Published On: October 21ˢᵗ, 2021 08:40

IP Addressing Services Configuration Guide, Cisco IOS XE Amsterdam 17.3.x (Catalyst 9500 Switches)

Contents

Restrictions for GRE Tunnel IP Source and Destination VRF Membership

  • Both ends of the tunnel must reside within the same VRF.

  • The VRF associated with the tunnel vrf command is the same as the VRF associated with the physical interface over which the tunnel sends packets (outer IP packet routing).

  • The VRF associated with the tunnel by using the ip vrf forwarding command is the VRF that the packets are to be forwarded in as the packets exit the tunnel (inner IP packet routing).

  • The feature does not support the fragmentation of multicast packets passing through a multicast tunnel.

  • The feature does not support the ISIS (Intermediate System to intermediate system) protocol.

Information About GRE Tunnel IP Source and Destination VRF Membership

This feature allows you to configure the source and destination of a tunnel to belong to any Virtual Private Network (VPN) routing and forwarding (VRF) table. A VRF table stores routing data for each VPN. The VRF table defines the VPN membership of a customer site attached to the network access server (NAS). Each VRF table comprises an IP routing table, a derived Cisco Express Forwarding (CEF) table, and guidelines and routing protocol parameters that control the information that is included in the routing table.

Previously, GRE IP tunnels required the IP tunnel destination to be in the global routing table. The implementation of this feature allows you to configure a tunnel source and destination to belong to any VRF. As with existing GRE tunnels, the tunnel becomes disabled if no route to the tunnel destination is defined.

How to Configure GRE Tunnel IP Source and Destination VRF Membership

Follow these steps to configure GRE Tunnel IP Source and Destination VRF Membership:

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface tunnel number
  4. ip vrf forwarding vrf-name
  5. ip address ip-address subnet-mask
  6. tunnel source { ip-address | type number }
  7. tunnel destination { hostname | ip-address }
  8. tunnel vrf vrf-name

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Device>enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device#configure terminal

Enters global configuration mode.

Step 3

interface tunnel number

Example:

Device(config)#interface tunnel 0

Enters interface configuration mode for the specified interface.

  • number is the number associated with the tunnel interface.

Step 4

ip vrf forwarding vrf-name

Example:

Device(config-if)#ip vrf forwarding green

Associates a virtual private network (VPN) routing and forwarding (VRF) instance with an interface or subinterface.

  • vrf-name is the name assigned to a VRF.

Step 5

ip address ip-address subnet-mask

Example:

Device(config-if)#ip address 10.7.7.7 255.255.255.255

Specifies the interface IP address and subnet mask.

  • ip-address specifies the IP address of the interface.

  • subnet-mask specifies the subnet mask of the interface.

Step 6

tunnel source { ip-address | type number }

Example:

Device(config-if)#tunnel source loop 0

Specifies the source of the tunnel interface.

  • ip-address specifies the IP address to use as the source address for packets in the tunnel.

  • type specifies the interface type (for example, serial).

  • number specifies the port, connector, or interface card number. The numbers are assigned at the factory at the time of installation or when added to a system, and can be displayed using the show interfaces command.

Step 7

tunnel destination { hostname | ip-address }

Example:

Device(config-if)#tunnel destination 10.5.5.5

Defines the tunnel destination.

  • hostname specifies the name of the host destination.

  • ip-address specifies the IP address of the host destination.

Step 8

tunnel vrf vrf-name

Example:

Device(config-if)#tunnel vrf finance1

Associates a VPN routing and forwarding (VRF) instance with a specific tunnel destination.

  • vrf-name is the name assigned to a VRF.

Configuration Example for GRE Tunnel IP Source and Destination VRF Membership

In this example, packets received on interface e0 using VRF green are forwarded out of the tunnel through interface e1 using VRF blue.

ip vrf blue rd 1:1

ip vrf green rd 1:2

interface loop0
ip vrf forwarding blue
ip address 10.7.7.7 255.255.255.255

interface tunnel0
ip vrf forwarding green
ip address 10.3.3.3 255.255.255.0 tunnel source loop 0
tunnel destination 10.5.5.5 tunnel vrf blue

interface ethernet0
ip vrf forwarding green
ip address 10.1.1.1 255.255.255.0

interface ethernet1
ip vrf forwarding blue
ip address 10.2.2.2 255.255.255.0

ip route vrf blue 10.5.5.5 255.255.255.0 ethernet 1

Additional References

Table 1. Related Documents

Related Topic

Document Title

VRF tables

"Configuring Multiprotocol Label Switching" chapter of the Cisco IOS Switching Services Configuration Guide, Release 12.2

Tunnels

Cisco IOS Interface Configuration Guide, Release 12.2

Feature History for Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Table 2. Feature History for Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership

Feature Name

Releases

Feature Information

Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership

Cisco IOS 16.6.1

The Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership feature allows you to configure the source and destination of a tunnel to belong to any virtual private network (VPN) routing and forwarding (VRF) table.