I have four sites I will connect through an MPLS network. All the sites are using ICX 7450 routers. They don't have any vrf configured, so all the interfaces and static routing is done into the default-vrf. I know I need at least a reboot in order to change the default values to give the space for the routing table in the new VRF. My question is: Is service disruptive the VRF configuration (besides the reboot)?
I will configured an OSPF instance for this VRF, and I think that if I don't assign any interface L3 to the OSPF or the VRF, it shouldn't cause any troubles. Is that right?
Here's the configuration I'm planning to do (this is one of the routers)
!Configure VRF-related system-max values (default FastIron configuration does not allow space for VRF routing tables)!
system-max ip-route-vrf reload
!Configure VRF instances
vrf new-vrf exit-vrf
!Configure a Route Distinguisher (RD) for new VRF instance
vrf new-vrf rd 1:91 ip router-id 172.25.131.6 exit-vrf
!Configure an IPv4 or IPv6 Address Family (AF) for new VRF instance
!Configure routing protocols for new Multi-VRF instance
router ospf vrf new-vrf area 0.0.0.0 log adjacency
!Assign VRF instances to Layer 3 interfaces !NOTE: When a VRF instance is assigned to an interface, all IP addresses are deleted, and will trigger cache deletion, route deletion and associated cleanup. You must re-configure the IP address and interface properties after assigning a VRF instance to the L3 interface.
interface loopback 2 vrf forwarding new-vrf ip address 172.25.131.6/32 end
Ultimately, everything looks good with regard to your configuration, but please confirm you have an "area 0" somewhere?
Presumably you have another network subnet used as your uplink network, and it is a physical interface(vs that loopback). Where is that? You cannot uplink this based on a loopback alone.
Note: The above is often a VRI (Virtual Routing Interface) such as interface ve xx. These are very common on multi-layer switches and generally serve as the layer-3 interfaces. (i.e. they get assigned an IP/mask).
I hadn't tested the configuration yet. I'm trying to set a lab with three ICX7450 in order to test something close to what I have in production (Of course I wont have the MPLS network, they will be directly connected)
In production I have 4 routers, none of them have VRF configured and routing is static for three of them. The fourth one have already an ospf instance with the firewall for internet routing. The new VRF will be used to communicate the internal subnets of four sites.
For the one with OSPF already running I have a area 0 but not for the others, is that a problem if I use the area 0 also in the new ospf instance?
I just put the loopback interface as example of configuration, of course I need to add this same configuration in the interface that will participate in the ospf.
I have one more question, if I have a subnet (SVI interface) which I need to configure to use default VRF to go to internet and vrf-new to access the other sites, can I include the interface in both vrf? is that possible?
I always had seen the configurations separated and I never saw an interface configured to participate in both VRF.
Thanks a lot for your comments and I will keep in mind your recommendation.
I would test the configuration and build it in snip-its in your lab. As for MPLS, it is probably more or less used by your WAN carrier as a transport or to prevent the need to run BGP within your core, but I am not certain of your environment. Is MPLS something your provider handles for you, so you get the traffic without any remaining MPLS labels or are you actually running it, LDP etc.?
I am not sure what you are trying to build that you do not have VRF entries but now you are making them "to communicate the internal subsets of the four sites." Please explain. Generally, VRF statements are used to abstract the routing tables keeping routing tables separate. They are particularly usefu to prevent overlapping subnets and between customers.
I cannot tell you how the areas should be laid out in your network. That is more a network architecture and design. Many networks use multiple areas that are ultimately connected back to Area 0, which serves as your backbone. The big difference in OSPF (vs say IS-IS) is that different interfaces on the same router (or routing process) can be in different areas. On OSPF, we call these Area Border Routers (ABRs). The most common reason to create different areas is to summarize between the areas or just for logical delineation of the network. Sure it keeps the LSAs down as well as making the Dijkstra's algorithm take less time to calculate shortest paths, but none of that matters much more than cosmetically on a small network. None the less, no reason it should pose a problem either.
Are they different computers going to your default or Internet VRF and your vrf-new for routing to the sites? Sorry if I do not understand your setup. Or are you using PBR to examine the packets and change the VRF dynamically? I am not saying anything is impossible, but a particular SVI (VRI on ICX) it is attached to a particular VRF instance in which its IP gets added as a directly-connected route. I am not saying you cannot have a route in that VRF with a next-hop to another routing table in another VRF even on the same device. If you wanted, you could even connect a network cable between interfaces within each VRF.
Referring to interfaces participating in multiple VRFs, not so much, but it is actually possible with "ip vrf receive" and Policy Based Routing:
Hello, we're not going to use the vrf. We had decided that we don't needed for now. So we're just configuring a dynamic routing OSPF between the four sites. I just tested in the lab (without the MPLS) so, it should work in production. I wanna thank you for your comments, they help me a lot.