Table Of Contents
MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
Prerequisites for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
Restrictions for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
Information About MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
VRF Concepts Similar for IPv4 and IPv6 VPNs
Single-Protocol VRF to Multiprotocol VRF Migration
Multiprotocol VRF Configurations Characteristics and Examples
Multiprotocol VRF Configuration: Single Protocol with Noncommon Policies Example
Multiprotocol VRF Configuration: Multiprotocol with Noncommon Policies Example
Multiprotocol VRF Configuration: Multiprotocol with Common Policies Example
Multiprotocol VRF Configuration: Multiprotocol with Common and Noncommon Policies
How to Configure MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
Configuring a VRF for IPv4 and IPv6 VPNs
Associating a Multiprotocol VRF with an Interface
Verifying the MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs Configuration
Migrating from a Single-Protocol IPv4-Only VRF to a Multiprotocol VRF Configuration
Configuration Examples for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
Configuring a VRF for IPv4 and IPv6 VPNs: Example
Associating a Multiprotocol VRF with an Interface: Example
Feature Information for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
First Published: February 19, 2007Last Updated: February 19, 2007This document describes how to configure a Virtual Private Network (VPN) routing and forwarding (VRF) instance for IPv4 and IPv6 VPNs and describes how to upgrade your existing single-protocol IPv4-only VRF to a multiprotocol VRF configuration.
The MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs feature introduces Cisco IOS command-line interface (CLI) commands that allow you to enable an IPv4 and IPv6 VPN in the same VRF instance and to simplify the migration from a single-protocol VRF configuration to a multiprotocol VRF configuration.
Finding Feature Information in This Module
Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs" section.
Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•Prerequisites for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
•Restrictions for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
•Information About MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
•How to Configure MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
•Configuration Examples for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
•Feature Information for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
Prerequisites for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
The MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs feature has the following prerequisites:
•For migration—An IPv4 Multiprotocol Label Switching (MPLS) VPN VRF must exist.
•For a new VRF configuration—Cisco Express Forwarding and an MPLS label distribution method, either Label Distribution Protocol (LDP) or MPLS Traffic Engineering (TE), must be enabled on all routers in the core, including the provider edge (PE) routers.
Restrictions for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
The MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs feature has the following restrictions:
•Once you have converted to a multiprotocol VRF, you cannot convert the VRF back to an IPv4-only single-protocol VRF.
•You can associate an interface with only one VRF. You cannot configuring a VRF for IPv4 and a different VRF for IPv6 on the same interface.
•You can configure only IPv4 and IPv6 address families in a multiprotocol VRF. Other protocols (IPX, Appletalk, and the like) are not supported.
Information About MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
Before you use the MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs feature to migrate from a single-protocol VRF to a multiprotocol VRF, you should understand the following:
•VRF Concepts Similar for IPv4 and IPv6 VPNs
•Single-Protocol VRF to Multiprotocol VRF Migration
•Multiprotocol VRF Configurations Characteristics and Examples
VRF Concepts Similar for IPv4 and IPv6 VPNs
VPNs for IPv6 use the same VRF concepts that IPv4 VPNs use, such as address families, route distinguishers, route targets, and VRF identifiers. Customers that use both IPv4 and IPv6 VPNs might want to share VRF policies between address families. They might want a way to define applicable VRF policies for all address families, instead of defining VRF policies for an address family individually as they do for or a single-protocol IPv4-only VRF.
Prior to Cisco IOS Release 12.2(33)SRB, a VRF applied only to an IPv4 address family. A one-to-one relationship existed between the VRF name and a routing and forwarding table identifier, between a VRF name and a route distinguisher (RD), and between a VRF name and a VPN ID. This configuration is called a single-protocol VRF.
Cisco IOS Release 12.2(33)SRB introduces support for a multiple address-family (multi-AF) VRF structure. The multi-AF VRF allows you to define multiple address families under the same VRF. A given VRF, identified by its name and a set of policies, can apply to both an IPv4 VPN and an IPv6 VPN at the same time. This VRF can be activated on a given interface, even though the routing and forwarding tables are different for the IPv4 and IPv6 protocols. This configuration is called a multiprotocol VRF.
Single-Protocol VRF to Multiprotocol VRF Migration
Prior to Cisco IOS Release 12.2(33)SRB, you could create a single protocol IPv4-only VRF. You created a single-protocol VRF by entering the ip vrf command. To activate the single-protocol VRF on an interface, you entered the ip vrf forwarding (interface configuration) command.
After the introduction of the MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs feature in Cisco IOS Release 12.2(33)SRB, you create a multiprotocol VRF by entering the vrf definition command. To activate the multiprotocol VRF on an interface, you enter the vrf forwarding command.
The MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs feature introduces the vrf upgrade-cli multi-af-mode {common-policies | non-common-policies} [vrf vrf-name] command that forces VRF configuration migration from a single-protocol VRF model to a multiprotocol VRF model:
•If the route-target policies apply to all address families configured in the multi-AF VRF, select the common-policies keyword.
•If the route-target policies apply only to the IPv4 address family that you are migrating, select the non-common-policies keyword.
After you enter the vrf upgrade-cli command and save the configuration to NVRAM, the single-protocol VRF configuration is saved as a multiprotocol VRF configuration. In the upgrade process, the ip vrf command is converted to the vrf definition command (global configuration commands) and the ip vrf forwarding command is converted to the vrf forwarding command (interface configuration command). The vrf upgrade-cli command has a one-time immediate effect.
You might have both IPv4-only VRFs and multiprotocol VRFs on your router. Once you create a VRF, you can edit it using only the commands in the mode in which it was created. For example, you created a VRF named vrf2 with the following multiprotocol VRF commands:
Router# configure terminalEnter configuration command, one per line. End with CNTL/ZRouter(config)# vrf definition vrf2Router(config-vrf)# rd 2:2Router(config-vrf)# route-target import 2:2Router(config-vrf)# route-target export 2:2Router(config-vrf)# endIf you try to edit VRF vrf2 with IPv4-only VRF commands, you receive the following message:
Router# configure terminalEnter configuration command, one per line. End with CNTL/ZRouter(config)# ip vrf vrf2% Use `vrf definition vrf2' commandIf you try to edit an IPv4-only VRF with the multiprotocol VRF commands, you would receive this message, where <vrf-name> is the name of the IPv4-only VRF:
% Use `ip vrf <vrf-name>' commandThe ip vrf name and ip vrf forwarding (interface configuration) name commands will be available for a period of time before they are removed. Use the vrf upgrade command to migrate your older IPv4-only VRFs to the new multiprotocol VRF configuration. When you need to create a new VRF—whether the VRF is for an IPv4 VPN, or IPv6 VPN, or both—use the multiprotocol VRF vrf definition and vrf forwarding commands that support a multi-AF configuration.
Multiprotocol VRF Configurations Characteristics and Examples
In a multiprotocol VRF, you can configure both IPv4 VRFs and IPv6 VRFs under the same address family or configure separate VRFs for each IPv4 or IPv6 address family. The multiprotocol VRF configuration has the following characteristics:
•The VRF name identifies a VRF, which might have both IPv4 and IPv6 address families. On the same interface, you cannot have IPv4 and IPv6 address families using different VRF names.
•The RD, VPN ID, and SNMP context are shared by both IPv4 and IPv6 address families for a given VRF.
•The policies (route target, for example) specified in multi-AF VRF mode, outside the address-family configuration, are defaults to be applied to each address family. Route targets are the only VRF characteristics that can be defined inside and outside an address family.
The following is also true when you associate a multiprotocol VRF with an interface:
•Binding an interface to a VRF (vrf forwarding vrf-name command) removes all IPv4 and IPv6 addresses configured on that interface.
•Once you associate a VRF with a given interface, all active address families belong to that VRF. The exception is when no address of the address-family type is configured, in which case the protocol is disabled.
•Configuring an address on an interface that is bound to a VRF requires that the address family corresponding to the address type is active for that VRF. Otherwise, an error message is issued stating that the address family must be activated first in the VRF.
Backward compatibility with the single-protocol VRF CLI is supported in Cisco IOS Release 12.2(33)SRB. This means that you might have single-protocol and multiprotocol CLI on the same router, but not in the same VRF configuration.
The single-protocol CLI continues to allow you to define an IPv4 address within a VRF and an IPv6 address in the global routing table on the same interface.
The following sections have multiprotocol VRF configuration examples:
•Multiprotocol VRF Configuration: Single Protocol with Noncommon Policies Example
•Multiprotocol VRF Configuration: Multiprotocol with Noncommon Policies Example
•Multiprotocol VRF Configuration: Multiprotocol with Common Policies Example
•Multiprotocol VRF Configuration: Multiprotocol with Common and Noncommon Policies
Multiprotocol VRF Configuration: Single Protocol with Noncommon Policies Example
The following is an example of a multiprotocol VRF configuration for a single protocol (IPv4) with route-target policies in the address-family configuration:
vrf definition vrf2rd 2:2!address-family ipv4route-target export 2:2route-target import 2:2exit-address-familyThe RD (2:2) applies to all address families defined for VRF vrf2.
Multiprotocol VRF Configuration: Multiprotocol with Noncommon Policies Example
The following is an example of a multiprotocol VRF configuration for IPv4 and IPv6 VPNs in which the route-target policies are defined in the separate address-family configurations:
vrf definition vrf2rd 2:2!address-family ipv4route-target export 2:2route-target import 2:2exit-address-family!address-family ipv6route-target export 3:3route-target import 3:3exit-address-familyMultiprotocol VRF Configuration: Multiprotocol with Common Policies Example
The following is an example of a multiprotocol VRF configuration for IPv4 and IPv6 VPNs with route-target policies defined in the global part of the VRF:
vrf definition vrf2rd 2:2route-target export 2:2route-target import 2:2!address-family ipv4exit-address-family!address-family ipv6exit-address-familyThe route-target policies are defined outside the address-family configurations. Therefore, the policies apply to all address families defined in VRF vrf2.
Multiprotocol VRF Configuration: Multiprotocol with Common and Noncommon Policies
The following is an example of a multiprotocol VRF with route-target policies defined in both global and address-family areas:
•For IPv6, the route-target definitions are defined under the address family. These definitions are used and the route-target definitions in the global area are ignored. Therefore, the IPv6 VPN ignores import 100:2.
•For IPv4, no route-target policies are defined under the address family, therefore, the global definitions are used.
vrf definition vfr1route-target export 100:1route-target import 100:1route-target import 100:2!address-family ipv4exit-address-family!address-family ipv6route-target export 100:1route-target import 100:1route-target import 100:3exit-address-familyHow to Configure MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
This feature provides Cisco IOS CLI commands that allow you to configure a multiprotocol VRF (IPv4 and IPv6 VPNs in the same VRF) and to migrate a single-protocol VRF configuration (IPv4-only VRF) to a multiprotocol VRF configuration.
A multiprotocol VRF allows you to share route targets policies (import and export) between IPv4 and IPv6 or to configure separate route-target policies for IPv4 and IPv6 VPNs.
Perform the following tasks to configure or migrate to the MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs feature:
•Configuring a VRF for IPv4 and IPv6 VPNs (required)
•Associating a Multiprotocol VRF with an Interface (required)
•Verifying the MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs Configuration (optional)
Perform the following task to migrate from a single-protocol VRF to a multiprotocol VRF configuration:
•Migrating from a Single-Protocol IPv4-Only VRF to a Multiprotocol VRF Configuration
Configuring a VRF for IPv4 and IPv6 VPNs
Perform the following task to configure a VRF for IPv4 and IPv6 VPNs. When you configure a VRF for both IPv4 and IPv6 VPNs (a multiprotocol VRF), you can choose to configure route-target policies that apply to all address-families in the VRF or you can configure route-target policies that apply to individual address families in the VRF.
The following task shows how to configure a VRF that has that has route-target policies defined for IPv4 and IPv6 VPNs in separate VRF address families.
SUMMARY STEPS
1. enable
2. configure terminal
3. vrf definition vrf-name
4. rd route-distinguisher
5. address-family {ipv4 | ipv6}
6. route-target {import | export | both} route-target-ext-community
7. exit-address-family
8. address-family {ipv4 | ipv6}
9. route-target {import | export | both} route-target-ext-community
10. end
DETAILED STEPS
Associating a Multiprotocol VRF with an Interface
Perform the following task to associate a multiprotocol VRF with an interface. Associating the VRF with an interface activates the VRF.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number
4. vrf forwarding vrf-name
5. ip address ip-address mask [secondary]
6. ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
7. end
DETAILED STEPS
Verifying the MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs Configuration
Perform the following task to verify the MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs feature configuration, that is, show that the VRF configuration is upgraded to a multi-AF multiprotocol VRF.
SUMMARY STEPS
1. enable
2. show running-config vrf [vrf-name]
3. show vrf
4. show vrf detail [vrf-name]
5. end
DETAILED STEPS
Step 1 enable
Use this command to enable privileged EXEC mode. Enter your password, if prompted. For example:
Router> enableRouter#Step 2 show running-config vrf [vrf-name]
Use this command to verify that the upgrade to a multi-AF multiprotocol VRF configuration was successful. The following is sample command output before the upgrade to a multi-AF multiprotocol VRF:
Router# show running-config vrf vpn2Building configuration...Current configuration : 604 bytesip vrf vpn2rd 1:1route-target export 1:1route-target import 1:1!!interface Loopback1ip vrf forwarding vpn2ip address 10.43.43.43 255.255.255.255!The following is sample command output after you upgrade to a multi-AF multiprotocol VRF with common policies for all address families:
Router# show running-config vrf vpn1Building configuration...Current configuration : 604 bytesvrf definition vpn1rd 1:1route-target export 1:1route-target import 1:1!address-family 1pv4exit-address-family!!interface Loopback1ip vrf forwarding vpn1ip address 10.43.43.43 255.255.255.255!This configuration contains the vrf definition command. The vrf definition command replaces the ip vrf command in the multi-AF multiprotocol VRF configuration.
Step 3 show vrf
Use this command to verify that the upgrade to a multi-AF multiprotocol VRF configuration was successful. The show vrf command replaces the show ip vrf command when a VRF configuration is updated to a multi-AF multiprotocol VRF configuration. The show vrf command displays the protocols defined for a VRFs. The following command shows sample output after you upgrade a single-protocol VRF configuration to a multi-AF multiprotocol VRF configuration:
Router# show vrf vpn1Name Default RD Protocols Interfacesvpn1 1:1 ipv4 Lo1/0The following is sample output from the show ip vrf vp1 command. Compare this to the output of the show vrf vpn1 command. The protocols under the VRF are not displayed.
Router# show ip vrf vrf1Name Default RD Interfacevpn1 1:1 Loopback1The following is sample output from the show vrf command for multiprotocol VRFs, one of which contains both IPv4 and IPv6 protocols:
Router# show vrfName Default RD Protocols Interfacesvpn1 1:1 ipv4 Lo1/0vpn2 100:3 ipv4 Lo23 AT3/0/0.1vpn4 100:2 ipv4,ipv6Step 4 show vrf detail [vrf-name]
Use this command to display all characteristics of the defined VRF to verify that the configuration is as you expected. For example, if your VRF configuration for VRF vpn1 is as follows:
vrf definition vpn1route-target export 100:1route-target import 100:1route-target import 100:2!address-family ipv4exit-address-family!address-family ipv6route-target export 100:1route-target import 100:1route-target import 100:3exit-address-familyThis command would display the following:
Router# show vrf detail vpn1VRF vpn1 (VRF Id = 3); default RD <not set>; default VPNID <not set>No interfacesAddress family ipv4 (Table ID = 3 (0x3)):Connected addresses are not in global routing tableExport VPN route-target communitiesRT:100:1Import VPN route-target communitiesRT:100:1 RT:100:2No import route-mapNo export route-mapVRF label distribution protocol: not configuredVRF label allocation mode: per-prefixAddress family ipv6 (Table ID = 503316483 (0x1E000003)):Connected addresses are not in global routing tableExport VPN route-target communitiesRT:100:1Import VPN route-target communitiesRT:100:1 RT:100:3No import route-mapNo export route-mapVRF label distribution protocol: not configuredVRF label allocation mode: per-prefixStep 5 exit
Use this command to exit to user EXEC mode. For example:
Router# exitRouter>
Migrating from a Single-Protocol IPv4-Only VRF to a Multiprotocol VRF Configuration
Perform the following task to force migration from a single-protocol IPv4-only VRF to a multiprotocol VRF configuration.
The multiprotocol VRF configuration allows you to define multiple address families under the same VRF. A given VRF, identified by its name and a set of policies, can apply to both an IPv4 VPN and an IPv6 VPN at the same time. This VRF can be activated on a given interface, even though the routing and forwarding tables are different for the IPv4 and IPv6 protocols.
SUMMARY STEPS
1. enable
2. configure terminal
3. vrf upgrade-cli multi-af-mode {common-policies | non-common-policies} [vrf vrf-name]
4. exit
5. show running-config vrf vrf-name
DETAILED STEPS
Configuration Examples for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
The following examples show how to use the VRF CLI provided by the MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs feature to migrate from a single-protocol VRF to a multiprotocol VRF configuration:
•Configuring a VRF for IPv4 and IPv6 VPNs: Example
•Associating a Multiprotocol VRF with an Interface: Example
Configuring a VRF for IPv4 and IPv6 VPNs: Example
The following example shows how to configure a VRF for IPv4 and IPv6 VPNs:
configure terminal!vrf definition vrf1rd 100:1!address-family ipv4route-target both 100:2exit-address-family!address-family ipv6route-target import 100:3route-target export 100:3exit-address-familyendIn this example, noncommon policies are defined in the address-family configuration.
The following is an example of a VRF for IPv4 and IPv6 that has common policies defined in the global part of the VRF configuration:
configure terminal!vrf definition vrf2rd 200:1route-target import 200:2route-target export 200:2!address-family ipv4exit-address-family!address-family ipv6exit-address-familyendAssociating a Multiprotocol VRF with an Interface: Example
The following example shows how to associate a multiprotocol VRF with an interface:
configure terminal!interface Ethernet 0/1vrf forwarding vrf1ip address 10.24.24.24 255.255.255.255ipv6 address 2001:0DB8:0300:0201::/64endMigrating from a Single-Protocol IPv4-Only VRF Configuration to a Multiprotocol VRF Configuration: Example
This section contains examples that show how to migrate from a single-protocol IPv4-only VRF to a multiprotocol VRF configuration.
This example shows a single-protocol IPv4-only VRF before the Cisco IOS VRF CLI for IPv4 and IPv6 is entered on the router:
ip vrf vrf1rd 1:1route-target export 1:1route-target import 1:1interface Loopback1ip vrf forwarding V1ip address 10.3.3.3 255.255.255.255This example shows how to force the migration of the single-protocol VRF vrf1 to a multiprotocol VRF configuration:
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.!Router(config)# vrf upgrade-cli multi-af-mode common-policies vrf vrf1You are about to upgrade to the multi-AF VRF syntax commands. You will loose any IPv6 address configured on interfaces belonging to upgraded VRFs. Are you sure ? [yes]: yesNumber of VRFs upgraded: 1Router(config)# exitThis example shows the multiprotocol VRF configuration after the forced migration:
vrf definition vrf1rd 1:1route-target export 1:1route-target import 1:1!address-family ipv4exit-address-family!interface Loopback1vrf forwarding V1ip address 10.3.3.3 255.255.255.255The following is another example of a multi-AF multiprotocol VRF configuration:
vrf definition vrf2rd 100:1address family ipv6route-target 200:1 bothexit-address-family!ip vrf vrf1rd 200:1route-target 200:1 both!interface Ethernet0/0vrf forwarding vrf2ip address 10.50.1.2 255.255.255.0ipv6 address 2001:0DB8:0:1::/64!interface Ethernet0/1ip vrf forwarding vrf1ip address 10.60.1.2 255.255.255.0ipv6 address 2001:0DB8:1 :1::/64In this example, all addresses (IPv4 and IPv6) defined for interface Ethernet0/0 are in VRF vrf2. For the interface Ethernet0/1, the IPv4 address is defined in VRF vrf1 but the IPv6 address is in the global IPv6 routing table.
Additional References
The following sections provide references related to the MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs feature.
Related Documents
Related Topic Document TitleConfiguration tasks for MPLS VPNs
"Part 4: MPLS Virtual Private Networks," Cisco IOS Multiprotocol Label Switching Configuration Guide, Release 4
Commands for configuring MPLS and MPLS VPNs
Cisco IOS Multiprotocol Label Switching Command Reference, Release 12.2SR
Configuration tasks for MPLS
"Configuring Multiprotocol Label Switching" chapter in the Cisco IOS Multiprotocol Label Switching Configuration Guide, Release 4
Standards
Standard TitleNo new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
MIBs
RFCs
RFC TitleRFC 1771
A Border Gateway Protocol 4 (BGP-4)
RFC 4364
BGP MPLS/IP Virtual private Networks (VPNs)
Technical Assistance
Command Reference
This section documents only commands that are new or modified.
show vrf
To display the defined Virtual Private Network (VPN) routing and forwarding (VRF) instances, use the show vrf command in user EXEC or privileged EXEC mode.
show vrf [ipv4 | ipv6] [interface | brief | detail | id | select] [vrf-name]
Syntax Description
Command Default
If you do not specify any arguments or keywords, the command displays concise information about all configured VRFs.
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
Use the show vrf command to display information about specified VRF instances or all VRF instances. Specify no arguments or keywords to display information on all VRF instances.
Examples
The following is sample output from the show vrf command that displays brief information about all configured VRF instances:
Router# show vrfName Default RD Protocols InterfacesN1 100:0 ipv4,ipv6V1 1:1 ipv4 Lo1V2 2:2 ipv4,ipv6 Et0/1.1Et0/1.2Et0/1.3V3 3:3 ipv4 Lo3Et0/1.4Table 1 describes the significant fields shown in the display.
The following example displays output from the show vrf command with the detail keyword. The information shown is for a VRF named cisco1.
Router# show vrf detailVRF cisco1; default RD 100:1; default VPNID <not set>Interfaces:Ethernet0/0 Loopback10Address family ipv4 (Table ID = 0x1):Connected addresses are not in global routing tableExport VPN route-target communitiesRT:100:1Import VPN route-target communitiesRT:100:1No import route-mapNo export route-mapVRF label distribution protocol: not configuredAddress family ipv6 (Table ID = 0xE000001):Connected addresses are not in global routing tableExport VPN route-target communitiesRT:100:1Import VPN route-target communitiesRT:100:1No import route-mapNo export route-mapVRF label distribution protocol: not configuredTable 2 describes the significant fields shown in the display.
Related Commands
Command Descriptionvrf definition
Configures a VRF routing table instance and enters VRF configuration mode.
vrf forwarding
Associates a VRF instance with an interface or subinterface.
vrf definition
To configure a Virtual Private Network (VPN) routing and forwarding (VRF) routing table instance and enter VRF configuration mode, use the vrf definition command in global configuration mode. To remove a VRF routing table, use the no form of this command.
vrf definition vrf-name
no vrf definition vrf-name
Syntax Description
Command Default
No VRFs are defined.
No import or export lists are associated with a VRF.
No route maps are associated with a VRF.Command Modes
Global configuration
Command History
Usage Guidelines
Use the vrf definition command to give a VRF a name and to enter VRF configuration mode. Once the router is in VRF configuration mode, use the rd command to give the VRF a route distinguisher. The rd command creates the routing and forwarding tables and associates the route distinguisher (RD) with the VRF instance named in the vrf-name argument.
Users can configure shared route targets (import and export) between IPv4 and IPv6. This feature is useful in a migration scenario, where IPv4 policies already are configured and IPv6 policies should be the same as the IPv4 policies. You can configure separate route-target policies for IPv4 and IPv6 VPNs in address family configuration mode. Enter address family configuration mode from VRF configuration mode.
In VRF configuration mode, you can also associate a Simple Network Management Protocol (SNMP) context with the named VRF and configure or update a VPN ID.
Examples
The following example assigns the name vrf1 to a VRF, enters VRF configuration mode, and configures a route distinguisher, 100:20:
Router(config)# vrf definition vrf1Router(config-vrf)# rd 100:20Related Commands
vrf forwarding
To associate a Virtual Private Network (VPN) routing and forwarding (VRF) instance with an interface or subinterface, use the vrf forwarding command in interface configuration mode. To disassociate a VRF from an interface, use the no form of this command.
vrf forwarding vrf-name
no vrf forwarding vrf-name
Syntax Description
Command Default
The default for an interface is the global routing table.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use the vrf forwarding command to associate an interface with a VRF. When the interface is bound to a VRF, previously configured IPv4 and IPv6 addresses are removed, and they must be reconfigured.
Examples
The following example shows how to associate a VRF named site1 to serial interface 0/0 and configure an IPv6 and an IPv4 address:
interface Serial0/0vrf forwarding site1ipv6 address 2001:100:1:1000::72b/64ip address 10.11.11.1 255.255.255.0Related Commands
Command Descriptionvrf definition
Configures a VRF routing table instance and enters VRF configuration mode.
vrf upgrade-cli
To upgrade a Virtual Private Network (VPN) routing and forwarding (VRF) instance or all VRFs on the router to support multiple address families (multi-AFs) for the same VRF, use the vrf upgrade-cli command in global configuration mode.
vrf upgrade-cli multi-af-mode {common-policies | non-common-policies} [vrf vrf-name]
Syntax Description
Command Default
If you do not enter the name of a specific single-protocol VRF, all VRFs defined on the router are upgraded to the multi-AF VRF configuration.
Command Modes
Global configuration
Command History
Usage Guidelines
The vrf upgrade-cli command is used to upgrade a specified single-protocol VRF (IPv4-only VRF) configuration or all single-protocol VRF configurations on the router to a multiprotocol VRF that supports multi-AF configuration.
The upgrade is automatic and does not require any further configuration. After you enter the vrf upgrade-cli command, the single-protocol VRF configuration is lost when you save the configuration to NVRAM. A multiprotocol VRF configuration is saved.
If your configuration requires that all route-target policies (import, export, both) apply to all address families, you enter the vrf upgrade-cli multi-af-mode common-policies command. If your configuration requires that these policies apply to IPv4 VPNs only, enter the vrf upgrade-cli multi-af-mode non-common-policies command.
After the upgrade to a multiprotocol VRF is complete, you can edit the VRF only with multiprotocol VRF configuration commands.
Examples
The following example shows how to upgrade a single-protocol VRF configuration named vrf1 to a multi-AF VRF configuration and apply the common policies of vrf1 to all address families defined for the VRF:
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.!Router(config)# vrf upgrade-cli multi-af-mode common-policies vrf vrf1You are about to upgrade to the multi-AF VRF syntax commands. You will loose any IPv6 address configured on interfaces belonging to upgraded VRFs. Are you sure ? [yes]: yesNumber of VRFs upgraded: 1 Router(config)# exitThe following is an example of the single-protocol VRF configuration for VRF vrf1 before you enter the vrf upgrade-cli command to upgrade to a multi-AF multiprotocol VRF configuration:
!ip vrf vrf1rd 1:1route-target export 1:1route-target import 1:1interface Loopback1ip vrf forwarding vrf1ip address 10.3.3.3 255.255.255.255This is an example of the multi-AF multiprotocol VRF configuration for VRF vrf1 after you enter the vrf upgrade-cli command with the common-policies keyword:
!vrf definition vrf1rd 1:1route-target export 1:1route-target import 1:1!address-family ipv4exit-address-family!interface Loopback1vrf forwarding vrf1ip address 10.3.3.3 255.255.255.255Related Commands
Feature Information for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
Table 3 lists the release history for this feature.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 3 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
Table 3 Feature Information for MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
Feature Name Releases Feature InformationMPLS VPN—VRF CLI for IPv4 and IPv6 VPNs
12.2(33)SRB
This document describes how to configure a multiprotocol Virtual Private Network (VPN) routing and forwarding (VRF) instance for IPv4 and IPv6 VPNs and describes how to upgrade your existing single-protocol IPv4-only VRF to a multiprotocol VRF configuration.
The MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs feature introduces Cisco IOS command-line interface (CLI) commands that allow you to enable an IPv4 and IPv6 VPN in the same Multiprotocol Label Switching (MPLS) VRF instance and to simplify the migration from a single-protocol VRF configuration to a multiprotocol VRF configuration.
In 12.2(33)SRB, this feature was introduced on the Cisco 7600 router.
The following sections provide information about this feature:
•VRF Concepts Similar for IPv4 and IPv6 VPNs
•Single-Protocol VRF to Multiprotocol VRF Migration
•Multiprotocol VRF Configurations Characteristics and Examples
•Configuring a VRF for IPv4 and IPv6 VPNs
•Associating a Multiprotocol VRF with an Interface
•Verifying the MPLS VPN—VRF CLI for IPv4 and IPv6 VPNs Configuration
•Migrating from a Single-Protocol IPv4-Only VRF to a Multiprotocol VRF Configuration
The following commands were introduced or modified by this feature: vrf definition, vrf forwarding, vrf upgrade-cli, and show vrf.
Glossary
6PE—IPv6 provider edge router or a Multiprotocol Label Switching (MPLS) label switch router (LSR) edge router using IPv6.
6VPE—IPv6 Virtual Private Network (VPN) provider edge router.
AF—address family. Set of related communication protocols in which all members use a common addressing mechanism to identify endpoints. Also called protocol family.
AFI—Address Family Identifier. Carries the identity of the network-layer protocol that is associated with the network address.
BGP—Border Gateway Protocol. A routing protocol used between autonomous systems. It is the routing protocol that makes the internet work. BGP is a distance-vector routing protocol that carries connectivity information and an additional set of BGP attributes. These attributes allow for a rich set of policies for deciding the best route to use to reach a given destination. BGP is defined by RFC 1771.
CE—customer edge router. A service provider router that connects to Virtual Private Network (VPN) customer sites.
FIB—Forwarding Information Base. Database that stores information about switching of data packets. A FIB is based on information in the Routing Information Base (RIB). It is the optimal set of selected routes that are installed in the line cards for forwarding.
HA—high availability. High availability is defined as the continuous operation of systems. For a system to be available, all components—including application and database servers, storage devices, and the end-to-end network—need to provide continuous service.
IP—Internet Protocol. Network-layer protocol in the TCP/IP stack offering a connectionless internetwork service. IP provides features for addressing, type-of-service specification, fragmentation and reassembly, and security.
IPv4—IP Version 4. Network layer for the TCP/IP protocol suite. IPv4 is a connectionless, best-effort packet switching protocol.
IPv6—IP Version 6. Replacement for IPv4. IPv6 is a next-generation IP protocol. IPv6 is backward compatible with and designed to fix the shortcomings of IPv4, such as data security and maximum number of user addresses. IPv6 increases the address space from 32 to 128 bits, providing for an unlimited number of networks and systems. It also supports quality of service (QoS) parameters for real-time audio and video.
MFI—MPLS Forwarding Infrastructure. In the Cisco MPLS subsystem, the data structure for storing information about incoming and outgoing labels and associated equivalent packets suitable for labeling.
MPLS—Multiprotocol Label Switching. MPLS is a method for forwarding packets (frames) through a network. It enables routers at the edge of a network to apply labels to packets (frames). ATM switches or existing routers in the network core can switch packets according to the labels with minimal lookup overhead.
PE—provider edge router. A router that is part of a service provider's network and that is connected to a customer edge (CE) router. The PE router function is a combination of an MLS edge label switch router (LSR) function with some additional functions to support Virtual Private Networks (VPNs).
RD (IPv4)—route distinguisher. An 8-byte value that is concatenated with an IPv4 prefix to create a unique VPN IPv4 (VPNv4) prefix.
RD (IPv6)—route distinguisher. A 64-bit value that is prepended to an IPv6 prefix to create a globally unique VPN-IPv6 address.
RIB—Routing Information Base. The set of all available routes from which to choose the Forwarding Information Base (FIB). The RIB essentially contains all routes available for selection. It is the sum of all routes learned by dynamic routing protocols, all directly attached networks (that is. networks to which a given router has interfaces connected), and any additional configured routes, such as static routes.
RT—route target. Extended community attribute used to identify the Virtual Private Network (VPN) routing and forwarding (VRF) routing table into which a prefix is to be imported.
VPN—Virtual Private Network. Enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another. A VPN uses "tunneling" to encrypt all information at the IP level.
VRF—Virtual Private Network (VPN) routing and forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that defines a customer VPN site that is attached to a PE router.
VRF table—A routing and a forwarding table associated to a Virtual Private Network (VPN) routing and forwarding (VRF) instance. This is a customer-specific table, enabling the provider edge (PE) router to maintain independent routing states for each customer.
Note See Internetworking Terms and Acronyms for terms not included in this glossary.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
©2007 Cisco Systems, Inc. All rights reserved.