IPv6 VRF Aware System Message Logging

The IPv6 VRF Aware System Message Logging feature enables a device to send system logging (syslog) messages to an IPv6-enabled syslog server connected through a VPN routing and forwarding (VRF) interface. You can use the logging information for network monitoring and troubleshooting. This feature extends this capability to network traffic connected through VRFs.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for IPv6 VRF Aware System Message Logging

You must configure a VPN routing and forwarding (VRF) instance on a routing device and associate the VRF with an interface before you can configure the IPv6 VRF Aware System Message Logging feature.

Restrictions for IPv6 VRF Aware System Message Logging

You cannot specify a source address for virtual routing and forwarding (VRF) system logging messages. The IPv6 VRF Aware System Message Logging feature uses the VRF interface address as the source address for all VRF aware system logging messages.

Information About IPv6 VRF Aware System Message Logging

Benefits of VRF Aware System Message Logging

A VPN routing and forwarding (VRF) instance is an extension of IP routing that provides multiple routing instances. A VRF provides a separate IP routing and forwarding table to each VPN. You must configure a VRF on a routing device before you configure the VRF Aware System Message Logging feature.

After you configure the VRF Aware System Message Logging feature on a routing device, the device can send system logging (syslog) messages to a syslog host through a VRF interface. Then you can use logging messages to monitor and troubleshoot network traffic connected through a VRF. If the VRF Aware System Message Logging feature is not configured on a routing device, the routing device sends syslog messages to the syslog host only through the global routing table.

You can receive system logging messages through a VRF interface on any device configured with a VRF, that is:

  • On a provider edge (PE) device that is used with Multiprotocol Label Switching (MPLS) and multiprotocol Border Gateway Protocol (BGP) to provide a Layer 3 MPLS VPN network service.

  • On a customer edge (CE) device that is configured for VRF-Lite, which is a VRF implementation without multiprotocol BGP.

VRF Aware System Message Logging on a Provider Edge Device in an MPLS VPN Network

You can configure the VRF Aware System Message Logging feature on a provider edge (PE) device in a Layer 3 Multiprotocol Label Switching (MPLS) VPN network. The PE device can then send system logging (syslog) messages through a VPN routing and forwarding (VRF) interface to a syslog server located in the VPN.

The figure below shows an MPLS VPN network and the VRF Aware System Message Logging feature configured on a PE device associated with VRF VPN1. The PE device sends log messages through a VRF interface to a syslog server located in VPN1. You can display the messages from the syslog server on a terminal.

Figure 1. MPLS VPN and VRF Aware System Message Logging Configured on a Provider Edge Device

VRF Aware System Message Logging on a Customer Edge Device with VRF-Lite Configured

You can configure the VRF Aware System Message Logging feature on a customer edge (CE) device configured with the VRF-Lite feature. The CE device can then send system logging (syslog) messages through a VPN routing and forwarding (VRF) interface to syslog servers in multiple VPNs. The CE device can be either a router or a switch.

The figure below shows the VRF Aware System Message Logging feature configured on a VRF-Lite CE device. The CE device can send VRF syslog messages to syslog servers in the VPN1 network or the VPN2 network or to servers in both VPN1 and VPN2 networks. You can configure multiple VRFs on a VRF-Lite CE device, and the device can serve many customers.

Figure 2. VRF Aware System Message Logging Configured on a VRF-Lite Customer Edge Device

Message Levels for Logging Commands

The table below lists message levels for logging commands that you can use when you configure the VRF Aware System Message Logging feature. Information provided in the table below includes keyword level names and numbers, their description, and the associated syslog definitions. You can use either the level name or the level number with the logging trap level and logging buffered severity-level commands.

Table 1 Message Levels for logging Commands

Level Name

Level Number

Description

Syslog Definition

emergencies

0

System unusable

LOG_EMERG

alerts

1

Immediate action needed

LOG_ALERT

critical

2

Critical conditions

LOG_CRIT

errors

3

Error conditions

LOG_ERR

warnings

4

Warning conditions

LOG_WARNING

notifications

5

Normal but significant condition

LOG_NOTICE

informational

6

Informational messages only

LOG_INFO

debugging

7

Debugging messages

LOG_DEBUG

How to Configure IPv6 VRF Aware System Message Logging

Configuring VRF on a Routing Device

Configuring a VPN routing and forwarding (VRF) instance on a routing device helps provide customer connectivity to a VPN. The routing device can be a provider edge (PE) device connected to a Multiprotocol Label Switching (MPLS) VPN network or a customer edge (CE) device that is configured for VRF-Lite.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    vrf definition vrf-name

    4.    address-family ipv6

    5.    end


DETAILED STEPS
     Command or ActionPurpose
    Step 1enable


    Example: 
    Device> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2configure terminal


    Example: 
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3vrf definition vrf-name


    Example: 
    Device (config)# vrf definition vpn1
     

    Defines a VRF instance and enters VRF configuration mode.

    • The vrf-name argument is a name assigned to the VRF.

     
    Step 4address-family ipv6


    Example: 
    Device(config-vrf)# address-family ipv6
     

    Enables IPv6 address-family for the defined VRF and enters address family configuration mode.

     
    Step 5end


    Example: 
    Device(config-vrf-af)# end
     

    Exits address family configuration mode and returns to privileged EXEC mode.

     

    Associating a VRF with an Interface

    After configuring the VPN routing and forwarding (VRF) instance and associating it with an interface, you can configure the VRF Aware System Message Logging feature on the routing device.

    Note

    You cannot configure a source address for VRF system logging messages. The VRF Aware System Message Logging feature uses the VRF interface address as the source address for all VRF-aware system logging messages.

    Before You Begin

    A VRF must be associated with an interface before you can forward VPN traffic.

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    interface type number

      4.    vrf forwarding vrf-name

      5.    no ipv6 address

      6.    ipv6 address address.prefix

      7.    end


    DETAILED STEPS
       Command or ActionPurpose
      Step 1enable


      Example: 
      Device> enable
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.
       
      Step 2configure terminal


      Example: 
      Device# configure terminal
       

      Enters global configuration mode.

       
      Step 3interface type number


      Example: 
      Device (config)# interface FastEthernet 0/0/0
       

      Configures an interface type and enters interface configuration mode.

      • The type argument is the type of interface to be configured.

      • The number argument is the port, connector, or interface card number. The numbers are assigned at the factory at the time of installation or when the port, connector, or interface card is added to a system. Use the show interfaces command in privileged EXEC mode to view the available interfaces.

       
      Step 4vrf forwarding vrf-name


      Example: 
      Device(config-if)# vrf forwarding vpn1
       

      Associates a VRF with an interface or subinterface.

      • The vrf-name argument associates the interface with the specified VRF.

       
      Step 5no ipv6 address


      Example: 
      Device(config-if)# no ipv6 address
       

      Removes the existing IPv6 address set for an interface.

       
      Step 6ipv6 address address.prefix


      Example: 
      Device(config-if)# ipv6 address 2001:DB8::1/32
       

      Assigns an IPv6 address for the interface.

       
      Step 7end


      Example: 
      Device(config-if)# end
       

      Exits interface configuration mode and returns to privileged EXEC mode.

       

      Configuring VRF as a Source Interface for Logging on a Routing Device

      Before You Begin
      You must perform the following tasks before you perform this task:

      • Configure a virtual routing and forwarding (VRF) instance on a routing device.

      • Associate a VRF with an interface.

      SUMMARY STEPS

        1.    enable

        2.    configure terminal

        3.    logging source-interface interface-type interface-number vrf vrf-name

        4.    logging host ipv6 ipv6-address vrf vrf-name

        5.    end


      DETAILED STEPS
         Command or ActionPurpose
        Step 1enable


        Example: 
        Device> enable
         

        Enables privileged EXEC mode.

        • Enter your password if prompted.
         
        Step 2configure terminal


        Example: 
        Device# configure terminal
         

        Enters global configuration mode.

         
        Step 3logging source-interface interface-type interface-number vrf vrf-name


        Example: 
        Device (config)# logging source-interface FastEthernet 0/0/0 vrf vpn1
         

        Configures the VRF interface as the source interface for logging.

         
        Step 4logging host ipv6 ipv6-address vrf vrf-name


        Example: 
        Device(config)# logging host ipv6 2001:DB8:: vrf vpn1
         

        Configures and associates the IPv6-enabled logging host with the VRF.

         
        Step 5end


        Example: 
        Device(config)# end
         

        Exits global configuration mode and returns to privileged EXEC mode.

         

        Verifying IPv6 VRF Aware System Message Logging

        SUMMARY STEPS

          1.    enable

          2.    show running-config | include logging

          3.    show logging


        DETAILED STEPS
          Step 1   enable

          Enables privileged EXEC mode.

          • Enter your password if prompted.


          Example: 
          Device> enable
          Step 2   show running-config | include logging

          Displays the logging configuration for the device and the logging host for a virtual routing and forwarding (VRF) instance.

          This example shows the configuration of a syslog server in VRF syslog with a server host address of 2001:DB8::1.



          Example: 
          Device# show running-config | include logging

logging source-interface Ethernet0/1 vrf syslog
logging host ipv6 2001::DB8:1 vrf syslog
          Step 3   show logging

          Displays the state of syslog.



          Example: 
          Device# show logging

Trap logging: level informational, 138 message lines logged
Logging to 2001:DB8::1 (v6) (udp port 514, audit disabled,
link up),
24 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging to 2001:DB8::1 (syslog) (udp port 514,
audit disabled,
link up),
4 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:
GigabitEthernet0/0/0 syslog

          Configuration Examples for IPv6 VRF Aware System Message Logging

          Example: Configuring VRF on a Routing Device

          Device> enable
Device# configure terminal
Device(config)# vrf definition syslog_v6 
Device(config-vrf)# address-family ipv6 
Device(config-vrf-af)# end

          Example: Associating a VRF with an Interface

          Device> enable
Device# configure terminal
Device(config)# interface FastEthernet 0/0/0 
Device(config-if)# vrf forwarding vpn1 
Device(config-if)# no ipv6 address
Device(config-if)# ipv6 address 2001:DB8::1/32
Device(config-if)# end

          Example: Configuring VRF as a Source Interface for Logging on a Routing Device

          Device> enable
Device# configure terminal
Device(config)# logging source-interface FastEthernet 0/0/0 vrf vpn1 
Device(config)# logging host ipv6 address 2001:DB8::1 vrf vpn1 	
Device(config)# end

          Additional References for IPv6 VRF Aware System Message Logging

          Related Documents

          Related Topic

          Document Title

          Cisco IOS commands

          Cisco IOS Master Commands List, All Releases

          MPLS and MPLS applications commands

          Cisco IOS Multiprotocol Label Switching Command Reference

          Concepts and tasks for configuring VRF-lite on a Catalyst 4500 switch

          “Configuring VRF-lite” chapter in the Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide

          Concepts and tasks for configuring VRF Lite on ML-Series Ethernet cards

          “Configuring VRF-lite” chapter in the Ethernet Card Software Feature and Configuration Guide for the Cisco ONS 15454 SDH, ONS 15454, and ONS 15327

          Technical Assistance

          Description

          Link

          The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

          To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

          Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

          http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

          Feature Information for IPv6 VRF Aware System Message Logging

          The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

          Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

          Table 2 Feature Information for IPv6 VRF Aware System Message Logging

          Feature Name

          Releases

          Feature Information

          IPv6 VRF Aware System Message Logging

          Cisco IOS 15.2(1)SY

          Cisco IOS 15.4(3)M

          The IPv6 VRF Aware System Message Logging feature enables a device to send system logging (syslog) messages to an IPv6-enabled syslog server connected through a VPN routing and forwarding (VRF) interface. You can use the logging information for network monitoring and troubleshooting. This feature extends this capability to network traffic connected through VRFs.

          The following commands were modified: logging source-interface and logging host.