User

SNMPv3 support via USM model

SNMPv1/2 support via community string o Default: public::x and private::x where x = 1 to 255 (VRF instance)

Only the Super User can add VLAN‟s, VRF instances

The VRF user can add IP addresses, routing protocols, and other IP parameters pertaining only to the VLANs configured by the Super User.

The VRF user can only view routes, arp, MAC addresses, etc for the VLANs configured by the Super User

2.3.2.1.1 SNMP Global Router and VRF Selection – Super User

Assuming you have already configured the VRF instance(s) and VRF VLAN(s), to select the VRF instance using Java Device Manager (JDM), go to IP -> VRF, select the VRF instance, and then click on Set Current VRF as shown below. From now on, only the fields pertaining to this VRF will be displayed.

ERS8600/8800 – VRF instance selection using Super User

Page 22: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 22 April 2011

avaya.com

2.3.2.1.2 VRF User

After the Super User has either configured the SNMP community strings (SNMPv1/2) or SNMPv3 VRF USM users, a VRF user can access the VRF instance as shown below. If the SNMPv1/2 community strings have not been configured and only if SNMPv1/2 is enabled, the default community strings of public::x and private::x where x = 1 to 255 can be used.

ERS8600/8800 – VRF instance login using SNMPv1/2

ERS8600/8800 – VRF instance login using SNMPv3

2.3.3 EDM: VRF-Lite http Access for ERS 8800 software release 7.x

2.3.3.1 EDM - Using EDM for software release 7.0

ERS8600/8800 – Via the main EDM login page, after entering the WEB server global user name and password, enter the VRF context name you wish to work on via the VRF Name: window

Page 23: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 23 April 2011

avaya.com

2.3.3.2 EDM – Using EDM for software release ≥ 7.1

ERS8600/8800 – Go to Configuration -> Set VRF Context view -> select VRF to switch context to -> Launch VRF Context view

ERS8600/8800 – Go to VRF tab

1. Select Set VRF Context view

2. Select the VRF to switch context to Context view

3. Click Launch VRF context view Context view

4. A new tab will be opened in the browser window that will host the selected VRF view

Page 24: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 24 April 2011

avaya.com

2.3.4 VRF Configuration – Adding IP Related Parameters

2.3.4.1 If using SNMP only via JDM (release 5.x), either select VRF instance via Super User or log-in via a valid VRF user for the corresponding VRF instance

At this point, you can need to select the VRF instance where you wish to configure the IP related parameters. If you are using a VRF user interface to configure the VRF instance, you must open up a JDM connection using the correct user credentials that belong to the VRF instance. Either SNMPv1/2 or SNMPv3 can be used. If using SNMPv3, the Super User must first create the VRF SNMPv3 users.

Using JDM Step 1 – Super User, go to IP -> VRF and select the VRF instance

Using JDM Step 1 – VRFUser

Page 25: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 25 April 2011

avaya.com

2.3.4.2 Add IP Address and Routing Protocol

CLI Step 1 –Add IP address to VRF VLAN

CLI

ERS8000-1:5# config vlan <1..4094> ip create <ipaddr/mask>

ERS8000-1:5# config vlan <1..4094> ip <ospf|rip> enable

ACLI

ERS8000-1:5(config)# interface vlan <1..4094>

ERS8000-1:5(config-if)# ip address <ipaddr> <mask>

ERS8000-1:5(config-if)# ip <ospf|rip> enable

ERS8000-1:5(config-if)# exit

JDM (release 5.x) Step 1 – Go to VLAN -> VLANs -> (click on corresponding VLAN id) -> IP -> Insert and add IP address and mask. After that, click on the corresponding routing protocol tab that you wish to enable, i.e. RIP or OSPF.

Page 26: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 26 April 2011

avaya.com

EDM (release ≥ 7.0) Step 1 – Go to Configuration -> VLAN -> VLANs -> (click on corresponding VLAN id. Click on the IP icon and and via the IP Address tab, click on Insert and add IP address and mask. After that, click on the corresponding routing protocol tab that you wish to enable, i.e. RIP or OSPF.

Page 27: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 27 April 2011

avaya.com

3. VRF-Lite Configuration Example

Figure 10: VF-Lite Configuration Example

For this configuration example, two IP-VRF instances will be added, VRF1 using a name of vrfone and VRF2 using a name of vrftwo. RSMLT will be enabled on both VRF instances along with the SLT ID, IP address and IGP protocols as shown in figure 5 above. For this example, we will only add the configuration for VLAN 601 to Switch-1 and VLAN 700 to Switch-2. Realistically, more than one router would normally be connected to each VRF instance in addition to the core configuration. However, the purpose of this example is to simply demonstrate how to configure VRF instances locally at an edge level using SMLT. In the core, either VRF, IP VPN-Lite, or MPLS can be deployed.

In addition, assuming ERS8000-1 and ERS8000-2 are using software level 5.x, we will configure three SNMPv3 USM users with the following user names:

vrf0user: Super User

vrfone: VRF1 user – to manage VRF1 only

vrftwo: VRF2 user – to manage VRF2 only

Page 28: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 28 April 2011

avaya.com

3.1 Configuration – Adding VRF Instance

For this configuration example, we will configure ERS8000-1 using ACLI and ERS8000-2 using CLI.

3.1.1 Optional SNMP Configuration – Software release 5.x

Only complete this section if ERS8000-1 and 8600-2 have software level 5.x and only if you wish to use JDM to limit access to a specific VRF instance. Otherwise, please continue to the next section.

3.1.1.1 Create VRF SNMP user using CLI

In this example, we will create three SNMPv3 users with the following characteristics:

VRF User Name

Context Name

Authentication Privacy

Protocol Password Protocol Password

VRF0 vrf0user MD5 User1234 AES userpriv

VRF1 vrfone vrf1 MD5 vrf1user AES vrf1priv

VRF2 vrftwo vrf2 MD5 vrf2user AES vrf2priv

ERS8000-1 Step 1 – Load the SNMPv3 AES encryption module

ERS8000-1:5(config)# load-encryption-module AES

ERS8000-2 Step 1 – Load the SNMPv3 AES encryption module

ERS8000-2:5# config load-encryption-module AES

ERS8000-1 Step 2 – Add SNMP-v3 Super User. For this example, we will add user ‘vrf0user’ to USM group named ‘group_1’

ERS8000-1:5(config)# snmp-server user vrf0user md5 user1234 aes userpriv

ERS8000-1:5(config)# snmp-server user vrf0user group group_1

ERS8000-1:5(config)# snmp-server group group_1 "" auth-priv read-view org write-view

org notify-view org

ERS8000-2 Step 2 – Add SNMP-v3 Super User. For this example, we will add user ‘vrf0user’ to USM group named ‘group_1’

ERS8000-2:5# config snmp-v3 usm create vrf0user md5 auth user1234 priv-prot aes priv

userpriv

ERS8000-2:5# config snmp-v3 group-member create vrf0user usm group_1

ERS8000-2:5# config snmp-v3 group-access create group_1 "" usm authPriv

ERS8000-2:5# config snmp-v3 group-access view group_1 "" usm authPriv read org write

org notify org

Page 29: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 29 April 2011

avaya.com

ERS8000-1 Step 3 – Add SNMP-v3 VRF1 user. For this example, we will add user ‘vrfone’ to USM group named ‘vrf1_group’ and context name vrf1

ERS8000-1:5(config)# snmp-server user vrfone md5 vrf1user aes vrf1priv

ERS8000-1:5(config)# snmp-server user vrf1user group vrf1_group

ERS8000-1:5(config)# snmp-server group vrf1_group vrf1 auth-priv read-view vrf write-view vrf notify-view vrf

ERS8000-2 Step 3 – Add SNMP-v3 VRF1 user. For this example, we will add user ‘vrfone’ to USM group named ‘vrf1_group’ and context name vrf1

ERS8000-2:5# config snmp-v3 usm create vrfone md5 auth vrf1user priv-prot aes priv

vrf1priv

ERS8000-2:5# config snmp-v3 group-member create vrfone usm vrf1_group

ERS8000-2:5# config snmp-v3 group-access create vrf1_group vrf1 usm authPriv

ERS8000-2:5# config snmp-v3 group-access view vrf1_group vrf1 usm authPriv read vrf

write vrf notify vrf

ERS8000-1 Step 4 – Add SNMP-v3 VRF2 user. For this example, we will add user ‘vrftwo’ to USM group named ‘vrf2_group’ and context name vrf2

ERS8000-1:5(config)# snmp-server user vrftwo md5 vrf2user aes vrf2priv

ERS8000-1:5(config)# snmp-server user vrf2user group vrf2_group

ERS8000-1:5(config)# snmp-server group vrf2_group vrf2 auth-priv read-view vrf write-

view vrf notify-view vrf

ERS8000-2 Step 4 – Add SNMP-v3 VRF2 user. For this example, we will add user ‘vrftwo’ to USM group named ‘vrf2_group’ and context name vrf2

ERS8000-2:5# config snmp-v3 usm create vrftwo md5 auth vrf2user priv-prot aes priv

vrf2priv

ERS8000-2:5# config snmp-v3 group-member create vrftwo usm vrf2_group

ERS8000-2:5# config snmp-v3 group-access create vrf2_group vrf2 usm authPriv

ERS8000-2:5# config snmp-v3 group-access view vrf2_group vrf2 usm authPriv read vrf

write vrf notify vrf

3.1.1.2 Add SNMP Trap Receiver

ERS8000-1 Step 1 – Add an trap receiver using the name ‘taddr1’

ERS8000-1:5(config)# snmp-server host 172.30.30.50 port 162 v1 TAddr1

ERS8000-1 Step 1 – Add an trap receiver using the name ‘taddr1’

ERS8000-2:5# config snmp-v3 target-addr create taddr1 172.30.30.50:162 TparamV1

timeout 1500 retry 3 taglist trapTap mask 0xff:ff:00:00:00:00 mms 484

Page 30: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 30 April 2011

avaya.com

3.1.2 IST Configuration

3.1.2.1 Create IST

ERS8000-1: Step 1 – Create VLAN 1900

ERS8000-1:5(config)# vlan create 1900 name IST type port 1

ERS8000-2: Step 1 – Create VLAN 1900

ERS8000-2:5# config vlan 1900 create byport 1 name IST

ERS8000-1: Step 2 – Create MLT 1 for IST

ERS8000-1:5(config)# mlt 1 enable name IST

ERS8000-1:5(config)# mlt 1 member 1/1,2/1

ERS8000-1:5(config)# mlt 1 encapsulation dot1q

ERS8000-1:5(config)# mlt 1

ERS8000-2: Step 2 – Create MLT 1 for IST

ERS8000-2:5# config mlt 1 create

ERS8000-2:5# config mlt 1 name IST

ERS8000-2:5# config mlt 1 add port 1/1,2/1

ERS8000-2:5# config vlan 1900 add-mlt 1

ERS8000-1: Step 2 – Create IST

ERS8000-1:5(config)# interface mlt 1

ERS8000-1:5(config-mlt)# ist peer-ip 2.1.1.1/30 vlan 1900

ERS8000-1:5(config-mlt)# ist enable

ERS8000-1:5(config-mlt)# exit

ERS8000-2: Step 2 – Create IST

ERS8000-2:5# config vlan 1900 ip create 2.1.1.2/30

ERS8000-2:5# config mlt 1 ist create ip 2.1.1.1 vlan-id 1900

ERS8000-2:5# config mlt 1 ist enable

ERS8000-1: Step 3 – Enable VLACP

ERS8000-1:5(config)# interface gigabitEthernet 1/1,2/1

ERS8000-1:5(config-if)# vlacp funcmac-addr 01:80:c2:00:00:0f

ERS8000-1:5(config-if)# vlacp enable

ERS8000-1:5(config-if)# exit

Page 31: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 31 April 2011

avaya.com

ERS8000-2: Step 3 – Enable VLACP

ERS8000-2:5# ethernet 1/1,2/1 vlacp macaddress 01:80:c2:00:00:0f

ERS8000-2:5# ethernet 1/1,2/1 vlacp enable

ERS8000-2:5# config vlacp enable

3.1.3 VRF Instances – Initial Configuration

3.1.3.1 Create VRF Instances

ERS8000-1 Step 1 – Create VRF instances 1 and 2. Set maximum routes for VRF 1 to 1000 and maximum route to 500 for VRF 2.

ERS8000-1:5(config)# ip vrf vrfone vrfid 1

ERS8000-1:5(config)# ip vrf vrfone max-routes 1000

ERS8000-1:5(config)# ip vrf vrftwo vrfid 2

ERS8000-1:5(config)# ip vrf vrftwo max-routes 500

ERS8000-2 Step 1 – Create VRF instances 1 and 2. Set maximum routes for VRF 1 to 1000 and maximum route to 500 for VRF 2.

ERS8000-2:5# config ip vrf vrfone create id 1

ERS8000-2:5# config ip vrf vrfone max-routes 1000

ERS8000-2:5# config ip vrf vrftwo create id 2

ERS8000-2:5# config ip vrf vrftwo max-routes 500

ERS8000-1 Step 2 – Add OSPF to VRF1 and RIP to VRF2

ERS8000-1:5(config)# router vrf vrfone

ERS8000-1:5(router-vrf)# ip ospf

ERS8000-1:5(router-vrf)# exit

ERS8000-1:5(config)# router vrf vrftwo

ERS8000-1:5(router-vrf)# ip rip enable

ERS8000-1:5(router-vrf)# exit

ERS8000-2 Step 2 – Add OSPF to VRF1 and RIP to VRF2

ERS8000-2:5# config ip vrf vrfone ospf create

ERS8000-2:5# config ip vrf vrfone ospf enable

ERS8000-2:5# config ip vrf vrftwo rip create

ERS8000-2:5# config ip vrf vrftwo rip enable

Page 32: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 32 April 2011

avaya.com

3.1.3.2 Create VLANs for VRF

ERS8000-1 Step 1 – Create VLAN 601 for vrf1 and VLAN 700 for vrf2

ERS8000-1:5(config)# vlan create 601 name vrf1_two type port 1

ERS8000-1:5(config)# vlan members add 601 4/26

ERS8000-1:5(config)# interface vlan 601

ERS8000-1:5(config-if)# vrf vrfone

ERS8000-1:5(config-if)# exit

ERS8000-1:5(config)# vlan create 700 name vrf2_one type port 1

ERS8000-1:5(config)# vlan members add 700 4/23

ERS8000-1:5(config)# interface vlan 700

ERS8000-1:5(config-if)# vrf vrftwo

ERS8000-1:5(config-if)# exit

ERS8000-2 Step 2 – Create VLAN 601 for vrf1 and VLAN 700 for vrf2

ERS8000-2:5# config vlan 601 create byport 1

ERS8000-2:5# config vlan 601 name vrf1_two

ERS8000-2:5# config vlan 601 vrf vrfone

ERS8000-2:5# config vlan 601 ports add 4/26

ERS8000-2:5# config vlan 700 create byport 1

ERS8000-2:5# config vlan 700 name vrf2_one

ERS8000-2:5# config vlan 700 vrf vrftwo

ERS8000-2:5# config vlan 700 ports add 4/23

3.1.4 VRF1 Configuration

3.1.4.1 Add IP Address, Routing Protocol, and enable RSMLT for VRF 1

For the rest of this example, we will configure ERS8000-1 using CLI and configure ERS8000-2 using JDM.

For ERS8000-2, proceed to the following steps using JDM

ERS8000-1 Step 1 – Add IP address for VLAN 601 and enable OSPF

ERS8000-1:5(config)# interface vlan 601

ERS8000-1:5(config-if)# ip address 10.1.11.1 255.255.255.0

ERS8000-1:5(config-if)# ip ospf enable

ERS8000-1:5(config-if)# ip rsmlt

ERS8000-1:5(config-if)# ip rsmlt holdup-timer 60

ERS8000-1:5(config-if)# exit

Page 33: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 33 April 2011

avaya.com

ERS8000-1 Step 2 – Enable OSPF globally for VRF 1

ERS8000-1:5(config)# router vrf vrfone

ERS8000-1:5(router-vrf)# ip ospf admin-state

ERS8000-1:5(router-vrf)# exit

ERS8000-2 Step 1 – Logon using JDM using the password credentials created above for vrf1

If Super User, via JDM go to IP -> VRF -> VRF and select VRF 1

Via VRF 1 user, enter the correct SNMP-v3 credentials

Page 34: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 34 April 2011

avaya.com

ERS8000-2 Step 2 – Once logged on, you should only see the VLAN and VLAN port members activated for vrf1.

Please notice, as shown in the above Java Device Manager (JDM) snap-shot, only the VLAN and VLAN members as configured by the Super User are visible.

ERS8000-1 Step 3 – Add IP address for VLAN 601. Via JDM, go to VLAN -> VLANs -> Id 601 -> IP -> IP Address > Insert and then go to the OSPF tab and enable OSPF

Page 35: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 35 April 2011

avaya.com

ERS8000-2 Step 4 – Enable OSPF globally for VRF 1. Via JDM, go to IP -> OSPF – vrfone (vrf 1) -> General

Page 36: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 36 April 2011

avaya.com

3.1.5 VRF2 Configuration

3.1.5.1 Add IP Address, Routing Protocol, and enable RSMLT for VRF 2

For the rest of this example, we will configure ERS8000-1 using CLI and configure ERS8000-2 using JDM.

For ERS8000-2, proceed to the following steps using JDM.

ERS8000-1 Step 1 – Add IP address for VLAN 600, enable RIP and set the RSMLT hold-down timer to 180 seconds (assuming default RIP timers)

ERS8000-1:5(config)# interface vlan 700

ERS8000-1:5(config-if)# ip address 172.1.1.1 255.255.255.0

ERS8000-1:5(config-if)# ip rip enable

ERS8000-1:5(config-if)# ip rsmlt

ERS8000-1:5(config-if)# ip rsmlt holddown-timer 180

ERS8000-1:5(config-if)# exit

Page 37: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 37 April 2011

avaya.com

ERS8000-2 Step 1 – Logon using JDM using the password credentials created above for vrf2

If Super User, via JDM go to IP -> VRF -> VRF and select VRF 1

Via VRF 2 user, enter the correct SNMP-v3 credentials

Page 38: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 38 April 2011

avaya.com

ERS8000-1 Step 2 – Add IP address for VLAN 700. Via JDM, go to VLAN -> VLANs -> Id 700 -> IP -> Insert and then go to the RIP tab and enable RIP

Page 39: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 39 April 2011

avaya.com

ERS8000-1 Step 2 – Enable RIP. Via JDM, go to VLAN -> VLANs -> Id 700 -> IP -> RIP and enable RIP

Page 40: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 40 April 2011

avaya.com

3.2 Verification

With using the show command to view various VRF parameters, you can ether use the VRF name or VRF ID.

3.2.1 VRF:

3.2.1.1 Verify VRF IP information: Interfaces, Routes and ARP Entries

Step 1 –Verify the IP addresses using CLI, i.e. for VRF 1

ERS8000-1:5# show ip interface vrf vrfone

or

ERS8000-1:5# show ip interface vrfids 1

Result:

================================================================================

IP Interface - VRF vrfone

================================================================================

INTERFACE IP NET BCASTADDR REASM VLAN BROUTER

ADDRESS MASK FORMAT MAXSIZE ID PORT

--------------------------------------------------------------------------------

Vlan600 10.1.10.1 255.255.255.0 ones 1500 -- false

Vlan601 10.1.11.1 255.255.255.0 ones 1500 -- false

Step 1 – Verify the IP address using JDM, i.e. assuming Super User for VRF 1

Go to:

1. IP -> VRF -> Id 1 (vrfone) -> Set Currect VRF

2. IP -> IP – vrfone (vrf 1) -> Addresses.

Result:

Page 41: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 41 April 2011

avaya.com

Step 2 –Verify the IP ARP table using CLI, i.e. for VRF 1

ERS8000-1:5# show ip arp vrf vrfone

or

ERS8000-1:5# show ip arp vrfids 1

Result:

=====================================================================

IP Arp - VRF vrfone

=====================================================================

IP_ADDRESS MAC_ADDRESS VLAN PORT TYPE TTL(10 Sec)

---------------------------------------------------------------------

10.1.10.1 00:01:81:28:86:11 600 - LOCAL 2160

10.1.10.255 ff:ff:ff:ff:ff:ff 600 - LOCAL 2160

10.1.11.1 00:01:81:28:86:12 601 - LOCAL 2160

10.1.11.255 ff:ff:ff:ff:ff:ff 601 - LOCAL 2160

10.1.10.2 00:00:15:2b:56:7c 600 4/27 DYNAMIC 2159

10.1.11.2 00:00:15:29:0f:d3 601 4/28 DYNAMIC 2159

Step 2 – Verify the IP ARP table using JDM, i.e. assuming Super User for VRF 1

Go to:

1. IP -> VRF -> Id 1 (vrfone) -> Set Currect VRF

2. IP -> IP – vrfone (vrf 1) -> ARP

Result:

Page 42: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 42 April 2011

avaya.com

Step 3 –Verify the IP route table using CLI, i.e. for VRF 1

ERS8000-1:5# show ip route vrf vrfone

or

ERS8000-1:5# show ip route vrfids 1

Result:

================================================================================

IP Route - VRF vrfone

================================================================================

NH INTER

DST MASK NEXT VRF COST FACE PROT AGE TYPE PRF

--------------------------------------------------------------------------------

10.1.10.0 255.255.255.0 10.1.10.1 - 1 600 LOC 0 DB 0

10.1.11.0 255.255.255.0 10.1.11.1 - 1 601 LOC 0 DB 0

192.33.34.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120

192.33.35.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120

192.33.36.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120

192.33.37.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120

192.33.38.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120

192.33.39.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120

192.33.40.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120

192.33.41.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120

192.33.42.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120

192.33.43.0 255.255.255.0 10.1.10.2 vrfo~ 20 600 OSPF 0 IB 120

192.168.1.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125

192.168.2.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125

192.168.3.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125

192.168.4.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125

192.168.5.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125

192.168.6.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125

192.168.7.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125

192.168.8.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125

192.168.9.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125

192.168.10.0 255.255.255.0 10.1.11.2 vrfo~ 10 601 OSPF 0 IB 125

22 out of 22 Total Num of Route Entries, 22 Total Num of Dest Networks displayed

.

--------------------------------------------------------------------------------

TYPE Legend:

I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Rout

e,

U=Unresolved Route, N=Not in HW, F=Replaced by FTN, V=IPVPN Route

Page 43: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 43 April 2011

avaya.com

Step 3 – Verify the IP route table using JDM, i.e. assuming Super User for VRF 1,

Go to:

1. IP -> VRF -> Id 1 (vrfone) -> Set Currect VRF

2. IP -> IP – vrfone (vrf 1) -> Routes

Result:

Page 44: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 44 April 2011

avaya.com

3.2.2 SNMP:

3.2.2.1 Verify SNMP Users

Step 1 –Verify the SNMP-v3 users

ERS8000-1:5# show snmp-server user

Result:

Engine ID = 80:00:08:E0:03:00:01:81:28:84:00

================================================================================

USM Configuration

================================================================================

User/Security Name Engine Id Protocol

--------------------------------------------------------------------------------

vrfone 0x80:00:08:E0:03:00:01:81:28:84:00 HMAC_MD5, AES PRIVACY,

vrftwo 0x80:00:08:E0:03:00:01:81:28:84:00 HMAC_MD5, AES PRIVACY,

initial 0x80:00:08:E0:03:00:01:81:28:84:00 NO AUTH, NO PRIVACY

vrf0user 0x80:00:08:E0:03:00:01:81:28:84:00 HMAC_MD5, AES PRIVACY,

4 out of 4 Total entries displayed

--------------------------------------------------------------------------------

Step 1 – Verify the SNMP-v3 users using JDM via Super User:

Go to:

1. Edit -> SNMPv3 -> USM Table

Result:

Page 45: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 45 April 2011

avaya.com

3.2.2.2 Verify SNMP Group Member and Group Access

Step 1 –Verify the SNMP-v3 group-member

ERS8000-1:5# show snmp-server group

Result:

==================================================================

VACM Group Membership Configuration

==================================================================

Sec Model Security Name Group Name

------------------------------------------------------------------

snmpv1 readview readgrp

snmpv1 sBladeUser sBladeGrp

snmpv1 initialview v1v2grp

snmpv2c readview readgrp

snmpv2c sBladeUser sBladeGrp

snmpv2c initialview v1v2grp

usm vrfone vrf1_group

usm vrftwo vrf2_group

usm initial initial

usm vrf0user group_1

10 out of 10 Total entries displayed

------------------------------------------------------------------

Step 1 – Verify the SNMP-v3 users using JDM via Super User:

Go to:

1. Edit -> SNMPv3 -> VCAM Table -> Group Membership

Result:

Page 46: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 46 April 2011

avaya.com

Step 2 –Verify the SNMP-v3 group access

ERS8000-1:5# show snmp-server group

Result:

================================================================================

VACM Group Access Configuration

================================================================================

Group Prefix Model Level ReadV WriteV NotifyV

--------------------------------------------------------------------------------

vrf1_group vrf1 usm authPriv vrf vrf vrf

vrf2_group vrf2 usm authPriv vrf vrf vrf

Step 2 – Verify the SNMP-v3 users using JDM via Super User:

Go to:

1. Edit -> SNMPv3 -> VCAM Table>Group Access Right

Result:

Page 47: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 47 April 2011

avaya.com

4. Routing between VRF’s

4.1 Configuration – Leaking Routes between VRF Instances

There may be times where you may wish to inject routes between VRF‟s for various reasons. For example, you may have a case where there is service on a particulate VRF, i.e. VRF10, which you also would also like to use on other VRF‟s. Instead of duplicating the service on each VRF, you could inject the service routes from VRF 10 to the other VRF‟s that require the use of this service. In the other direction, you will also need to inject the routes from the other VRF‟s that require the service back to VRF10.

In this example, using the base configuration from the configuration example in section 3, we will enable the leaking of routes between VRF1 and VRF2. Overall, we will accomplish the following:

Enable re-distribution of direct interfaces between VRF1 and VRF2

Only re-distribute network 172.1.25.0/24 from VRF2 to VRF1

Only re-distribute network 192.33.34.0/24 from VRF1 to VRF2

4.1.1 ERS 8600/8800 Configuration

4.1.1.1 Enable ASBR

In order to re-distribute static routes, you must enable OSPF ASBR on vrf 1.

ERS8000-1 Step 1 – Enable OSPF ASBR for vrf 1

ERS8000-1:5(config)# router vrf vrfone

ERS8000-1:5(router-vrf)# ip ospf as-boundary-router enable

ERS8000-1:5(router-vrf)# exit

ERS8000-2 Step 1 – Enable OSPF ASBR for vrf 1

ERS8000-2:5# config ip vrf vrfone ospf as-boundary-router enable

4.1.1.2 Add static routes

ERS8000-1 Step 1 – Create Static route for vrf 1

ERS8000-1:5(config)# router vrf vrfone

ERS8000-1:5(router-vrf)# ip route 172.1.25.0 255.255.255.0 172.1.1.5 weight 1 next-

hop-vrf vrftwo

ERS8000-1:5(router-vrf)# exit

ERS8000-2 Step 1 – Create Static route for vrf 1

ERS8000-2:5# config ip vrf vrfone static-route create 172.1.25.0/24 next-hop 172.1.1.5

cost 1 next-hop-vrf vrftwo

Page 48: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 48 April 2011

avaya.com

ERS8000-1 Step 2 – Create Static route for vrf 2

ERS8000-1:5(config)# router vrf vrftwo

ERS8000-1:5(router-vrf)# ip route 192.33.34.0 255.255.255.0 10.1.11.3 weight 1 next-

hop-vrf vrfone

ERS8000-1:5(router-vrf)# exit

ERS8000-2 Step 2 – Create Static route for vrf 2

ERS8000-2:5# config ip vrf vrftwo static-route create 192.33.34.0/24 next-hop

10.1.11.3 cost 1 next-hop-vrf vrfone

4.1.1.3 Enable Route Re-distribution

We will also have to re-distribute the direct interfaces in order for either Switch-1 or Switch-2 to get to the remote networks.

ERS8000-1 Step 1 – For vrf 1, enable OSPF re-distribution of static routes from VRF source of vrf 2

ERS8000-1:5(config)# router vrf vrfone

ERS8000-1:5(router-vrf)# ip ospf redistribute static vrf-src vrftwo

ERS8000-1:5(router-vrf)# ip ospf redistribute static enable vrf-src vrftwo

ERS8000-1:5(router-vrf)# ip ospf redistribute direct vrf-src vrftwo

ERS8000-1:5(router-vrf)# ip ospf redistribute direct enable vrf-src vrftwo

ERS8000-1:5(router-vrf)# exit

ERS8000-2 Step 1 – For vrf 1, enable OSPF re-distribution of static routes from VRF source of vrf 2

ERS8000-2:5# config ip vrf vrfone ospf redistribute static create vrf-src vrftwo

ERS8000-2:5# config ip vrf vrfone ospf redistribute static enable vrf-src vrftwo

ERS8000-2:5# config ip vrf vrfone ospf redistribute static apply vrf-src vrftwo

ERS8000-2:5# config ip vrf vrfone ospf redistribute direct create vrf-src vrftwo

ERS8000-2:5# config ip vrf vrfone ospf redistribute direct enable vrf-src vrftwo

ERS8000-2:5# config ip vrf vrfone ospf redistribute direct apply vrf-src vrftwo

Page 49: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 49 April 2011

avaya.com

ERS8000-1 Step 2 – For vrf 2, enable RIP re-distribution of static routes from VRF source of vrf 1

ERS8000-1:5(config)# router vrf vrftwo

ERS8000-1:5(router-vrf)# ip rip redistribute static vrf-src vrfone

ERS8000-1:5(router-vrf)# ip rip redistribute static enable vrf-src vrfone

ERS8000-1:5(router-vrf)# ip rip redistribute direct vrf-src vrfone

ERS8000-1:5(router-vrf)# ip rip redistribute direct enable vrf-src vrfone

ERS8000-1:5(router-vrf)# exit

ERS8000-2 Step 2 – For vrf 2, enable RIP re-distribution of static routes from VRF source of vrf 1

ERS8000-2:5# config ip vrf vrftwo rip redistribute static create vrf-src vrfone

ERS8000-2:5# config ip vrf vrftwo rip redistribute static enable vrf-src vrfone

ERS8000-2:5# config ip vrf vrftwo rip redistribute static apply vrf-src vrfone

ERS8000-2:5# config ip vrf vrftwo rip redistribute direct create vrf-src vrfone

ERS8000-2:5# config ip vrf vrftwo rip redistribute direct enable vrf-src vrfone

ERS8000-2:5# config ip vrf vrftwo rip redistribute direct apply vrf-src vrfone

Page 50: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 50 April 2011

avaya.com

4.1.2 Verification

4.1.2.1 Verify Static Routes

Step 1 –Verify the OSPF route redistribution configuration

ERS8000-1:5# show ip route static vrf vrfone

or

ERS8000-1:5# show ip route static vrfids 1

Result:

================================================================================

IP Static Route - VRF vrfone

================================================================================

DEST MASK NEXT NH-VRF COST PREF LCLNHOP STATUS ENABLE

--------------------------------------------------------------------------------

172.1.25.0 255.255.255.0 172.1.1.3 vrftwo 1 5 TRUE ACTIVE TRUE

4.1.2.2 Verify Route Policies

In order to re-distribute static routes, you must enable OSPF ASBR on vrf 1.

Step 1 –Verify the OSPF route redistribution configuration

ERS8000-1:5# show ip ospf redistribute vrf vrfone

or

ERS8000-1:5# show ip ospf redistribute vrfids 1

Result:

================================================================================

OSPF Redistribute List - VRF vrfone

================================================================================

SRC-VRF SRC MET MTYPE SUBNET ENABLE RPOLICY

--------------------------------------------------------------------------------

vrftwo STAT 0 type2 allow TRUE

vrftwo LCL 0 type2 allow TRUE

Page 51: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 51 April 2011

avaya.com

4.1.2.3 Verify Route table

Step 1 –Verify the OSPF route redistribution configuration

ERS8000-1:5# show ip route vrf vrfone

or

ERS8000-1:5# show ip route vrfids 1

Result:

================================================================================

IP Route - VRF vrfone

================================================================================

NH INTER

DST MASK NEXT VRF COST FACE PROT AGE TYPE PRF

--------------------------------------------------------------------------------

10.1.11.0 255.255.255.0 10.1.11.1 - 1 601 LOC 0 DB 0

|

192.33.34.0 255.255.255.0 10.1.11.3 vrfo~ 20 601 OSPF 0 IB 20

|

172.1.1.0 255.255.255.0 10.1.11.2 vrfo~ 1 601 OSPF 0 IB 125

172.1.25.0 255.255.255.0 172.1.1.3 vrft~ 1 700 STAT 0 IB 5

Page 52: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 52 April 2011

avaya.com

5. Software Baseline:

Software level used for this guide is based on 5.x or higher.

6. Reference Documentation:

Document Title Publication Number Description

IP VPN-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide

NN48500-562

Configuration – IP VPN NN46205-520

Page 53: VRF-Lite for Ethernet Routing Switch 8600 / 8800 Technical

VRF-Lite for Ethernet Routing Switch 8600 Technical Configuration Guide 53 April 2011

avaya.com

7. Customer service

Visit the Avaya Web site to access the complete range of services and support that Avaya provides. Go to www.avaya.com or go to one of the pages listed in the following sections.

7.1 Getting technical documentation

To download and print selected technical publications and release notes directly from the Internet,go to www.avaya.com/support.

7.2 Getting product training

Ongoing product training is available. For more information or to register, you can access the Web site at www.avaya.com/support. From this Web site, you can locate the Training contacts link on the left-hand navigation pane.

7.3 Getting help from a distributor or reseller

If you purchased a service contract for your Avaya product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance.

7.4 Getting technical support from the Avaya Web site

The easiest and most effective way to get technical support for Avaya products is from the Avaya Technical Support Web site at www.avaya.com/support.