Dialer Map VRF-Aware for an MPLS VPN
Feature History
|
|
12.2(8)T |
This feature was introduced. |
This document describes the Asynchronous Line Monitoring feature feature in Cisco IOS
Release 12.2(8)T and includes the following sections:
Feature Overview
The dialer software in Cisco IOS prior to Release 12.2(8)T had no way to dial two different destinations with the same IP address. More specifically, in networks where a network access server (NAS) supports dialing clients with overlapping addresses, dial-out attempts would fail. The Asynchronous Line Monitoring feature feature solves this problem.
A VRF—virtual routing and forwarding instance—is a per-Virtual Private Network (VPN) routing information repository that defines the VPN membership of a customer site attached to the NAS. A VRF consists of an IP routing table, a derived Cisco Express Forwarding (CEF) table, a set of interfaces that use the forwarding table, and a set of rules and routing protocol parameters that control the information that is included in the routing table. A separate set of routing and CEF tables is maintained for each VPN customer.
The Multiprotocol Label Switching (MPLS) distribution protocol is a high-performance packet forwarding technology that integrates the performance and traffic management capabilities of data link layer switching with the scalability, flexibility, and performance of network-layer routing.
The Cisco IOS dialer software is “VRF-aware for an MPLS VPN,” which means that it can distinguish between two destinations with the same IP address using information stored in the VRF. This capability is provided to the dialer software by two existing Cisco IOS commands, dialer map and ip route, which have been enhanced to include VRF information.
In previous Cisco IOS releases, the dialer software obtained the telephone number for dial-out based on the destination IP address configured in the dialer map command. Now, the enhanced dialer map command supplies the name of the VRF so that the telephone number to be dialed is based on the VRF name and the destination IP address. The VRF is identified based on the incoming interface of the packet, and is used with the destination IP address defined in the dialer map command to determine the telephone number to be dialed.
The ip route configuration command also includes the VRF information. When a packet arrives in an incoming interface that belongs to a particular VRF, only those ip route commands that correspond to that particular VRF are used to determine the destination interface.
Benefits
The Asynchronous Line Monitoring feature feature allows the dialer software to dial out in an MPLS-based VPN. The MPLS VPN model simplifies network routing. For example, rather than needing to manage routing over a complex virtual network backbone composed of many virtual circuits, an MPLS VPN user can employ the backbone of the service provider as the default route in communicating with all other VPN sites.
This default route capability allows several sites to transparently interconnect through the service provider network. One service provider network can support several different IP VPNs, each of which appears to its users as a separate, private network. Within a VPN, each site can send IP packets to any other site in the same VPN, because each VPN is associated with one or more VRFs. The VRF is a key element in the VPN technology, because it maintains the routing information that defines a customer VPN site.
For additional benefits and information about MPLS, VPNs, and VRF, refer to the documents listed in the “Related Documents” section.
Related Documents
Additional information about configuring networks that can take advantage of the Asynchronous Line Monitoring feature feature can be found in the following Cisco IOS documentation:
Prerequisites
Before beginning the tasks described in this document, you need to understand how to configure the following network features:
- Virtual profiles with two-way AAA authentication
- MPLS VPNs
Refer to the documents listed in the “Related Documents” section for information about configuring these features.
Configuration Tasks
See the following sections for the configuration tasks for this feature. Each task in the list is identified as either required or optional.
Configuring Asynchronous Line Monitoring feature
To map a VRF and next hop address combination to a dial string and thereby allow the dialer software to be VRF-aware for an MPLS VPN, use the following commands beginning in global configuration mode.
|
|
|
Step 1 |
Router(config)# interface dialer number |
Enters configuration mode and begins dialer configuration. |
Step 2 |
Router(config-if)# dialer map ip protocol-next-hop-address vrf vrf-name name host-name dial-string |
Maps a VRF and next hop address combination to a dial string (telephone number). |
Step 3 |
Router(config-if)# exit |
Exit to global configuration mode. |
Step 4 |
Router(config)# ip route vrf vrf-name ip-address mask interface-type interface-number |
Configures a VRF and next hop address combination that points to the interface where the dialer software should make the connection. |
These commands are only part of the required configuration and show how to map a VRF and next hop address combination to a dial string. Refer to the documents listed in the section “Related Documents” and the example in the “Configuration Example” section, for details on where to include these commands in the network configuration.
Verifying Asynchronous Line Monitoring feature
The verification process described in this section is based on the following configuration:
dialer map ip 10.0.0.1 vrf blue name peer1 peer1_number
ip route vrf blue 10.0.0.1 255.255.255.255 Dialer0
To verify correct operation of the Asynchronous Line Monitoring feature feature, on the customer edge NAS, use the ping command in EXEC mode to place a call to peer. The expected result is that the NAS successfully dials out to peer1. If the call fails, use the show adjacency EXEC command to check CEF adjacency table information.
Troubleshooting Tips
If you encounter problems with the Asynchronous Line Monitoring feature feature, use the following debug privileged EXEC commands on the NAS to help you determine where the problem lies:
- debug ppp authentication
- debug ppp negotiation
- debug aaa authentication
- debug aaa authorization
- debug radius
- debug dialer
Monitoring and Maintaining Asynchronous Line Monitoring feature
To monitor and maintain the Asynchronous Line Monitoring feature feature, use the following EXEC commands:
|
|
Router# show adjacency |
Displays CEF adjacency table information. |
Router# show ip route |
Displays all static IP routes, or those installed using the AAA route download function. |
Router# show users |
Displays information about the active lines on the router. |
Configuration Example
This section provides a configuration example of the Asynchronous Line Monitoring feature feature on the simple network topology shown in Figure 1.
Figure 1 CE-to-PE-to-Peer MPLS VPN Topology
Note The network addresses and telephone numbers used in the following configuration are examples only and will not work if tried in an actual network configuration.
Customer Edge (CE) Router
enable secret 5 !1!35Fg$Ep4.D8JGpg7rKxQa49BF9/
interface FastEthernet0/0
interface FastEthernet0/1
ip address 10.0.58.11 255.255.255.0
ip address 50.0.0.2 255.0.0.0
interface FastEthernet4/0
ip route 0.0.0.0 0.0.0.0 10.0.58.1
ip route 60.0.0.0 255.0.0.0 50.0.0.1
banner motd ^C AV-8B OAKTREE^C
Provider’s Edge (PE) Router
aaa authentication login con-log none
aaa authentication ppp default group radius
aaa authorization network default group radius
enable secret 5 $1$7KlA$xpC8l4dJCZogbzZvGUtFl/
username rubbertree02 password 0 Hello
isdn switch-type primary-5ess
ip address 70.0.0.1 255.0.0.0
interface FastEthernet1/0
ip address 10.0.58.3 255.255.255.0
ip address 50.0.0.1 255.0.0.0
description phone# 555-3123
isdn switch-type primary-5ess
dialer map ip 60.0.0.12 vrf yellow name rubbertree02 5552171
dialer map ip 60.0.0.2 5552172
ip route 0.0.0.0 0.0.0.0 10.0.58.1
ip route 60.0.0.2 255.255.255.255 Dialer0
ip route vrf yellow 60.0.0.0 255.0.0.0 Dialer0 permanent
ip director cache time 60
dialer-list 1 protocol ip permit
radius-server host 172.19.192.89 auth-port 1645 acct-port 1646 key rad123
radius-server retransmit 3
no mgcp timer receive-rtcp
banner motd ^C F/A-18 PINETREE ^C
login authentication con-log
Peer Router
logging buffered 32000 debugging
enable secret 5 $1$RCKC$scgtdlaDzjSyUVAi7KK5Q.
username pinetree02 password 0 Hello
isdn switch-type basic-5ess
ip address 10.0.58.9 255.255.255.0
description phone# 555-2171
ip address 60.0.0.12 255.0.0.0
dialer map ip 60.0.0.11 5553123
dialer map ip 60.0.0.2 5552172
isdn switch-type basic-5ess
isdn fast-rollover-delay 45
ip default-gateway 10.0.58.1
ip route 0.0.0.0 0.0.0.0 10.0.58.1
ip route 50.0.0.0 255.0.0.0 70.0.0.1
dialer-list 1 protocol ip permit
banner motd ^C F-4B RUBBERTREE^C
AAA Server User File
[aaa-serv]/usr/testing/bin>./radiusd_1.16 -d. -a. -x
greentree-16 Password = "Hello", Expiration = "Dec 31 2005"
Service-Type = Framed-User,
cisco-avpair = "lcp:interface-config=ip vrf forwarding yellow \nip
Command Reference
The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS Dial Technologies Command Reference at http://www.cisco.com/en/US/docs/ios/dial/command/reference/dia_book.html . For information about all Cisco IOS commands, go to the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or to the Cisco IOS Master Commands List
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2007–2009 Cisco Systems, Inc. All rights reserved.