String[Regex: (?i)^(?:e|eth(?:ernet)?)\d(?:\/\d+){1,2}$] or String[Regex: (?i)^(po|port-channel)([1-9]|[1-9][0-9]{1,2}|[1-3][0-9]{3}|40[0-8][0-9]|409[0-6])$] or String[Regex: (?i)^(?:e|eth(?:ernet)?)\d(?:\/\d+){1,2}\.\d{1,4}$] or String[Regex: (?i)^(?:po|port-channel:?)((?:[1-9]|[1-9]\d{1,2}|[1-3]\d{3}|40[0-8]\d|409[0-6]:?)\.(?:[1-9]|[1-9]\d{1,2}|[1-3]\d{3}|40[0-8]\d|409[0-3]:?))$] or String[Regex: (?i)^(lo|loopback)([0-9]|[1-9][0-9]{1,2}|10[0-1][0-9]|102[0-3])$]
This CLI configuration defines routing settings within a specific Virtual Routing and Forwarding (VRF) instance named Nac-VRF21. Here's a breakdown of the commands:
vrf context Nac-VRF21: This command specifies the beginning of configuration for the VRF named Nac-VRF21. VRFs are used to create separate routing tables on the same router, allowing for network segmentation and isolation.
ip route 10.1.1.0/24 192.168.10.1 tag 12345: This command adds a static route for the IPv4 subnet 10.1.1.0/24 with the next-hop IP address 192.168.10.1. The route is marked with a tag of 12345, which can be used for route policies or identification purposes.
ip route 10.1.1.0/24 192.168.20.1 tag 12345: This is another static route for the same IPv4 subnet 10.1.1.0/24, but with a different next-hop IP address, 192.168.20.1. It shares the same tag, 12345, as the previous route.
ip route 10.1.2.0/24 192.168.10.1 tag 12345: This command adds a static route for the IPv4 subnet 10.1.2.0/24 with the next-hop address 192.168.10.1, also tagged with 12345.
ip route 10.1.2.0/24 192.168.20.1 track 10 name rtr2 tag 12345: This static route is for the same subnet 10.1.2.0/24, but uses the next-hop address 192.168.20.1. It is associated with a tracking object (track 10) named rtr2. Tracking allows the route to be conditionally installed based on the state of the tracked object, which could be an interface status or reachability check. The route is tagged with 12345.
ipv6 route 2a00:db8::/32 2a01::1: This command adds a static route for the IPv6 network 2a00:db8::/32 with the next-hop IPv6 address 2a01::1. Unlike the IPv4 routes, this one does not include a tag.
Overall, this configuration sets up multiple static routes within the Nac-VRF21 context, allowing for both IPv4 and IPv6 routing, with some routes being tracked for specific conditions.
VRF-lite static route example in CLI
vrf context Nac-VRF21 ip route 10.1.1.0/24 192.168.10.1 tag 12345 ip route 10.1.1.0/24 192.168.20.1 tag 12345 ip route 10.1.2.0/24 192.168.10.1 tag 12345 ip route 10.1.2.0/24 192.168.20.1 track 10 name rtr2 tag 12345 ipv6 route 2a00:db8::/32 2a01::1
This configuration sets up routing features for a specific VRF (Virtual Routing and Forwarding) and interface. Here's a detailed explanation:
feature ospf: This command enables the OSPF (Open Shortest Path First) routing protocol feature on the device.
feature bfd: This command enables the BFD (Bidirectional Forwarding Detection) feature, which is used to provide rapid detection of faults in the bidirectional path between two forwarding engines, enhancing the reliability of the network.
router ospf OVERLAY: This block configures an OSPF process named "OVERLAY."
vrf NaC-VRF21: This specifies that the OSPF process "OVERLAY" is associated with the VRF named NaC-VRF21.
router-id 1.1.2.21: This sets the OSPF router ID to 1.1.2.21, which is used to uniquely identify the router in the OSPF domain.
redistribute bgp 65000.2 route-map rm-redistribute-ospf: This command redistributes routes from BGP (Autonomous System 65000.2) into the OSPF process using a route-map named rm-redistribute-ospf. This allows for control over which BGP routes are injected into OSPF.
router bgp 65000.2: This block configures BGP for Autonomous System 65000.2.
vrf NaC-VRF21: This specifies that the BGP process is associated with the VRF NaC-VRF21.
address-family ipv4 unicast: This command specifies the IPv4 unicast address family for BGP, indicating that it will handle IPv4 unicast routing.
redistribute ospf OVERLAY route-map rm-default_only: This command redistributes routes from the OSPF process "OVERLAY" into BGP using a route-map named rm-default_only. This controls which OSPF routes are injected into BGP.
interface ethernet1/2.10: This block configures the subinterface ethernet1/2.10.
ip ospf network point-to-point: This specifies that the OSPF network type for this interface is point-to-point, which is typically used for direct links between two routers.
ip router ospf OVERLAY area 0.0.0.0: This assigns the interface to OSPF area 0.0.0.0 for the OVERLAY OSPF process.
ip ospf authentication message-digest: This enables OSPF message-digest authentication on the interface, providing a higher level of security by ensuring that OSPF packets are authenticated.
ip ospf message-digest-key 0 md5 3 a667d47acc18ea6b8da14f191e5f53b5: This sets up an MD5 authentication key (key number 0) with the key value a667d47acc18ea6b8da14f191e5f53b5 for OSPF message-digest authentication. 3 configures the pass key as 3DES encrypted.
ip ospf bfd: This enables BFD for OSPF on the interface, allowing for fast failure detection.
ip ospf dead-interval 40: This sets the OSPF dead interval to 40 seconds, which is the time the router will wait to declare a neighbor down if no OSPF hello packets are received.
Overall, this configuration sets up OSPF and BGP routing with specific redistribution policies, authentication, and fast failure detection for a VRF and an interface on the network device.
vrf-lite with ospf example in CLI
feature ospf feature bfd ! ! router ospf OVERLAY vrf NaC-VRF21 router-id 1.1.2.21 redistribute bgp 65000.2 route-map rm-redistribute-ospf ! router bgp 65000.2 vrf NaC-VRF21 address-family ipv4 unicast redistribute ospf OVERLAY route-map rm-default_only ! interface ethernet1/2.10 ip ospf network point-to-point ip router ospf OVERLAY area 0.0.0.0 ip ospf authentication message-digest ip ospf message-digest-key 0 md5 3 a667d47acc18ea6b8da14f191e5f53b5 ip ospf bfd ip ospf dead-interval 40
This example will create BGP session. On switch border1 we have configure an ebgp session to 10.1.1.1 with the remote as 65010. We overide the as number with the local as 1234. BGP updates are source with interface Loopback101.
On switch dc-border2, we have a bgp session with a range 192.168.1.0/24 on AS number: 65010.