VPN Routing and Forwarding

MPLS VPN: VRF Selection Based on Source IP
Address
The VPN Routing and Forwarding (VRF) Selection feature allows a specified interface on a provider
edge (PE) router to route packets to different Virtual Private Networks (VPNs) based on the source IP
address of the packet. This feature is an improvement over using a policy-based router to route packets
to different VPNs.
Feature History for MPLS VPN: VRF Selection Based on Source IP Address
Release Modification
12.0(22)S This feature was introduced on the Cisco 12000 series router
12.0(23)S This feature was updated to support the following line cards:
• 1-port 10-Gigabit Ethernet (E4+)
• 3-port Gigabit Ethernet
• Modular Gigabit Ethernet (E4+)
12.0(24)S Support for the Cisco 12000 series router engine 3 was added.
12.2(14)SZ This feature was integrated into Cisco IOS Release 12.2(14)SZ to support
the Cisco 7304 router.
12.2(18)S This feature was integrated into Cisco IOS Release 12.2(18)S to support
the Cisco 7200 and 7500 series routers.
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image
support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on
Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at
the login dialog box and follow the instructions that appear.
Cisco IOS Releases 12.0(22)S, 12.0(23)S, 12.0(24)S, 12.2(14)SZ, 12.2(18)S, 12.0(26)S, 12.2(25)S
1
MPLS VPN: VRF Selection Based on Source IP Address
Contents
Contents
This document includes the following sections:
• Prerequisites for MPLS VPN: VRF Selection Based on Source IP Address, page 2
• Restrictions for MPLS VPN: VRF Selection Based on Source IP Address, page 3
• Information About MPLS VPN: VRF Selection Based on Source IP Address, page 3
• How to Configure VRF Selection Based on Source IP Address, page 8
• Configuration Examples for VRF Selection Based on Source IP Address, page 12
• Additional References, page 15
• Command Reference, page 16
Prerequisites for MPLS VPN: VRF Selection Based on Source IP

Address
• MPLS VPNs must be enabled in the provider network.
• For the Cisco 12000 Internet router series, the router must contain one of the following line cards:
Engine 0:
• 1-port OC-12 POS
• 4-port OC-3 POS
• 6- and 12- port DS3
Engine 2:
• 8- and 16-port OC-3 POS
• 3-port Gigabit Ethernet
Engine 3:
• 4-port OC-12c/STM-4c POS ISE
• 4-port CHOC-12 ISE
• 1-port OC-48c POS ISE
• 1-port CHOC-48 ISE
• 4-, 8-, and 16-port OC3c POS ISE
Engine 4:
• OC-192 E4+ POS
• 1-port 10-Gigabit Ethernet (E4+)
• Modular Gigabit Ethernet (E4+)
2
Restrictions for MPLS VPN: VRF Selection Based on Source IP Address
Restrictions for MPLS VPN: VRF Selection Based on Source IP

Address
• The Cisco IOS software must support MPLS VPNs, and the provider network must have MPLS
Label Distribution Protocol (LDP) installed and running.
• The VRF Selection feature is a unidirectional feature and can only be used from an customer
(IP-based) network into a Provider (MPLS-based) network and cannot be used from a provider
network to a customer network.
• Subnet masks should be kept as short as possible for the VRF Selection criteria for Engine 2 line
cards. VRF Selection performance can degrade with longer subnet masks (/24 or /32, for example).
• Cisco Express Forwarding (CEF) must be enabled on any interfaces that have the VRF Selection
feature enabled. Distributed CEF is enabled by default on Cisco 12000 series Internet routers.
• An IP traceroute command from an MPLS VPN VRF Selection CE router to a typical MPLS VPN
VRF CE router works as expected. However, an IP traceroute command from a typical MPLS VPN
VRF CE router to an MPLS VPN VRF Selection CE router may fail to show all the relevant hop
information across the core.
Information About MPLS VPN: VRF Selection Based on Source

IP Address
The VRF Selection feature allows packets arriving on an interface to be switched into the appropriate
VRF table based upon the source IP address of the packets. Once the packets have been “selected” into
the correct VRF routing table, they are processed normally based upon the destination address and
forwarded through the rest of the Multiprotocol Label Switching (MPLS) VPN.
In most cases, the VRF Selection feature is a “one way” feature; it works on packets coming from the
end users to the PE router.
VRF Selection Process

The VRF Selection feature uses the following process to route packets from the customer networks to
the PE router and into the provider network.
A two-table lookup mechanism is used at the ingress interface of the PE router to determine the routing
and forwarding of packets coming from the customer networks, which use IP protocols, to the MPLS
VPN networks, which use MPLS protocols.
• The first table, the VRF Selection table, is used to compare the source IP address of the packet with
a list of IP addresses in the table. Each IP address in the table is associated with an MPLS VPN. If
a match is found between the source IP address of the packet and an IP address in the VRF Selection
table, the packet is routed to the second table (the VRF table) or the routing table for the appropriate
VPN.
If no match is found in the table for the source IP address of the packet, the packet will either be
routed via the global routing table used by the PE router (this is the default behavior), or will be
dropped. See the “Configuring a VRF to Eliminate Unnecessary Packet Forwarding: Example”
section on page 14 for more information.
3
Information About MPLS VPN: VRF Selection Based on Source IP Address
• The second table, the VRF table (also known as the VPN routing table), contains the virtual routing
and forwarding information for the specified VPN and is used to forward the selected VPN traffic
to the correct MPLS label switched path (LSP) based upon the destination IP address of the packet.
The VRF Selection process removes the association between the VPN and the interface and allows more
than one MPLS VPN to be associated with the interface.
VRF Selection Examples

An example of the VRF Selection feature would be a network carrier that allows subscribers to the
carrier to choose from multiple Internet service providers (ISPs) for Internet access. Figure 1 provides
an example of the VRF Selection feature with an IP-based Host network, an MPLS VPN network, and
three ISPs connected to the MPLS VPN network.
4
Figure 1 VRF Selection Implementation Example
Internet
vpnv4
ISP 1 or VPN1
PE1-VRF 1.1.0.0/16
selector Carrier X
MPLS-VPN CE1
network
PE
ISP 2 or VPN2
vpnv4 2.2.0.0/16
P
POS1/0
CE2
PE2-VRF
selector
ISP 3 or VPN3
3.3.0.0/16
IP only 1
Carrier X "POOL" CE3
(IP only) network IP only
2
72793
Host A Host B Host C
1.1.1.1 2.2.2.2 3.3.3.3
Pool of cable modem
subscribers
1 PE2 is acting both as a VRF selector and a 2 ISPs 1 to 3 provide a list of IP addresses to
typical MPLS VPN PE router to CE2 and Carrier X so that each host in the “POOL”
CE3. network can be properly addressed. This host
addressing would most likely be done by
using the DHCP or DNS services of Carrier X.
In Figure 1, Carrier X represents the network carrier; Host A, Host B and Host C represent the carrier
subscribers; and ISP 1, ISP 2 and ISP 3 represent the ISPs.
Figure 1 illustrates a packet traveling from Host A to ISP 1. The dashed line represents the travel of the
packet.
Host A chooses ISP 1 to use as its ISP. Carrier X will provide an IP address to Host A that falls within
the range of the ISP 1 registered network addresses (1.1.0.0/16). Based upon this IP address allocation,
the VRF Selection criteria is set.
5
The POOL network, by using default routes, forwards traffic from the Carrier X IP-based (POOL)
network to the Carrier X MPLS-based VPN network. The MPLS VPN network forwards (shunts) the
traffic from Host A into the correct VPN, which is VPN 1 (ISP 1), by using the VRF Selection-enabled
router PE2.
To enable the VRF Selection feature on the routers PE1 and PE2, enter the following commands:
Router(config)# vrf selection source 1.1.0.0 255.255.0.0 vrf vpn1
Router(config)# interface POS1/0
Router(config-if)# description Link to CE POS1/0
Router(config-if)# ip vrf select source
For more information on the commands used to configure the VRF Selection feature, see the “Command
Reference” section on page 16.
The VRF Selection feature is a one-way (unidirectional) feature in most implementations; it only works
on packets coming from the customer networks to a PE router. See the “VRF Selection is a
Unidirectional Feature” section on page 6 for more information.
Traffic coming from the ISPs to the hosts (in the example, traffic traveling from the ISPs on the right to
the hosts on the left) is not affected by the VRF Selection feature and does not have to be returned via
an MPLS path. This traffic can return via the shortest available IP path.
Another example of VRF Selection in use would be a Cable Modem Termination System (CMTS). If the
owner of the CMTS wants to allow cable modem subscribers to choose their ISP from a group of ISPs,
the VRF Selection feature provides a fast and scalable solution.
VRF Selection is a Unidirectional Feature

In Figure 1, the end users are typical Internet home users. If the VRF Selection feature was a two-way
(bidirectional) feature, traffic coming from the ISPs to the hosts would be required to use only the PE
routers that have VRF Selection enabled, which might cause performance issues.
When traffic from the POOL network goes through the Carrier network to the ISP networks for Internet
access, the traffic in the Carrier network must be forwarded using MPLS VPN paths, because the VRF
Selection-enabled router has “selected” the traffic into the correct MPLS VPN.
Traffic from the ISP networks to the POOL network does not have to use MPLS VPN paths in the Carrier
network and can use any path that is most efficient to return to the POOL network. This traffic can use
a path that uses either MPLS or IP for routing and forwarding and does not have to travel via an MPLS
VPN.
Traffic from the ISP networks to the POOL networks can be forwarded using the global routing table
used by every interface. One way to accomplish this is to enter VRF static routes on the PE router
interfaces connected to the ISPs. The VRF static routes would route traffic from the ISPs to the Carrier
network. See “Establishing IP Static Routes for a VRF Instance” section on page 9 for information on
placing a default VRF static route onto an interface.
Establishing static VRF routes allows traffic from the ISPs to enter the Carrier network as traffic that can
only be routed by using the global routing table toward the POOL network.
If the ISPs are not providing global host address space, or the VRF feature is not being used to route
Internet traffic, the PE interfaces connected to the ISPs must be placed into a VRF. If the PE interfaces
are using VRFs for routing traffic from the ISPs, all traffic from the ISPs to the hosts through the Carrier
network would be forwarded using MPLS VPN paths, and performance would not be as optimal as if IP
forwarding was used.
6
Normal IP-based VPN operations, such as populating the Routing Information Base (RIB) and
Forwarding Information Base (FIB) from a routing protocol such as Border Gateway Protocol (BGP),
are used to route and forward packets within the various VPNs in the customer networks. The provider
network uses MPLS-based routing protocols to perform VPN routing and forwarding inside the provider
network.
See the “Configuring VRF Selection” section on page 9 for a sample configuration of the VRF Selection
feature.
Conditions Under Which VRF Selection becomes Bidirectional

Forwarding of traffic from the Carrier network to the POOL network by using the global routing table is
only possible if the ISPs have provided registered IP address space for all of the subscribed users within
the POOL network from the global routing table.
If the POOL network uses IP addresses that are not globally routeable and are designed for a
non-connected enterprise (defined by RFC1918), the VRF Selection feature becomes bidirectional. All
traffic being sent and received by the host would have to travel via a router that has the VRF Selection
feature enabled. The POOL network cannot be addressed with overlapping address space, regardless of
the type of address space being used.
Advantages of VRF Selection over Per-Interface IP VPN Configuration

The VRF Selection feature removes the association between a VPN and an interface. Before the VRF
Selection feature was introduced, the following implementation was used to route outgoing MPLS VPN
packets to different destinations:
• A policy-based router (PBR) is attached to the customer edge (CE) router.
• The egress side of the PBR router side has VLANs connected to a PE.
• The PBR router uses a policy-based route map to select the correct output (VLAN) interface and
each VLAN is under a specific VRF. Figure 2 illustrates a sample configuration of using a PBR
router for routing MPLS packets to different destinations.
Figure 2 Implementation of Multiple VPNs before VRF Selection
MPLS Network
Host A MPLS VPN ISP1
VLAN
CE1
Host B
CE PBR PE P PE
Host C Router ISP2
CE2
ISP3
72516
CE3
7
How to Configure VRF Selection Based on Source IP Address
The following limitations apply to PBR-based solutions that use this implementation:
• Policy routing and MPLS VPN functions cannot be performed on the same platform. Integration into
a single platform is critical for manageability and support.
• VRF is limited to one VPN per interface, which limits scalability.
• There is no network redundancy.
• The PBR is the only point of connection for all the networks attached to the PBR. The capacity and
the performance capabilities of the PBR router are critical.
• There is no diversity in the connectivity to the networks.
• Every network is required to connect to every PBR. If every network is not connected to every PBR,
packets from the end user to the PBR would be dropped because the PBR would have no way of
switching the IP traffic properly.
• Adding multiple PBRs that are interconnected introduces more network policy-routed hops.
The VRF Selection feature addresses the limitations of and problems with using a PBR for packet
routing and forwarding.
Benefits of VRF Selection Based on Source IP Address

The following are benefits to using the VRF Selection method of VPN routing and forwarding.
Association of VPN to interface is removed

The VRF Selection feature removes the association between a VPN and an interface, thus allowing
packets from the Host network to the provider network to have more than one VPN available per
interface.
Access to every customer network is possible from every PE router in the provider network
Access points to each network can be established at any MPLS PE router, and can be made redundant
by connections to multiple PE routers (for example, the CE2 router in Figure 1 on page 5).
Multiple points in the provider network can be used for VPN routing and forwarding
MPLS VPNs, like IP, are connectionless. Any PE router, whether VRF Selection-enabled or not, is
capable of carrying VRF Selection traffic from the MPLS network out to the CE routers.

This section contains the following procedures:
• Configuring VRF Selection (required)
• Establishing IP Static Routes for a VRF Instance (optional)
• Verifying VRF Selection (optional)
8
Configuring VRF Selection

To add a source IP address to a VRF Selection table, use the following commands beginning in global
configuration mode.
SUMMARY STEPS
1. enable
2. configure terminal
3. vrf selection source source-IP-address source-IP-mask vrf vrf_name
4. ip vrf select source
5. ip vrf receive vrf_name
DETAILED STEPS
Command Purpose
Step 1 enable Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Router> enable
Step 2 configure terminal Enters global configuration mode.
Example:
Router# configure terminal
Step 3 vrf selection source source-IP-address Populates a single source IP address, or range of source IP
source-IP-mask vrf vrf_name addresses, to a VRF Selection table.
Example:
Router(config)# vrf selection source
2.0.0.0 255.255.0.0 vrf test
Step 4 ip vrf select source Enables the VRF Selection feature on an interface.
Example:
Step 5 ip vrf receive vrf_name Adds all the IP addresses that are associated with an interface into
a VRF table.
Example:
Router(config-if)# ip vrf receive red
Establishing IP Static Routes for a VRF Instance

Traffic coming from the ISPs to the hosts does not require the use of the MPLS VPN paths; this traffic
can use the shortest IP route back to the host.
9
VPN static routes for traffic returning to the customer networks are only necessary if VPN traffic
returning to the customer networks is being forwarded back from the VRF Selection interface. The
remote PE router could also be configured to route return traffic to the customer networks directly by
using the global routing table.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip route vrf vrf_name prefix mask [next-hop-address] [interface {interface-number}] [global]
[distance] [permanent] [tag tag]
DETAILED STEPS
Command Purpose
Step 1 enable Enables privileged EXEC mode.
• Enter your password if prompted.
Example:
Router> enable
Step 2 configure terminal Enters global configuration mode.
Example:
Router# configure terminal
Step 3 ip route vrf vrf_name prefix mask Establishes static routes for a VRF.
[next-hop-address] [interface
{interface-number}] [global] [distance]
[permanent] [tag tag]
Example:
Router(config-if)# ip route vrf vpn1
16.15.0.0 255.255.0.0 POS1/0
10
Verifying VRF Selection

Enter the show ip route vrf command in EXEC mode to display the IP routing table associated with a
VRF instance. This example shows the IP routing table associated with the VRF vrf1:
Router# show ip route vrf vpn1
Routing Table: vpn1
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
Gateway of last resort is not set
B 33.0.0.0/8 [200/0] via 10.10.10.10, 00:00:37
5.0.0.0/16 is subnetted, 1 subnets
B 5.19.0.0 [200/0] via 10.10.10.10, 00:00:37
B 14.14.14.14 [200/0] via 10.10.10.10, 00:00:37
S 15.15.15.15 [1/0] via 34.0.0.1, POS1/1
Troubleshooting Tips
• Enter the debug vrf select command to enable debugging for the VRF Selection feature.
Note The debug vrf select command can cause many messages to be logged when you change the
configuration and when switching occurs.
• The following error messages appear if problems occur while configuring the VRF Selection
feature:
– If you attempt to configure a nonexisting VRF Selection table:
Router(config)#vrf selection source 2.0.0.0 255.255.0.0 vrf VRF_NOEXIST
VRF Selection: VRF table VRF_NOEXIST does not exist.
– If you attempt to remove a VRF Selection entry that does not exist:
Router(config)#no vrf selection source 2.0.0.0 255.255.0.0 vrf VRF1
VRF Selection: Can't find the node to remove.
– If you attempt to configure a duplicate IP address and subnet mask for a VRF Selection entry:
Router(config)#vrf selection source 2.0.0.0 255.0.0.0 vrf VRF_AOL
Router(config)#vrf selection source 2.0.0.0 255.0.0.0 vrf VRF_AOL
VRF Selection: duplicate address and mask configured.
– If an inconsistent IP address and mask are used for a VRF Selection entry:
Router(config)#vrf selection source 170.1.2.1 255.255.255.0 vrf red
% Inconsistent address and mask
Router(config)#vrf selection source 170.1.2.1 255.255.255.255 vrf red
11
Configuration Examples for VRF Selection Based on Source IP Address
– If you attempt to configure a VRF instance on an interface that has VRF Selection already
configured:
Router(config-if)#ip vrf select source
Router(config-if)#ip vrf forward red
% Can not configure VRF if VRF Select is already configured
To enable VRF, first remove VRF Select from the interface
– If you attempt to configure a VRF Selection entry on an interface that has VRF already
configured:
Router(config-if)#ip vrf forward red
Router(config-if)#ip vrf select source
% Can not configure VRF Select if interface is under a non-global VRF
To enable VRF Select, first remove VRF from the interface
Configuration Examples for VRF Selection Based on Source IP

Address
This section provides the following configuration examples:
• Enabling MPLS VPNs: Example
• Creating a VRF Routing Table: Example
• Defining VRF Selection Entries: Example
• Defining IP Static Routes for a VRF: Example
• Configuring an Interface for VRF Selection: Example
• Configuring a BGP Router for VRF Selection: Example
• Configuring a VRF to Eliminate Unnecessary Packet Forwarding: Example
• Command Reference
Enabling MPLS VPNs: Example

The following example enables the router to accept MPLS VPNs:
Router(config)# mpls label protocol ldp
Router(config)# interface loopback0
Router(config-if)# ip address 13.13.13.13 255.255.255.255
Router(config-if)# no ip directed-broadcast
Creating a VRF Routing Table: Example

The following example creates two VRF Selection tables (vpn1 and vpn2):
Router(config)# ip vrf vpn1
Router(config-vrf)# rd 1000:1
Router(config-vrf)# route-target export 1000:1
Router(config-vrf)# route-target import 1000:1
12
Router(config-vrf)# exit
Router(config)# ip vrf vpn2
Defining VRF Selection Entries: Example

The following example defines two entries (vpn1 and vpn2) in the VRF Selection table. In this example,
packets with the source address of 16.16.0.0 will be routed to the VRF vpn1, and packets with the source
address of 17.17.0.0 will be routed to the VRF vpn2:
Defining IP Static Routes for a VRF: Example

The following example creates IP static routes for two VRFs (vpn1 and vpn2) for the POS1/0 interface:
Router(config)# ip route vrf vpn1 16.16.0.0 255.255.0.0 POS1/0
Router(config)# ip route vrf vpn2 17.17.0.0 255.255.0.0 POS1/0
Configuring an Interface for VRF Selection: Example

The following example configures the POS1/0 interface for the VRF Selection feature and adds the
configured IP address (31.0.0.1) to the VRFs vpn1 and vpn2 as connected routes.
Router(config)# interface POS1/0
Router(config-if)# description Link to CE1 POS1/0 (eng2)
Router(config-if)# ip vrf receive vpn1
Router(config-if)# ip address 31.0.0.1 255.0.0.0
Router(config-if)# no ip directed-broadcast
Router(config-if)# load-interval 30
Router(config-if)# crc 32
Router(config-if)# end
Configuring a BGP Router for VRF Selection: Example

A router that is VRF Selection-enabled requires an MPLS VPN BGP configuration. The following
example configures a router that is using BGP for the VRF Selection feature:
Router(config)# router bgp 1000
Router(config-router)# no bgp default ipv4-unicast
Router(config-router)# bgp log-neighbor-changes
Router(config-router)# timers bgp 10 30
Router(config-router)# neighbor 11.11.11.11 remote-as 1000
13
Router(config-router)# neighbor 11.11.11.11 update-source Loopback0

Router(config-router)# no auto-summary
Router(config-router)# address-family vpnv4

Router(config-router-af)# neighbor 11.11.11.11 activate
Router(config-router-af)# neighbor 11.11.11.11 send-community extended
Router(config-router-af)# exit-address-family
Router(config-router)# address-family ipv4 vrf vpn2

Router(config-router-af)# redistribute static
Router(config-router-af)# no auto-summary
Router(config-router-af)# no synchronization
Router(config-router)# address-family ipv4 vrf vpn1

Router(config-router-af)# redistribute static
Router(config-router-af)# no auto-summary
Router(config-router-af)# no synchronization
Configuring a VRF to Eliminate Unnecessary Packet Forwarding: Example

If a packet arrives at an interface that has VRF Select enabled, and its source IP address does not match
any VRF Select definition, that packet will be forwarded via the global routing table. This default
behavior could cause problems if IP address spoofing is being implemented. Unnecessary traffic could
be forwarded via the global routing table. To eliminate this unnecessary routing of packets, create a VRF
Selection definition that will forward all unknown incoming traffic to a null interface.
The following configuration causes all traffic not matching a more specific VRF Selection definition to
be routed to the Null0 interface, thus dropping the packets.
Router(config)# ip vrf VRF_DROP
Router(config-vrf)# route-target import 999:99
Router(config-vrf)# exit
Router(config)# vrf selection source 0.0.0.0 0.0.0.0 vrf VRF_DROP
Router(config)# ip route vrf VRF_DROP 0.0.0.0 0.0.0.0 Null0
14
Additional References
Additional References
The following sections provide references related to <<Feature>>.
Related Documents
Related Topic Document Title
MPLS VPNs MPLS Virtual Private Networks
Standards
Standards Title
None —
MIBs
MIBs MIBs Link
• None To locate and download MIBs for selected platforms, Cisco IOS
releases, and feature sets, use Cisco MIB Locator found at the
following URL:
http://www.cisco.com/go/mibs
RFCs
RFCs Title
None —
15
Command Reference
Technical Assistance
Description Link
Technical Assistance Center (TAC) home page, http://www.cisco.com/public/support/tac/home.shtml
containing 30,000 pages of searchable technical
content, including links to products, technologies,
solutions, technical tips, and tools. Registered
Cisco.com users can log in from this page to access
even more content.
Command Reference
This section provides new commands. All other commands used with the VRF Selection feature are
documented in the Cisco IOS Release 12.2 command reference publications.
New Commands
• ip vrf receive
• ip vrf select source
• vrf selection source
16
ip vrf receive
ip vrf receive
To add all the IP addresses that are associated with an interface into a VRF table, use the ip vrf receive
command in interface configuration mode. To remove the IP addresses from the VRF table, use the no
form of this command.
ip vrf receive vrf_name
no ip vrf receive vrf_name
Syntax Description vrf_name Name of the VRF table to which the IP addresses of the interface will be
added.
Defaults No default behavior or values.
Command Modes Interface configuration
Command History Release Modification

12.0(22)S This command was introduced.
12.0(23)S This command was integrated into Cisco IOS Release 12.0(23)S.
12.2(14)SZ This command was integrated into Cisco IOS Release 12.2(14)SZ to
support the Cisco 7304 router.
12.2(18)S This command was integrated into Cisco IOS Release 12.2(18)S to support
Usage Guidelines This command adds all the IP addresses that are associated with an interface into a VRF table. These IP
address entries will then be inserted as a connected route and will appear as “receive” entries in the CEF
table.
Interfaces where the VRF Selection feature is enabled will forward packets that have an IP address that
corresponds to an IP address entry in the VRF table. If the VRF table does not contain a matching IP
address, the packet will, by default, be dropped because there is no corresponding “receive” entry in the
VRF CEF entry.
The ip vrf receive command allows the IP addresses that are associated with an interface to be inserted
as a connected route into a particular VRF. Once the IP addresses are inserted as a connected route, the
interface is allowed to respond to requests (such as a ping request) directed to it from a VPN.
This command can be entered once on an interface to add IP addresses to one VRF table, or can be
entered multiple times to add the IP addresses to more than one VRF table.
17
ip vrf receive
The IP address does not have to be specified in this command; the IP address and any secondary
addresses associated with the interface will be automatically entered into the VRF table.
Examples The following example shows how to add the IP addresses associated with the interface into the VRF
table vpn1:
Related Commands Command Description

ip vrf select source Enables VRF Selection on an interface.
vrf selection source Populates a single source IP address, or range of source IP addresses, to a
VRF Selection table.
18
ip vrf select source

To enable the VRF Selection feature on a particular interface or sub-interface, use the ip vrf select
source command in interface configuration mode. To disable the VRF Selection feature on a particular
interface or sub-interface, use the no form of this command.
no ip vrf select source
Syntax Description This command has no arguments or keywords.
Command Modes Interface configuration

Usage Guidelines The ip vrf select source and ip vrf forwarding commands are mutually exclusive. If the VRF Selection
feature is configured on an interface, you cannot configure VRFs (using the ip vrf forwarding
command) on the same interface.
Examples The following example shows how to enable the VRF Selection feature on an interface:
The following example shows the message you receive after you have deleted the VRF Selection feature
on an interface:
Enter configuration commands, one per line. End with CNTL/Z.
Router (config)# int pos4/0
Router (config-if)# no ip vrf select source
19
Router (config-if)#
INTERFACE_VRF_SELECT unset for POS4/0, slot: 4
Router (config-if)#
The following example shows the message you receive after you have enabled the VRF Selection feature
on an interface:
Router (config-if)#
Router (config-if)# ip vrf select source
Router (config-if)#
INTERFACE_VRF_SELECT set for POS4/0, slot: 4
Router (config-if)#

ip vrf receive Adds all the IP addresses that are associated with an interface into a VRF
table.
vrf selection source Populates a single source IP address, or range of source IP addresses, to a
VRF Selection table.
20
vrf selection source

To populate a single source IP address, or range of source IP addresses, to a VRF Selection table, use
the vrf selection source command in global configuration mode. To remove a single source IP address
or range of source IP addresses from a VRF Selection table, use the no form of this command.
vrf selection source source-IP-address source-IP-mask vrf vrf_name
no vrf selection source source-IP-address source-IP-mask vrf vrf_name
Syntax Description source-IP-address New source IP address to be added to the VRF Selection table.
source-IP-mask IP mask for the source IP address or range of single source IP addresses to
be added to the VRF Selection table.
vrf vrf_name Name of the VRF Selection table to which the single source IP address or
range of source IP addresses should be added.
Command Modes Global configuration

Usage Guidelines If a VRF table is removed by using the no ip vrf vrf_name command in global configuration mode, all
configurations associated with that VRF will be removed including those configurations added with the
vrf selection source command.
Examples The following example shows how to populate the VRF Selection table vpn1 with a source IP network
address 10.0.0.0 and the IP mask 255.0.0.0, which would forward any packets with the source IP address
10.0.0.0 into the VRF instance vpn1:
21
The following example shows the message you receive after you have removed the source IP network
address 17.1.1.1 and the IP mask 255.255.255.255 from the VRF Selection table vpn1:
Router (config)# no vrf selection source 17.1.1.1 255.255.255.255 vrf vpn1
Router (config)#
VRF Selection Configuration: addr:17.1.1.1, mask:255.255.255.255, vrf_name:vpn1
5d13h: VRF Selection Remove Configuration: addr:17.1.1.1, mask: 255.255.255.255

Router (config)#
The following example shows the message you receive after you have added the source IP network
address 17.1.1.1 and the IP mask 255.255.255.255 to the VRF Selection table vpn1:
Router (config)# vrf selection source 17.1.1.1 255.255.255.255 vrf vpn1
Router (config)#
VRF Selection Configuration: addr:17.1.1.1, mask:255.255.255.255, vrf_name:vpn1
VRF Selection: VRF table vpn1, id is: 1

ip vrf receive Adds all the IP addresses that are associated with an interface into a VRF
table.
ip vrf select source Enables VRF Selection on an interface.
CCSP, the Cisco Square Bridge logo, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing
the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP,
CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the
Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, GigaDrive, GigaStack,
HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the
Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, Registrar, ScriptShare,
SlideCast, SMARTnet, StrataView Plus, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient, TransPath, and VCO are
registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (0406R)
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
22

VPN Routing and Forwarding

Uploaded by

Copyright:

Available Formats

VPN Routing and Forwarding

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VPN Routing and Forwarding

Uploaded by

Copyright:

Available Formats

MPLS VPN: VRF Selection Based on Source IP

Prerequisites for MPLS VPN: VRF Selection Based on Source IP

Restrictions for MPLS VPN: VRF Selection Based on Source IP

Information About MPLS VPN: VRF Selection Based on Source

VRF Selection Process

VRF Selection Examples

Figure 1 VRF Selection Implementation Example

VRF Selection is a Unidirectional Feature

Conditions Under Which VRF Selection becomes Bidirectional

Advantages of VRF Selection over Per-Interface IP VPN Configuration

Figure 2 Implementation of Multiple VPNs before VRF Selection

Benefits of VRF Selection Based on Source IP Address

Association of VPN to interface is removed

How to Configure VRF Selection Based on Source IP Address

Configuring VRF Selection

Establishing IP Static Routes for a VRF Instance

Verifying VRF Selection

Configuration Examples for VRF Selection Based on Source IP

Enabling MPLS VPNs: Example

Creating a VRF Routing Table: Example

Defining VRF Selection Entries: Example

Defining IP Static Routes for a VRF: Example

Configuring an Interface for VRF Selection: Example

Configuring a BGP Router for VRF Selection: Example

Router(config-router)# neighbor 11.11.11.11 update-source Loopback0

Router(config-router)# address-family vpnv4

Router(config-router)# address-family ipv4 vrf vpn2

Router(config-router)# address-family ipv4 vrf vpn1

Configuring a VRF to Eliminate Unnecessary Packet Forwarding: Example

Router(config)# vrf selection source 0.0.0.0 0.0.0.0 vrf VRF_DROP

Router(config)# ip route vrf VRF_DROP 0.0.0.0 0.0.0.0 Null0

ip vrf receive vrf_name

no ip vrf receive vrf_name

Defaults No default behavior or values.

Command Modes Interface configuration

Command History Release Modification

Related Commands Command Description

ip vrf select source

ip vrf select source

no ip vrf select source

Syntax Description This command has no arguments or keywords.

Defaults No default behavior or values.

Command Modes Interface configuration

Command History Release Modification

Related Commands Command Description

vrf selection source

vrf selection source source-IP-address source-IP-mask vrf vrf_name

no vrf selection source source-IP-address source-IP-mask vrf vrf_name

Defaults No default behavior or values.

Command Modes Global configuration

Command History Release Modification

5d13h: VRF Selection Remove Configuration: addr:17.1.1.1, mask: 255.255.255.255

Related Commands Command Description

Copyright © 2004 Cisco Systems, Inc. All rights reserved.

You might also like