network virtualization easy virtual network (evn) · network virtualization creation of logical...
TRANSCRIPT
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 1
Network Virtualization
Easy Virtual Network (EVN)
Martin Vozár, [email protected]
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 2
Agenda
� Easy Virtual Network Overview
� Overriding Defaults
� VRF Filtering
� Shared Services
� Management
� Summary
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 3
Virtual Network
Merged NewCompany
Network VirtualizationCreation of Logical Partitions
� Virtualization: one-to-many (one network supports many virtual networks)
� End-user perspective is that of being connected to a dedicated network (security, independent set of policies, routing decisions…)
� Must have a rock-solid campus design in place before adding virtualization to the network
Actual Physical Infrastructure
OutsourcedIT Department
Virtual Network Virtual Network
Segregated Department(Regulatory Compliance)
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-2033 4
Enterprise Network DesignVRF-Lite + MPLS VPNs
Distribution Blocks
SiSiSiSiSiSiSiSi
SiSi
SiSi SiSi
SiSi
Internet
Data Center 2
WAN
MPLSVPNs
Yellow VRF
Green VRF
Red VRF
Branch 1
Yellow VRF
Green VRF
Red VRF
Branch 2
Yellow VRF
Green VRF
Red VRF
Branch 3
Data Center 1
Building 1 Building 2
PE3
PE1 PE2
PE4
VRF-LiteDevices
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 5
Evolution of VRFs – Easy Virtual Network
MPLS-VPN
VRFs VRF-Lite Easy Virtual Network
� VRFs were born from MPLS-VPN
� VRFs grew into adolescence with VRF-Lite(Multi-VRF)
� Easy Virtual Networks brings VRFs into maturity – Simplified/Enhanced VRF-Lite
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 6
EVN Summary
� ASR1k – first platform supporting EVN
� LAN Trunks
VLAN-ID reuse
Sub-interface inheritance
� Route Replication
IGP based Shared Services
� Enhanced Troubleshooting and Usability
routing-context, traceroute, debug condition, cisco-vrf-mib
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-2033 7
Enterprise Network DesignEVN Presence
Distribution Blocks
SiSiSiSiSiSiSiSi
SiSi
SiSi SiSi
SiSi
Internet
Data Center 2
WAN
MPLSVPNs
Yellow VRF
Green VRF
Red VRF
Branch 1
Yellow VRF
Green VRF
Red VRF
Branch 2
Yellow VRF
Green VRF
Red VRF
Branch 3
Data Center 1
Building 1 Building 2
PE3
PE1 PE2
PE4
EVNDevices
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 8
Enterprise Network DesignEVN Presence
Distribution Blocks
SiSiSiSiSiSiSiSi
SiSi
SiSi SiSi
SiSi
Internet
Data Center 2
WAN
Campus
Yellow VRF
Green VRF
Red VRF
Branch 1
Yellow VRF
Green VRF
Red VRF
Branch 2
Yellow VRF
Green VRF
Red VRF
Branch 3
Data Center 1
Building 1 Building 2EVNDevices
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 9
Path IsolationFunctional Components
� Device virtualization
Control plane virtualization
Data plane virtualization
Services virtualization
� Data path virtualization
Hop-by-Hop
(EVN/VRF-LIte End-to-End)
Multi-Hop
(EVN/VRF-Lite+GRE, MPLS-VPN)
VRF
VRF
Global
IP/MPLS
802.1q
VRF: Virtual Routing and Forwarding
Per VRF:Virtual Routing Table
Virtual Forwarding Table
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 10
VRF-Lite End-to-EndHow Does It Work?
1. Create L2 VLANs and trunk them to the first L3 device
2. Define VRFs at the first L3 device and map the L2 VLANs to the proper VRF
3. Define VRFs on all the other L3 devices in the network
4. Configure as trunks all the physical links connecting the L3 devices in the network
Create VLAN interfaces or subinterfaces
and map them to the corresponding VRF
5. Define unique VLANs on each trunk to be associated to each VRF
7. Traffic is now carried end-to-end across the network maintaining logical isolation between the defined groups
VLAN 10VLAN 20
VLAN 11VLAN 21
VLAN 12VLAN 22
VLAN 13VLAN 23
VLAN 15VLAN 25
VLAN 16VLAN 26
VLAN 14VLAN 246. Enable a routing protocol in each VRF
IGPs
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 11
Easy Virtual Networks How Does It Work?
1. Create L2 VLANs and trunk them to the first L3 device
2. Define VRFs at the first L3 device and map the L2 VLANs to the proper VRF
3. Define VRFs on all the other L3 devices in the network
4. Configure as VNET trunks all the physical links connecting the L3 devices in the core
Each link will use the same 802.1q tag
6. Traffic is now carried end-to-end across the network maintaining logical isolation between the defined groups
A single trunk interface transports multiple VRF traffic. Trunks are Pre-Provisioned for new VRFs
VLAN 10VLAN 20
VLAN 10VLAN 20
5. Enable a routing protocol in each VRF
IGPs
VNET Tag 101VNET Tag 102VNET Trunk
VNET Tag 101VNET Tag 102
VNET Tunk
VNET Tag 101VNET Tag 102
VNET Tunk
VNET Tag 101VNET Tag 102
VNET Tunk
VNET Tag 101VNET Tag 102
VNET Tunk
User Attachment Circuit (AC)
AC
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 12
EVN Provisioning – What is new
� Basic VRF Provisioning
1. Provision VRFs
“vnet tag <>” new command
2. Associate user facing (AC) and Trunk (Core facing interfaces) with VRF
“vnet trunk” new command
3. Define routing instance for VRFs
same as in VRF-Lite (Multi-VRF or MPLS VPNs on access side)
� Advanced VRF Provisioning options
� Customize attributes for each VRF (Override Inheritance)
� Filter VRFs on some links but allow on others
“vrf list <>” new command
� Setup inter-VRF communication (Shared Services/Extranet Services)
“route-replicate from vrf <>” new command
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 13
1. Create VRFs and allocate unique
VNET tags for each VRF
! VNET Tag is any number selected
by a network manager
!
vrf definition user-a
vnet tag 11
vrf definition user-b
vnet tag 12
vrf definition user-c
vnet tag 13
!
2. Map VRFs to appropriate
interfaces
!
interface Loopback11
vrf forwarding user-a
!
interface vlan 21
vrf forwarding user-a
interface vlan 22
vrf forwarding user-c
interface vlan 23
vrf forwarding user-b
!
EVN Configuration: Define VRFs and map to interfaces
L3 Core
VLAN 21 user-a
VLAN 22 user-c
VLAN 23 user-b
VLAN 31 user-a
VLAN 32 user-c
VLAN 33 user-b
SiSi SiSi
e1/0
g1/1
Layer 2 Trunks
SiSi SiSi
es2-sd4
es2-d4
e1/0
3. Transport all provisioned VRFs on
Trunk interfaces
!
interface e1/0
vnet trunk!
es2-d3
es2-sd3
L2 D1L2 D2
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 14
!
es2-sd3(config-vrf)#vnet tag ?
<2-4094> Integer that is globally unique for all
VNETs
!
es2-sd3(config-vrf-af)#vrf definition 33
es2-sd3(config-vrf)#vnet tag 33
% Error: maximum of 32 VNETs already configured
EVN Configuration: Maximum 32 vnetssupported
1st
32nd
|
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 15
VRF Simplification - Trunk advantage
VRF Sub-interfaces!
interface Ethernet1/0.11
description Subinterface for VNET services
vrf forwarding user-aencapsulation dot1Q 11
ip address 125.1.15.18 255.255.255.0
ip pim sparse-mode
!
interface Ethernet1/0.12
description Subinterface for VNET services
vrf forwarding user-bencapsulation dot1Q 12
ip address 125.1.15.18 255.255.255.0
ip pim sparse-mode
!
interface Ethernet1/0.13
description Subinterface for VNET user-c
vrf forwarding user-cencapsulation dot1Q 13
ip address 125.1.15.18 255.255.255.0
ip pim sparse-mode
!
VNET Trunks!
interface Ethernet1/0
vnet trunkip address 125.1.15.18 255.255.255.0
ip pim sparse-mode
!
Configuration Expands to
� VNET Tag # defined for each VRF is used as part of numbering Sub-interfaces� Each sub-interface inherits the same characteristics from the main interface
-same IP address on all sub-interfaces� Unless a VRF Filter is applied, trunk interface will transport traffic for all
provisioned VRFs
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 16
Changing VNET Tag
VRF Sub-interfaces!
interface Ethernet1/1.11description Subinterface for VNET services
vrf forwarding user-aencapsulation dot1Q 11ip address 125.1.15.18 255.255.255.0
!
� In creation of VRF sub-interfaces, vnet tag is used� vnet tag also used with encap dot1q� Best Practice to change vnet tag so vrf sub-int is created
properly: 1. Remove old vnet tag. 2. Configure new vnet tag.
!
vrf definition user-a
vnet tag 11
!
VNET Tag
es2-sd3(config)#vrf definition user-a
es2-sd3(config-vrf)#no vnet tag 11
es2-sd3(config-vrf)#vnet tag 101!
interface Ethernet1/1.101description Subinterface for VNET services
vrf forwarding user-aencapsulation dot1Q 101ip address 125.1.15.18 255.255.255.0
!
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 17
View Expanded configuration: show derived-config
Normal show run show derived-configRouter# show derived-config.................snip.......................
.
interface Ethernet1/0
vnet trunkip address 125.1.1.11 255.255.255.0
ip pim sparse-mode
!
interface Ethernet1/0.10description Subinterface for VNET services
vrf forwarding servicesencapsulation dot1Q 10
ip address 125.1.1.11 255.255.255.0
ip pim sparse-mode
!
interface Ethernet1/0.13description Subinterface for VNET user-c
vrf forwarding user-cencapsulation dot1Q 13
ip address 125.1.1.11 255.255.255.0
ip pim sparse-mode
.
. .................snip.......................
Router# show run.
.................snip.................
interface Ethernet1/0
vnet trunkip address 125.1.1.11 255.255.255.0
ip pim sparse-mode
.................snip..................
� The only way to display full VNET
Trunk interface config generated automatically
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 18
View full VRF configuration: show running-config vnet
show running-config vnet
!
vrf definition services
vnet tag 10
!
address-family ipv4
exit-address-family
!
interface Ethernet1/0
vnet trunk
ip address 125.1.15.18 255.255.255.0
ip pim sparse-mode
!
interface Loopback11
vrf forwarding user-a
ip address 125.0.11.18 255.255.255.0
!
interface Loopback13
vrf forwarding user-c
ip address 125.0.13.18 255.255.255.0
!
router ospf 13 vrf user-c
network 0.0.0.0 255.255.255.255 area 0
!
vrf list list-c
member services
member user-c
!
� Displays only VRF related
configuration for all VRFs: VRF
name, VNET Tag, VRF lists, vrf
outing instance and VRF interfaces� Does not display expended
configuration for Trunk Interface
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 19
VRF Aware show run
router# show run vrf user-aip vrf user-a
!
interface GigabitEthernet0/1
ip vrf forwarding user-a
ip address 11.2.2.1 255.255.255.0
!
interface Tunnel2
ip vrf forwarding user-a
ip address 11.2.1.1 255.255.255.0
tunnel source Loopback101
tunnel destination 126.101.1.2
tunnel key 102
!
router eigrp 100
!
address-family ipv4 vrf user-a
network 11.2.0.0 0.0.255.255
auto-summary
autonomous-system 102
exit-address-family
!
Old command displays VRF configuration info for:
� VRF Definitions
� Interfaces in VRFs
� Protocol configs for Multi-VRF
� Does not display expended configuration for Trunk Interface
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 20
VRF-Lite and VNET Trunk Compatibility
VRF-Lite Config EVN config!
vrf definition user-c
!
vrf definition services
!
interface Ethernet1/0
ip address 125.1.1.11 255.255.255.0
ip pim sparse-mode
!
interface Ethernet1/0.10description Subinterface for VNET services
vrf forwarding servicesencapsulation dot1Q 10ip address 125.1.1.11 255.255.255.0
ip pim sparse-mode
!
interface Ethernet1/0.13description Subinterface for VNET user-c
vrf forwarding user-cencapsulation dot1Q 13ip address 125.1.1.11 255.255.255.0
ip pim sparse-mode
!
vrf definition services
vnet tag 10
!
vrf definition user-c
vnet tag 13!
interface Ethernet1/0
vnet trunkip address 125.1.1.11 255.255.255.0
ip pim sparse-mode
!
VRF-Lite Device EVN Device
•dot1Q tag and vnet tag must match
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 21
Changing VNET sub-interface configuration?
show derived-configRouter# show derived-config.................snip.......................
.
interface Ethernet1/0
vnet trunkip address 125.1.1.11 255.255.255.0
ip pim sparse-mode
!
!
interface Ethernet1/0.13description Subinterface for VNET user-c
vrf forwarding user-cencapsulation dot1Q 13
ip address 125.1.1.11 255.255.255.0
ip pim sparse-mode
!
es2-d4#conf t
es2-d4(config)#interface Ethernet1/0.13
% VNET subinterface Et1/0.13 is not manually configurable
�Notice, VNET sub-interfaces are not manually configurable!
VRF-Lite Device EVN Device
�Adjust config on VRF-litedevice
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 22
Override Defaults
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 23
VNET Trunk – Overriding Inheritance
VNET Trunk config
es2-d4(config)# interface Ethernet1/1vnet trunkip address 10.122.5.32 255.255.255.254
ip ospf cost 20ip pim sparse-mode
logging event link-status
vnet name user-aes2-d4(config-if-vnet)# no ip pim sparse-
mode
vnet name user-ces2-d4(config-if-vnet)# ip ospf cost 30
�All VRFs on a trunk inherit characteristics from the main interface �Inherited characteristics can be overridden on a per VRF basis
-VRF user-a doesn’t support multicast-user-b VRF’s OSPF cost is different
interface Ethernet1/1
vnet trunkip address 10.122.5.32 255.255.255.254
vnet name user-cip ospf cost 30
es2-d4(config-if-vnet)#ip address ?% Unrecognized command
�VRF sub-interface IP address override is not supported.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 24
Inheritance override for VNET Global
�EVN device has two types of routing tables: VRFs and Global �Global table carries all non-VRF routes�Global table is known as VNET Global �Global is Not a reserved word�Best Practice: do not create a VRF name “global” or any variation using mix of different case: “Global”, “gLobal”…..etc.
VRF
VRF
Global
es2-d4(config)# interface Ethernet1/1es2-d4(config-if)#vnet trunkip address 10.122.5.32 255.255.255.254
ip ospf cost 20ip pim sparse-mode
logging event link-status
es2-d4(config-if)# vnet globales2-d4(config-if-vnet)# ip ospf cost 20
vnet name user-ces2-d4(config-if-vnet)# ip ospf cost 30
• Use regular commands like show ip
route…etc. Can not access global table
using “show vnet global”…es2-d4#sh vnet global
% No VNET or VRF named 'global'
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 25
VRF Filters
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 26
Specifying Explicit Paths using VRF ListSpecify VRFs carried on Trunks
vrf list list-a
member user-a
member user-c
member services
interface g1/0
vnet trunk vrf-list list-a
vrf list list-b
member user-b
member user-c
member services
interface g1/0
vnet trunk vrf-list list-b
Campus Core
Layer 2 Trunks
g1/1g1/1
SiSi
VLAN 21 user-a
VLAN 22 user-c
VLAN 23 user-b
SiSi
SiSi SiSi
� VRFs can be carried over specific trunks for traffic engineering� Specify on each trunk which VRFs are allowed� VRF list not supported with VRF-lite
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 27
VRF aware debug filtering
es2-d3# debug condition vrf user-aCondition 1 set
CEF filter table debugging is on
es2-sd3#
*Nov 30 23:47:13.116: vrfmgr(0) Debug: Condition 1, vrf user-a triggered, count 1
es2-d3# debug ip ospf hello
es2-sd3#
*Nov 30 23:47:42.204: OSPF-11 HELLO Et3/0.11: Rcv hello from
125.0.11.13 area 0 125.1.2.13
es2-sd3#sh debug conditionCondition 1: vrf user-a (1 flags triggered) Flags: vrfmgr(0)
Condition 2: vrf user-b (1 flags triggered) Flags: vrfmgr(1)
es2-sd3#no debug condition vrf user-aCondition 1 has been removed
es2-sd3#sh deb condition
Condition 2: vrf user-b (1 flags triggered)
Flags: vrfmgr(1)
� Set debug condition to include debug output for only selected VRFs: user created VRFs or global or default
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 28
Routing Context
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 29
VRF Verification Using Routing Context
Routing context
es2-d4#routing-context vrf user-a
es2-d4%user-a#
es2-d4%user-a# show ip route
Routing table output for red
es2-d4%user-a# ping 10.1.1.1
Ping result using VRF red
es2-d4%user-a# telnet 10.1.1.1
Telnet to 10.1.1.1 in VRF red
es2-d4%user-a# traceroute 10.1.1.1
Traceroute output in VRF red
Original CLI
es2-d4#show ip route vrf user-a
Routing table output for red
es2-d4#ping vrf user-c 10.1.1.1
Ping result using VRF red
es2-d4#telnet 10.1.1.1 /vrf user-a
Telnet to 10.1.1.1 in VRF red
es2-d4#traceroute vrf user-a 10.1.1.1
Traceroute output in VRF red
Exiting VRF routing context (back to global)es2-sd4#routing-context vrf user-a
es2-sd4%user-a#routing-context vrf global
es2-sd4#
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 30
Shared Services
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-2033 31
Shared Services
Services that you don’t want to duplicate:
� Internet Gateway
� Firewall and NAT - DMZ
� DNS
� DHCP
� Corporate Communications - Hosted Content
Requires IP Connectivity between VRFs
This is usually accomplished through some type of Extranet Capability or Fusion Router/FW
Best Methods for Shared Services
Fusion Router/FW – Internet Gateway, NAT/DMZ
Extranet – DNS, DHCP, Corp Communications
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-2033 32
Provisioning Shared Services
Before: Setting up shared services
• No BGP required• No Route Distinguisher required• No Route Targets required• No Import/Export required• Simple Deployment• Supports both Unicast/Mcast
!
vrf definition services
!
address-family ipv4
route-replicate from vrf user-a unicast all
route-replicate from vrf user-b unicast all route-map userb
exit-address-family
!
vrf definition user-a
vnet tag 11
!
address-family ipv4
route-replicate from vrf services unicast all
exit-address-family
!
vrf definition user-b
vnet tag 12
!
address-family ipv4
route-replicate from vrf services unicast all
exit-address-family
!
With: Route Replication in EVN
ip vrf servicesrd 3:3route-target export 3:3route-target import 1:1route-target import 2:2!ip vrf user-ard 1:1route-target export 1:1route-target import 3:3!ip vrf user-brd 2:2route-target export 2:2route-target import 3:3!router bgp 65001bgp log-neighbor-changes!address-family ipv4 vrf servicesredistribute ospf 3no auto-summaryno synchronizationexit-address-family!address-family ipv4 vrf user-aredistribute ospf 1no auto-summaryno synchronizationexit-address-family!address-family ipv4 vrf user-bredistribute ospf 2no auto-summaryno synchronizationexit-address-family!
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-2033 33
Route Redistribution
� Route Redistribution will copyroutes between different routing
processes or protocols within a
single RIB
� Each VRF has a separate and distinct RIB
OSPF Process 2
Route TypeDest Int
NextHop
126.1.9.0/24 OSPF Gi0/1 126.1.17.13
126.1.12.0/24 OSPF Gi0/1 126.1.17.13
126.1.14.0/24 OSPF Gi0/1 126.1.17.13
router ospf 1network 126.1.0.0 0.0.255.255 area 0
OSPF Process 1
Route TypeDest Int
NextHop
126.1.9.0/24 OSPF Gi0/1 126.1.17.13
126.1.12.0/24 OSPF Gi0/1 126.1.17.13
126.1.14.0/24 OSPF Gi0/1 126.1.17.13
RIB – Routing Infomation Base
Route Type Dest Int NextHop
126.1.17.0/24 Connected Gi0/1
126.1.9.0/24 OSPF Gi0/1 126.1.17.13
126.1.12.0/24 OSPF Gi0/1 126.1.17.13
126.1.14.0/24 OSPF Gi0/1 126.1.17.13
router ospf 2redistribute ospf 1 subnets
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-2033 34
Route Replication
RIB – VRF services
Route Type Dest Int NextHop
126.1.17.0/24 Connected Gi0/1
126.1.9.0/24 OSPF Gi0/1 126.1.17.13
126.1.12.0/24 OSPF Gi0/1 126.1.17.13
126.1.14.0/24 OSPF Gi0/1 126.1.17.13
� Route Replication creates a link to a route in a RIB from a different VRF
RIB – VRF user-a
Route Type Dest Int NextHop
126.1.9.0/24 OSPF Gi0/1 126.1.17.13
126.1.12.0/24 OSPF Gi0/1 126.1.17.13
126.1.14.0/24 OSPF Gi0/1 126.1.17.13
vrf definition user-a!address-family ipv4route-replicate from vrf services unicast all
exit-address-family
router ospf 99 vrf servicesnetwork 126.1.0.0 0.0.255.255 area 0
!router ospf 98 vrf user-anetwork 126.1.0.0 0.0.255.255 area 0
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 35
Ping and Traceroute in Shared Services
• Trunk interface address is common among VRFs (125.1.6.0 is in
all VRFs)
• Telnet/Ping sources egress interface address by default
• Specify source address from the same VRF
es2-d4%user-c# traceroute 125.0.10.12 source 125.0.13.18
es2-d4%user-c# ping 125.0.10.12 source 125.0.13.18
Campus Core
Layer 2 Trunks
g1/1g1/1
SiSi
VLAN 22 user-c
VLAN 23 user-b
SiSi
SiSi SiSi
user-c
user-b
services
user-c
Es2-d4
Es2-sd4es2-sd4#
!interface Loopback10
vrf forwarding services
ip address 125.0.10.12 255.255.255.0
!125.1.6.0
es2-d4#
!interface Loopback13
vrf forwarding user-c
ip address 125.0.13.18 255.255.255.0
!
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-2033 36
EVNInstrumentation
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 37
• Improved CLI for VRF-aware SNMP
• New CISCO-VRF-MIB for VRF discovery and management
• Netflow data using Flexible Netflow-not supported on VNET Trunk interface-works on VRF edge interfaces
EVN Instrumentation
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 38
Summary
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 39
EVN Summary
� EVN – simplied VRF Lite
� Works with VRF Lite, MPLS VPNs and MPLSVPNsomGRE
� New Concepts
-VNET Tag
-LAN Trunks
-VLAN-ID reuse
-Sub-interface inheritance
-Route Replication: IGP based Shared Services
-Enhance Troubleshooting and Usability
-routing-context, traceroute, debug condition, cisco-vrf-mib
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 40
List of new commands at a glance
command Description
vnet tag <> Define vnet tag unique for each VRF
vnet name <> To switch to a VRF for override inheritance
vnet trunk Allow all VRFs on a trunk/core interface
vrf list <> Specify VRFs to filter
vnet trunk list <> Allow all but specified VRFs on a trunk interface
route-replicate Replicate routes among VRFs for shared
services
routing-context vrf <> VRF’s context to view/verify a VRF specific info
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 41
References
� Overview of Easy Virtual Network
http://www.cisco.com/en/US/partner/docs/ios/ios_xe/evn/configuration/guide/evn_overview_xe_ps11174_TSD_Products_Configuration_Guide_Chapter.html
� Command Reference
http://www.cisco.com/en/US/docs/ios/evn/command/reference/evn1.html
� Management and Troubleshooting
http://www.cisco.com/en/US/docs/ios/ios_xe/evn/configuration/guide/evn_mgt_ts_xe.html
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 42