Date created: 11/10/15 10:26:19. Last modified: 03/21/18 08:40:55

Multi VRF over ADSL using GRE (Internet/GRT Access)

Two GRE tunnels from CPE to LNS, one for management inside a management VRF. The other is for raw Internet access which is a seperate VRF on the CPE but lands in the Global Routing Table (GRT) inside the service provider core (in this example, the SP is not running Internet-in-a-VRF). The ASDL PPP session is terminating on Loopback30 (as per the RADIUS profile) which is in the GRT on the LNS, so Loopback30 is also the source for the two GRE tunnels:

 

RADIUS Profile

 Framed-Protocol        | =  | PPP
 Service-Type           | =  | Framed-User
 Framed-MTU             | =  | 1500
 Framed-IP-Address      | =  | 100.65.20.7
 Framed-IP-Netmask      | =  | 255.255.255.255
 Cisco-AVPair           | =  | ip:ip-unnumbered=Loopback30
 Cisco-AVPair           | += | ip:route=10.48.7.216 255.255.255.248
 Cisco-AVPair           | += | ip:route=1.2.3.4 255.255.255.255 Tunnel661

 

CPE Config:

vrf definition MGMT
 rd 65001:1234
 !
 address-family ipv4
 exit-address-family
!
vrf definition INTERNET
 rd 65001:5678
 !
 address-family ipv4
 exit-address-family
!
interface Loopback0
 description MGMT Tunnel Loopback
 ip address 10.48.7.216 255.255.255.255
!
interface Loopback1
 description Internet Tunnel Loopback
 ip address 10.48.7.217 255.255.255.255
!
interface Tunnel0
 description Management
 vrf forwarding MGMT
 ip address 10.100.25.106 255.255.255.254
 ip tcp adjust-mss 1414
 tunnel source Loopback0
 tunnel destination 100.66.0.4  ! Loopback30 IP on LNS
!
interface Tunnel1
 description Internet
 vrf forwarding INTERNET
 ip address 1.2.3.4 255.255.255.255 ! Public IP
 ip nat outside
 ip virtual-reassembly in
 ip tcp adjust-mss 1414
 tunnel source Loopback1
 tunnel destination 100.66.0.4 ! Loopback30 IP on LNS
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
interface Dialer0
 description DSL
 mtu 1492
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly in
 ip verify unicast reverse-path
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp chap hostname [email protected]
 ppp chap password secret-password
 no cdp enable
!
interface FastEthernet0
 switchport access vlan 80
 no ip address
!
interface FastEthernet1
 switchport access vlan 20
 no ip address
!
interface Vlan20
 description Internet
 vrf forwarding INTERNET
 ip address 10.24.174.130 255.255.255.248
 ip nat inside
 ip virtual-reassembly in
!
access-list 1 permit any
!
ip nat inside source list 1 interface Tunnel1 vrf INTERNET overload
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route vrf MGMT 0.0.0.0 0.0.0.0 Tunnel0
ip route vrf INTERNET 0.0.0.0 0.0.0.0 Tunnel1

 

LNS Config:

interface Tunnel660
 description MGMT
 ip vrf forwarding MGMT
 ip address 10.100.25.107 255.255.255.254
 ip tcp adjust-mss 1414
 tunnel source Loopback30
 tunnel destination 10.48.7.216
 !
interface Tunnel661
 description Internet
 ip address 10.130.48.18 255.255.255.255
 ! It doesn't mater that the GRE tunnel for Internet access uses two /32's of discontiguous subnets, it's a point-to-point tunnel
 ip tcp adjust-mss 1414
 tunnel source Loopback30
 tunnel destination 10.48.7.217