One of my customers is using MPLS VPNs from his service provider to support two separate divisions at his site. We implemented VRFSs (virtual routing and forwarding instances) on his edge MPLS router and on his core Nexus 7K to provide two separate routing instances. This article compares some of the NX-OS VRF command syntax with IOS VRF command syntax.
Key take-away: NX-OS is pretty consistent in just appending “VRF RED” to show the vrf RED routing instance version of most IP commands. IOS has multiple permutations.
Background
For my test environment, the gear looked like this:
Reviewing the VRF Routing Table
Both IOS and NX-OS use the same syntax for reviwing the VRF routing table. (This is the ONLY command that has the same syntax to provide the same information!)
IOS-RTR01# sh ip ro vrf RED
Routing Table: RED
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 172.16.196.170 to network 0.0.0.0
172.16.0.0/30 is subnetted, 1 subnets
C 172.16.196.168 is directly connected, GigabitEthernet0/1.16
10.0.0.0/8 is variably subnetted, 27 subnets, 4 masks
B 10.1.1.0/24 [20/0] via 172.16.196.170, 3d01h
B 10.1.2.0/24 [20/0] via 172.16.196.170, 3d01h
B 10.1.3.0/24 [20/0] via 172.16.196.170, 3d01h
B 10.1.4.0/24 [20/0] via 172.16.196.170, 3d01h
C 10.0.0.66/32 is directly connected, Loopback666
D 10.0.0.67/32
[90/130816] via 10.17.255.42, 2d04h, GigabitEthernet0/0.666
C 10.17.255.40/29 is directly connected, GigabitEthernet0/0.666
D 10.17.255.32/29
[90/3072] via 10.17.255.42, 2d04h, GigabitEthernet0/0.666
D EX 10.17.3.0/24
[170/51456] via 10.17.255.42, 2d04h, GigabitEthernet0/0.666
D EX 10.17.4.0/24
[170/51456] via 10.17.255.42, 2d04h, GigabitEthernet0/0.666
B* 0.0.0.0/0 [20/0] via 172.16.196.170, 3d01h
IOS-RTR01#
. . .
NXOS-SW# sh ip ro vrf RED
IP Route Table for VRF "RED"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
0.0.0.0/0, ubest/mbest: 1/0
*via 172.16.196.170, [1/0], 2d04h, static
10.0.0.66/32, ubest/mbest: 1/0
*via 10.17.255.41, Vlan666, [90/130816], 2d04h, eigrp-1, internal
10.0.0.67/32, ubest/mbest: 2/0, attached
*via 10.0.0.67, Lo666, [0/0], 3d04h, local
*via 10.0.0.67, Lo666, [0/0], 3d04h, direct
10.17.3.0/24, ubest/mbest: 1/0
*via 10.17.255.34, [1/0], 2d04h, static
10.17.4.0/24, ubest/mbest: 1/0
*via 10.17.255.34, [1/0], 2d04h, static
10.17.255.32/29, ubest/mbest: 1/0, attached
*via 10.17.255.33, Eth3/12, [0/0], 2d04h, direct
10.17.255.33/32, ubest/mbest: 1/0, attached
*via 10.17.255.33, Eth3/12, [0/0], 2d04h, local
10.17.255.40/29, ubest/mbest: 1/0, attached
*via 10.17.255.42, Vlan666, [0/0], 2d04h, direct
10.17.255.42/32, ubest/mbest: 1/0, attached
*via 10.17.255.42, Vlan666, [0/0], 2d04h, local
172.16.196.168/30, ubest/mbest: 1/0
*via 10.17.255.41, Vlan666, [90/28416], 2d04h, eigrp-1, internal
NXOS-SW#
Note: Both IOS and NX-OS append “vrf RED” to the end of the command.
Reviewing Summary Route Information
IOS-RTR01# sh ip ro vrf RED sum
IP routing table name is RED(1)
IP routing table maximum-paths is 16
Route Source Networks Subnets Overhead Memory (bytes)
connected 0 3 216 384
static 0 0 0 0
eigrp 2 0 1 72 128
bgp 65000 1 21 1584 2816
External: 22 Internal: 0 Local: 0
internal 2 2296
Total 3 25 1872 5624
Removing Queue Size 0
IOS-RTR01#
Note: IOS inserts “vrf RED” before the summary keyword.
NXOS-SW# sh ip ro sum vrf RED
IP Route Table for VRF "RED"
Total number of routes: 19
Total number of paths: 20
Best paths per protocol: Backup paths per protocol:
am : 2 None
local : 3
direct : 3
static : 3
broadcast : 7
eigrp-1 : 2
Number of routes per mask-length:
/0 : 1 /8 : 1 /24: 2 /29: 2 /30: 1
/32: 12
NXOS-SW#
Note: NX-OS appends “vrf RED” to the end of the sh ip ro sum command.
Using PING
IOS-RTR01# ping vrf RED 10.0.0.67
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.67, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
IOS-RTR01#
Note: IOS inserts “vrf RED” before the IP address.
NXOS-SW# ping 10.0.0.66 vrf RED
PING 10.0.0.66 (10.0.0.66): 56 data bytes
64 bytes from 10.0.0.66: icmp_seq=0 ttl=254 time=0.829 ms
64 bytes from 10.0.0.66: icmp_seq=1 ttl=254 time=0.609 ms
64 bytes from 10.0.0.66: icmp_seq=2 ttl=254 time=0.56 ms
64 bytes from 10.0.0.66: icmp_seq=3 ttl=254 time=0.544 ms
64 bytes from 10.0.0.66: icmp_seq=4 ttl=254 time=0.578 ms
--- 10.0.0.66 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.544/0.623/0.829 ms
NXOS-SW#
Note: NX-OS appends “vrf RED” to the end of the ping command.
Interface Configuration
IOS-RTR01# sh run int lo 666
Building configuration...
Current configuration : 119 bytes
!
interface Loopback666
description test RED loopback
ip vrf forwarding RED
ip address 10.0.0.66 255.255.255.255
end
IOS-RTR01#
Note: IOS uses “ip vrf forwarding RED” to place interface in VRF RED.
NXOS-SW01# sh run int lo 666
!Command: show running-config interface loopback666
!Time: Thu Jul 31 12:05:18 2014
version 6.2(6)
interface loopback666
description test RED loopback
vrf member RED
ip address 10.0.0.67/32
ip router eigrp 1
NXOS-SW01#
Note: NX-OS uses “vrf member RED” to place interface in VRF RED.
Using SHOW IP INTERFACE BRIEF for a VRF
IOS-RTR01# sh ip int brie
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES manual up up
GigabitEthernet0/0.100 10.1.24.5 YES manual up up
GigabitEthernet0/0.666 10.17.255.41 YES manual up up
GigabitEthernet0/1 unassigned YES manual up up
GigabitEthernet0/1.2 192.168.5.3 YES manual up up
GigabitEthernet0/1.16 172.16.196.169 YES manual up up
Loopback666 10.0.0.66 YES manual up up
IOS-RTR01#
IOS-RTR01# sh ip int brie vrf RED
^
% Invalid input detected at '^' marker.
IOS-RTR01#
IOS-RTR01# sh ip vrf int
Interface IP-Address VRF Protocol
Gi0/0.666 10.17.255.1 RED up
Gi0/1.16 172.16.196.169 RED up
Lo666 10.0.0.66 RED up
IOS-RTR01#
Note: IOS shows all VRFs with this command. There is no sh ip int brie option to show just the interfaces for one VRF. However, the sh ip vrf interfaces displays most of the information.
NXOS-SW# sh ip int brie
IP Interface Status for VRF "default"(1)
Interface IP Address Interface Status
Vlan2 192.168.5.4 protocol-up/link-up/admin-up
Vlan100 10.1.24.6 protocol-up/link-up/admin-up
Vlan46 10.1.46.1 protocol-up/link-up/admin-up
Vlan48 10.1.48.1 protocol-up/link-up/admin-up
NXOS-SW#
NXOS-SW# sh ip int brie vrf RED
IP Interface Status for VRF "RED"(4)
Interface IP Address Interface Status
Vlan666 10.17.255.42 protocol-up/link-up/admin-up
Lo666 10.0.0.67 protocol-up/link-up/admin-up
Eth3/1 10.17.255.33 protocol-up/link-up/admin-up
NXOS-SW#
Note: NX-OS appends “vrf RED” to the end of the sh ip int brief command to see routes for a specific VRF.
Reviewing VRF Interfaces in EIGRP
IOS-RTR01# sh ip eigrp vrf RED int
IP-EIGRP interfaces for process 2
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Lo666 0 0/0 0 0/1 0 0
Gi0/0.666 1 0/0 1276 0/1 50 0
IOS-RTR01#
Note: IOS inserts “vrf RED” before the interface keyword.
NXOS-SW# sh ip eigrp int brie vrf RED
IP-EIGRP interfaces for process 2 VRF RED
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Lo666 0 0/0 0 0/0 0 0
Vlan666 1 0/0 1 0/0 50 0
NXOS-SW#
Note: NX-OS appends “vrf RED” to the end of the sh ip eigrp int brie command.
Configuring EIGRP
IOS-RTR01# sh run | sec eigrp
. . .
router eigrp 1
redistribute bgp 65000 metric 1500 100 255 1 1500
passive-interface GigabitEthernet0/1.51
network 10.1.24.5 0.0.0.0
network 10.26.59.3 0.0.0.0
auto-summary
!
address-family ipv4 vrf RED
network 10.0.0.66 0.0.0.0
network 10.0.66.0 0.0.0.3
network 10.17.255.0 0.0.0.3
network 172.29.196.169 0.0.0.0
no auto-summary
autonomous-system 2
exit-address-family
IOS-RTR01#
Note: IOS uses an address family to configure the vrf RED under EIGRP. The autonomous-system in the address family configuration must match the neighbor router.
NXOS-SW# sh run eigrp
!Command: show running-config eigrp
!Time: Sun Aug 3 16:02:07 2014
version 6.2(6)
feature eigrp
router eigrp 1
default-information originate
vrf RED
autonomous-system 2
redistribute static route-map redist_static
interface Vlan2
ip router eigrp 1
. . .
interface Vlan666
ip router eigrp 1
interface loopback666
ip router eigrp 1
interface Ethernet3/1
ip router eigrp 1
ip passive-interface eigrp 1
NXOS-SW#
Note: NX-OS does not use an address family to configure the vrf RED under EIGRP. The autonomous-system in the VRF configuration must match the neighbor router.
Reviewing VRF Interface Information
The command syntax is the same, but different information is displayed.
IOS-RTR01# sh ip vrf int
Interface IP-Address VRF Protocol
Gi0/0.666 10.17.255.1 RED up
Gi0/1.16 172.16.196.169 RED up
Lo666 10.0.0.66 RED up
IOS-RTR01#
Note: IOS displays IP address, VRF membership, and interface status.
NXOS-SW01# sh vrf int
Interface VRF-Name VRF-ID Site-of-Origin
Vlan666 RED 4 --
Ethernet3/1 RED 4 --
loopback666 RED 4 --
Vlan1 default 1 --
Vlan2 default 1 --
Vlan46 default 1 --
Vlan48 default 1 --
Null0 default 1 --
mgmt0 management 2 --
NXOS-SW01#
Note: NX-OS displays what VRF each interface is in.
Reviewing BGP Information
Note: Since only IOS-RTR is running BGP, this section shows the default command compared to the VRF command.
IOS-RTR01# sh ip bgp sum
BGP router identifier 10.0.0.67, local AS number 65000
BGP table version is 644, main routing table version 644
. . .
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.50.54 4 64979 69175 69020 644 0 0 1w4d 235
IOS-RTR01#
IOS-RTR01# sh ip bgp vpn vrf RED sum
BGP router identifier 10.0.0.67, local AS number 65000
BGP table version is 4213, main routing table version 4213
. . .
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.196.170 4 64979 19694 18120 4213 0 0 3d01h 22
IOS-RTR01#
IOS-RTR01#
IOS-RTR01# sh ip bgp vpn vrf UB
BGP table version is 4213, local router ID is 10.0.0.67
Status codes: s suppressed, d damped, h history, * valid,> best,i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 2:2 (default for vrf UB)
*> 0.0.0.0 172.16.196.170 0 64979 65003 i
*> 10.1.1.0/24 172.16.196.170 0 64979 65003 ?
*> 10.1.2.0/24 172.16.196.170 0 64979 65003 ?
*> 10.1.3.0/24 172.16.196.170 0 64979 65003 ?
*> 10.1.4.0/24 172.16.196.170 0 64979 65003 ?
*> 10.17.3.0/24 10.17.255.42 51456 32768 i
*> 10.17.4.0/24 10.17.255.42 51456 32768 i
*> 10.17.255.32/29 10.170.255.42 3072 32768 i
*> 10.17.255.40/29 0.0.0.0 0 32768 i
IOS-RTR01#
Summary
For me, the NX-OS process for appending the “vrf RED” designation at the end of IP commands is easier to remember.
— cwr