Configuring the VRF-Aware Software Infrastructure Scale

Last Updated: January 20, 2012

This module describes how to configure the VRF-Aware Software Infrastructure Scale feature. The VRF-Aware Software Infrastructure (VASI) Scale feature allows you to apply services such as access control lists (ACLs), Network Address Translation (NAT), policing, and zone-based firewalls to traffic that is flowing across two different Virtual Routing and Forwarding (VRF) instances. The VASI interfaces support redundancy of the Route Processor (RP) and Forwarding Processor (FP). This feature supports Multiprotocol Label Switching (MPLS) traffic over VASI interfaces and IPv4 and IPv6 unicast traffic on VASI interfaces.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Restrictions for Configuring the VRF-Aware Software Infrastructure Scale

VASI interfaces do not support the attachment of queue-based features. The following commands are not supported on a modular quality of service (QoS) CLI (MQC) policy that is attached to VASI interfaces:

  • bandwidth (policy-map class)
  • fair-queue
  • priority
  • queue-limit
  • random-detect
  • shape

Information About Configuring the VRF-Aware Software Infrastructure Scale

VASI Overview

VASI is implemented by using virtual interface pairs, where each of the interfaces in the pair is associated with a different VRF. The VASI virtual interface is the next hop interface for any packet that needs to be switched between these two VRFs. VASI interfaces provide the framework necessary to configure a firewall or a NAT between VRF instances.

Each interface pair is associated with two different VRF instances. The two virtual interfaces, called vasileft and vasiright, in a pair are logically wired back-to-back and are completely symmetrical. Each interface has an index. The association of the pairing is done automatically based on the two interface indexes such that vasileft automatically gets paired to vasiright. You can configure either static routing or dynamic routing with Border Gateway Protocol (BGP), Enhanced Interior Gateway Routing Protocol (EIGRP), or Open Shortest Path First (OSPF). BGP dynamic routing protocol restrictions and configuration are valid for BGP routing configurations between VASI interfaces.

How to Configure VASI

Configuring the VASI Interface

VASI must be enabled on both interfaces of the VASI pair (vasileft and vasiright). You can configure VRF on any VASI interface. Perform the following task to configure the VASI interfaces.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    interface vasileft number

4.    vrf forwarding table-name [downstream table-name]

5.    ip address {ip-address mask [secondary] | pool pool-name}

6.    exit

7.    interface vasiright number

8.    vrf forwarding table-name [downstream

9.    ip address {ip-address mask [secondary] | pool pool-name}

10.    exit

11.    ip route [vrf vrf-name] destination-prefix destination-prefix-mask{vasileft | vasiright} number

12.    end


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
interface vasileft number


Example:

Router(config)# interface vasileft 200

 

Configures the vasileft interface and enters interface configuration mode.

  • number --A number for the vasileft interface. Range is from 1 to 1000.
 
Step 4
vrf forwarding table-name [downstream table-name]


Example:

Router(config-if)# vrf forwarding table1

 

Configures the VRF table.

Note    You can configure VRF forwarding on any VASI interface. It is not mandatory to configure VRF instances on both VASI interfaces.
 
Step 5
ip address {ip-address mask [secondary] | pool pool-name}


Example:

Router(config-if)# ip address 192.168.0.1 255.255.255.0

 

Configures a primary or secondary IP address for an interface.

 
Step 6
exit


Example:

Router(config-if)# exit

 

Exits interface configuration mode and enters global configuration mode.

 
Step 7
interface vasiright number


Example:

Router(config)# interface vasiright 200

 

Configures the vasiright interface and enters interface configuration mode.

  • number --A number for the vasiright interface. Range is from 1 to 1000.
 
Step 8
vrf forwarding table-name [downstream


Example:

table-name ]



Example:

Router(config-if)# vrf forwarding table

 

Configures the VRF table.

 
Step 9
ip address {ip-address mask [secondary] | pool pool-name}


Example:

Router(config-if)# ip address 192.168.1.1 255.255.255.0

 

Configures a primary or secondary IP address for an interface.

 
Step 10
exit


Example:

Router(config-if)# exit

 

Exits interface configuration mode and enters global configuration mode.

 
Step 11
ip route [vrf vrf-name] destination-prefix destination-prefix-mask{vasileft | vasiright} number


Example:

Router(config)# ip route vrf t1 10.0.0.1 255.255.0.0 vasileft 200

 

Establishes static routes for a VRF instance and VASI interface.

Note    If you want to add an IP route for a VRF instance, you must specify the vrf keyword.
 
Step 12
end


Example:

Router(config)# end

 

Exits global configuration mode.

 

Configuration Examples for VASI

Example Configuring the VASI Interface

The following example shows how to configure the VASI interface. VASI must be enabled for each interface of the VASI pair (vasileft and vasiright). You can configure VRF on any VASI interface. See the Configuring the VASI Interface section for configuration information. 

Router(config)# interface vasileft 200
Router(config-if)# vrf forwarding table1
 
Router(config-if)# ip address 192.168.0.1 255.255.255.0
 
Router(config-if)# exit
 
Router(config)# ip route vrf t1 10.0.0.1 255.255.0.0 vasileft 200
Router(config)# interface vasiright 200
 
Router(config-if)# vrf forwarding table2

Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)# exit
 
Router(config)# ip route 10.0.0.2 255.255.255.0 vasiright 200

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

Security commands

Cisco IOS Security Command Reference

Configuring NAT for IP Address Conservation feature

" Configuring NAT for IP Address Conservation" module of the IP Addressing Configuration Guide

IP routing: BGP

IP Routing: BGP Configuration Guide, Cisco IOS XE Release

IP routing: EIGRP

IP Routing: EIGRP Configuration Guide, Cisco IOS XE Release

IP routing: OSPF

IP Routing: OSPF Configuration Guide, Cisco IOS XE Release

VRF Aware Cisco IOS Firewall feature

"VRF Aware Cisco IOS Firewall"module of the Security Configuration Guide: Securing the Control Plane

Zone-based Policy Firewall feature

"Zone-based Policy Firewall"module of the Security Configuration Guide: Securing the Control Plane

Standards

Standard

Title

No new or modified standards are supported, and support for existing standards has not been modified.

--

MIBs

MIB

MIBs Link

None

To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFC

Title

None

--

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for Configuring VRF-Aware Software Infrastructure Scale

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1 Feature Information for Configuring the VRF-Aware Software Infrastructure Scale

Feature Name

Releases

Feature Information

Configuring VRF-Aware Software Infrastructure Scale

Cisco IOS XE Release 2.6

The VRF-Aware Software Infrastructure (VASI) Scale feature allows you to apply services such as ACLs, NAT, policing, and zone-based firewalls to traffic that is flowing across two different VRF instances. The VASI interfaces support redundancy of the RP and FP. This feature supports MPLS traffic over VASI interfaces and IPv4 and IPv6 multicast and unicast traffic on VASI interfaces.

The following sections provide information about this feature:

VASI (VRF-Aware Software Infrastructure) Enhancements Phase I

Cisco IOS XE Release 3.1S

This feature provides the following enhancements to VASI:

  • Support for 500 VASI interfaces.
  • Support for BGP dynamic routing between VASI interfaces.

VASI (VRF-Aware Software Infrastructure) Enhancements Phase II

Cisco IOS XE Release 3.2S

This feature provides the following enhancements to VASI:

  • Support for IPv6 unicast traffic over VASI interfaces.
  • Support for OSPF and EIGRP dynamic routing between VASI interfaces.

VASI (VRF-Aware Software Infrastructure) Scale

Cisco IOS XE Release 3.3S

This feature provides support for 1000 VASI interfaces.

The following commands were introduced or modified: interface (VASI).

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2012 Cisco Systems, Inc. All rights reserved.