HELP! Understanding router interface (800 series)

sonnet03

Hi,

Im new here. forgive me if im not techie like u guys all do but this is the best forum i have ever accrossed with which would help me understand hows certain networks works in terms of mpls, vpn, and so on.

Im working in an ISP wherein cisco knwledged is an advantage.Im not cisco certified to begin with. Im just starting to know this stuff now that im here in the company. I can run command but i dont understand them...

So I hope you can help me understand how this things work.

Can someone explain to me (in simple terms) what this is all about?

Core router#sh ip ro vrf giordano-vrf
Routing Table: giordano-vrf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is 210.23.158.115 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 210.23.158.115, 7w0d
10.0.0.0/8 is variably subnetted, 71 subnets, 3 masks
U 10.50.130.8/29 [1/0] via 10.153.24.81
U 10.50.130.16/29 [1/0] via 10.153.24.82
U 10.50.130.40/29 [1/0] via 10.153.24.89
U 10.50.130.48/29 [1/0] via 10.153.24.90
U 10.50.130.56/29 [1/0] via 10.153.24.91
U 10.50.130.64/29 [1/0] via 10.153.24.92
B 10.50.130.80/29 [200/100] via 210.23.158.207, 1w4d
U 10.50.130.88/29 [1/0] via 10.153.24.95
U 10.50.130.96/29 [1/0] via 10.153.26.96
U 10.50.130.104/29 [1/0] via 10.153.26.97
U 10.50.130.112/29 [1/0] via 10.153.26.98
U 10.50.130.120/29 [1/0] via 10.153.26.99
U 10.50.130.136/29 [1/0] via 10.153.153.8
U 10.50.130.168/29 [1/0] via 10.153.20.134
U 10.50.130.216/29 [1/0] via 10.152.35.1
B 10.50.132.0/29 [200/100] via 210.23.158.207, 7w0d
B 10.50.132.24/29 [200/100] via 210.23.158.207, 1w4d
B 10.50.132.32/29 [200/100] via 210.23.158.207, 1w4d
B 10.50.132.40/29 [200/100] via 210.23.158.207, 7w0d
B 10.50.132.48/29 [200/100] via 210.23.158.207, 1w2d
B 10.50.132.72/29 [200/100] via 210.23.158.207, 4w5d
B 10.50.132.80/29 [200/100] via 210.23.158.207, 1w1d
B 10.50.132.120/29 [200/100] via 210.23.158.207, 2w0d
B 10.50.134.24/29 [200/200] via 210.23.158.157, 1w4d
B 10.50.134.32/29 [200/200] via 210.23.158.157, 00:33:32
B 10.50.134.40/29 [200/200] via 210.23.158.157, 00:06:30
B 10.50.134.72/29 [200/200] via 210.23.158.157, 1w4d
U 10.50.136.8/29 [1/0] via 10.155.1.85
B 10.150.112.129/32 [200/100] via 210.23.158.207, 2w0d
B 10.152.22.121/32 [200/100] via 210.23.158.207, 1w4d
B 10.152.32.6/32 [200/100] via 210.23.158.207, 7w0d
C 10.152.35.1/32 is directly connected, Virtual-Access2.679
B 10.152.67.68/32 [200/100] via 210.23.158.207, 1w4d
B 10.152.67.69/32 [200/100] via 210.23.158.207, 1w4d
B 10.152.67.70/32 [200/100] via 210.23.158.207, 7w0d
B 10.152.67.71/32 [200/100] via 210.23.158.207, 1w2d
B 10.152.67.74/32 [200/100] via 210.23.158.207, 4w5d
B 10.152.67.75/32 [200/100] via 210.23.158.207, 1w1d
C 10.152.103.108/32 is directly connected, Virtual-Access2.594
U 10.153.3.0/29 [1/0] via 10.155.0.42
C 10.153.14.242/32 is directly connected, Virtual-Access2.953
C 10.153.20.134/32 is directly connected, Virtual-Access2.563
C 10.153.24.81/32 is directly connected, Virtual-Access2.629
C 10.153.24.82/32 is directly connected, Virtual-Access2.128
B 10.153.24.84/30 [200/0] via 210.23.158.115, 7w0d
C 10.153.24.89/32 is directly connected, Virtual-Access2.302
C 10.153.24.90/32 is directly connected, Virtual-Access2.23
C 10.153.24.91/32 is directly connected, Virtual-Access2.958
C 10.153.24.92/32 is directly connected, Virtual-Access2.305
C 10.153.24.95/32 is directly connected, Virtual-Access2.1230
C 10.153.26.96/32 is directly connected, Virtual-Access2.431
C 10.153.26.97/32 is directly connected, Virtual-Access2.328
C 10.153.26.98/32 is directly connected, Virtual-Access2.158
C 10.153.26.99/32 is directly connected, Virtual-Access2.363
U 10.153.26.104/29 [1/0] via 10.153.14.242
B 10.153.100.0/29 [200/0] via 210.23.158.115, 7w0d
U 10.153.100.16/29 [1/0] via 10.153.24.81
U 10.153.100.64/29 [1/0] via 10.153.24.91
U 10.153.100.104/29 [1/0] via 10.153.26.96
U 10.153.100.112/29 [1/0] via 10.153.26.97
U 10.153.100.120/29 [1/0] via 10.153.26.98
U 10.153.153.0/29 [1/0] via 10.152.103.108
C 10.153.153.8/32 is directly connected, Virtual-Access2.1005
B 10.154.13.67/32 [200/200] via 210.23.158.157, 1w4d
B 10.154.15.109/32 [200/200] via 210.23.158.157, 1w4d
B 10.154.15.110/32 [200/200] via 210.23.158.157, 00:33:37
B 10.154.15.221/32 [200/200] via 210.23.158.157, 00:06:35
B 10.154.100.16/29 [200/100] via 210.23.158.207, 1w4d
B 10.154.100.64/29 [200/200] via 210.23.158.157, 00:06:35
C 10.155.0.42/32 is directly connected, Virtual-Access2.422
C 10.155.1.85/32 is directly connected, Virtual-Access2.969
192.168.0.0/32 is subnetted, 7 subnets
C 192.168.0.1 is directly connected, Loopback620
B 192.168.0.2 [200/200] via 210.23.158.157, 1w4d
B 192.168.0.3 [200/100] via 210.23.158.31, 7w0d
B 192.168.0.6 [200/100] via 210.23.158.9, 5w4d
B 192.168.0.8 [200/100] via 210.23.158.82, 7w0d
B 192.168.0.115 [200/0] via 210.23.158.115, 7w0d
B 192.168.0.216 [200/100] via 210.23.158.51, 2w5d

Thanks.

peanutnoggin

Welcome to TE!

I don't have much (actually no experience with VRF) but it was once explained to me as being VMWare for routing. What you gave us was a display of the VRF (Virtual Route Forwarding I think) routing table for that particular customer. That tells that customer's traffic where to go to reach its destination network.

I guess you can look at the routing table as a road map. You know where you (your router) are and you know where you want to go (your destination network)... the routing table tells you which path to take to get to where you're going. HTH.

-Peanut

chX

Hi, welcome to the forums.

I also work for an ISP, so hopefully I can provide some information. And hopefully none of it is incorrect. :P

Peanut was on the right track, VRF (Virtual Routing and Forwarding) creates "virtual" routing tables within a router, or over a whole network. Routers have routing tables, that's pretty straight forward. Routing tables provide the router with information on how to get to a particular subnet, essentially where to send the data next.

Now, let's say you have a company with a nice network. You provide other businesses access to your network by giving them each a "core router", and they can connect all of their services, with the core router knowing where each of them is.

There's just a few small problems with this. First, you're going to have to give each customer a router. That could equate to a lot of routers, a lot of space required, a lot of money spent. Secondly, what if the customers would like a private WAN, with sites using private IP addresses, rather than valid public IPs?

You couldn't have two different customers using the same private subnets, and that's a lot of administration work and possible headaches.

Well, we can solve these problems with VRFs, which are commonly used with MPLS VPN setups.



VRFs essentially create virtual routing tables. As an example, let's say we have one router and two VRFs - red and blue.

The router has four interfaces, Gi0, Gi1, Gi2 and Gi3.

The "red" customer has interfaces Gi0 and Gi1, while the "blue" customer has Gi2 and Gi3. Each interface is connected to another router belonging to the respective customer.

They would both like to use the same IP addressing, 192.168.0.20/24 for the first site and 192.168.0.30/24 for the second.

Normally, this wouldn't work. You can't effectively have the same subnet hanging off multiple interfaces.

So, one solution is to split it up into VRFs.

The red VRF has the following info in its routing table:

192.168.0.20/24 -> Gi0
192.168.0.30/24 -> Gi1

The blue VRF has:

192.168.0.20/24 -> Gi2
192.168.0.30/24 -> Gi3

Now, all we need to do is tell the router which port is associated with which VRF. We do that by jumping into interface configuration and typing:

ip vrf forwarding <VRFNAME>

We configure Gi0 and Gi1 with:
ip vrf forwarding red

We configure Gi2 and Gi3 with:
ip vrf forwarding blue

When a packet is received on Gi0 or Gi1, the router knows it's associated with the red VRF, and will forward any lookup queries to the routing table associated with that VRF. Same thing for Gi2 and Gi3.

Let's say the router on Gi0/Red/192.168.0.20 would like to ping the router on Gi1/Red/192.168.0.30. The router realises that port Gi0 resides within the red VRF, and looks up the route in that VRF only. It finds that it needs to forward that packet out Gi1 - and it all works smoothly. The packet never goes out Gi2 or Gi3, and never hits the blue VRF.


Now, there's actually some sleight of hand with this... there's really only one routing table on the router, but we use something called a Route Distinguisher (RD) which is prefixed onto the route, and keeps the VRFs separate within the one routing table.

When you do a lookup, i.e. "show ip route vrf red", it will pull all the data concerning that particular VRF and that RD.

Just FYI, RDs are configured similar to:

!
ip vrf red
rd 1:20
!
ip vrf blue
rd 1:30
!

I hope that helps, and someone please let me know if any of that is inaccurate.

sonnet03

I have sooooooooooooo manyyyyy questions to ask . and i dont even know how and where to start..

As i have mentioned, I am working in an ISP where we support multiple services and quite honestly im having difficulty addressing cx concerns when it comes to :

1. PN TAIL
2. VRF / private network
3. MPLS
4.fiber / leaselined/ WTX/
5. colocation.
6. routing issue
7. VPN Issue
8. SHDSL
and many more...

I can execute command inside cx routers and in our core router ok, but I must admit that im having trouble understanding them.

I wasnt expecting that someone will respond to this post, but here you are. Itsssss reallyy so nice of you guyzz..

Hope to hear fro you again should there be any inquiry that i will be making..

thanks again.

chX

That's quite a broad range of issues you want clarification on.

Obviously you have access to these routers and work in a position troubleshooting issues related to all of the above. Have you sought advice from your colleagues? Perhaps ask them to clarify what you're unsure about.

sonnet03

!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
description SHDSL
no ip address
atm ilmi-keepalive
pvc 0/33
encapsulation aal5snap
!
pvc 1/32
encapsulation aal5snap
!
bridge-group 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description Customer LAN
ip address 10.0.0.254 255.255.255.0
ip access-group full-out in
ip helper-address 10.0.0.1
ip nat inside
ip virtual-reassembly
!
interface BVI1
description WAN
ip address 203.143.234.198 255.255.255.252
ip access-group full-in in
ip nbar protocol-discovery
ip nat outside
ip inspect full in
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 203.143.234.197

peanutnoggin

sonnet03 wrote: »

!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
description SHDSL
no ip address
atm ilmi-keepalive
pvc 0/33
encapsulation aal5snap
!
pvc 1/32
encapsulation aal5snap
!
bridge-group 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description Customer LAN
ip address 10.0.0.254 255.255.255.0
ip access-group full-out in
ip helper-address 10.0.0.1
ip nat inside
ip virtual-reassembly
!
interface BVI1
description WAN
ip address 203.143.234.198 255.255.255.252
ip access-group full-in in
ip nbar protocol-discovery
ip nat outside
ip inspect full in
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 203.143.234.197

What exactly do you need help with? If you're unsure of what you're doing, I'd ask a coworker... Especially since you're posting configs with some information that should probably remain within your organization! Not saying someone will do anything with malicious intent with the information you're providing... but let's be honest; not everyone is an internet Saint!!!

So, here's what I suggest... you formulate questions based on some of the research you've done. Then we'll be able to assist you further. It's hard for us to help you when you're posting a config and asking "can someone help me". What are helping you with? Which part of the config do you not understand? Do you have any senior engineers (as mentioned earlier) that may be able to pull you in under their wing and explain things? We're here to help... but we don't know what we're helping you with... I hope my tone isn't condescending, that's not my intent. HTH.

-Peanut