Примечания к выпуску для Cisco Cisco IOS Software Release 12.2(8)YD
7
Release Notes for Cisco Cisco 7000 Family for Cisco IOS Release 12.2 YD
OL-2709-04
Important Notes
Important Notes
The following sections contain important notes about Cisco IOS Release 12.2 YD that can apply to the
Cisco 7000 family.
Cisco 7000 family.
Migration to Virtual Route Forwarding (VRF) for GGSN R3.0
This section describes the engineering analysis of migrating CLI command use-interface to vrf
command.
command.
The use-interface command is designed to support private addressing when there was no general VPN
support in IOS few years back. The implementation of the use-interface command is to by-pass routing
and send VPN traffic directly to the interface associated with an APN when the use-interface command
is configured for an APN. This approach is restrictive since there is a single global routing table, and the
routing table is bypassed when the use-interface is used.
support in IOS few years back. The implementation of the use-interface command is to by-pass routing
and send VPN traffic directly to the interface associated with an APN when the use-interface command
is configured for an APN. This approach is restrictive since there is a single global routing table, and the
routing table is bypassed when the use-interface is used.
With GGSN R3.0, we provide a generic way of interfacing to any Virtual Private Network using the IOS
element called VRF-Lite VRF-Lite instance allows the operator to define multiple virtual contexts
(VRF) inside the router. Each VRF consists of an IP routing table, a routing process, a forwarding
engine, a set of interfaces, and a set of rules and routing protocol parameters that control the information
that is included into the routing table. In addition to these, a separate DHCP or Radius server can be
supported in the VRF domain. These separate tables and process prevent information from being
forwarded outside a VPN, and also prevent packets that are outside a VPN from being forwarded to a
router within the VPN. Since we can add or subtract interface to or from the VRF easily, we can create
a VRF with as many interfaces as we want. It is very flexible and scalable. We can apply policies to each
VRF separately and not affecting others. Since it is provide by IOS core, there are many related features
on the road map so GPRS can be benefit from all the new features.
element called VRF-Lite VRF-Lite instance allows the operator to define multiple virtual contexts
(VRF) inside the router. Each VRF consists of an IP routing table, a routing process, a forwarding
engine, a set of interfaces, and a set of rules and routing protocol parameters that control the information
that is included into the routing table. In addition to these, a separate DHCP or Radius server can be
supported in the VRF domain. These separate tables and process prevent information from being
forwarded outside a VPN, and also prevent packets that are outside a VPN from being forwarded to a
router within the VPN. Since we can add or subtract interface to or from the VRF easily, we can create
a VRF with as many interfaces as we want. It is very flexible and scalable. We can apply policies to each
VRF separately and not affecting others. Since it is provide by IOS core, there are many related features
on the road map so GPRS can be benefit from all the new features.
We are aware of the changes will impact current users so we put in some effort to evaluate if the two
commands can co-exist initially and the use-interface command can be phased out gradually. The
engineering analysis is the co-exist of the two cannot be achieved without significant effort due to we’ll
need to maintain the new and old way to lookup a PDP context and do not get confused. Also the longer
we wait to make the change, the more customers will be impacted.
commands can co-exist initially and the use-interface command can be phased out gradually. The
engineering analysis is the co-exist of the two cannot be achieved without significant effort due to we’ll
need to maintain the new and old way to lookup a PDP context and do not get confused. Also the longer
we wait to make the change, the more customers will be impacted.
For these reasons, we shall migrate the use-interface command to VRF based.
To create a VRF, we need to do:
1.
create a VRF:
global config: ip vrf <name> rd <tag>
2.
2) create a routing process for the VRF if we need to exchange routing info with neighbors:
global config: router BGP <tag>
3.
add interface to the VRF interface set:
interface config: ip vrf forwarding <name>
Note
We should not config this to gprs vitual template interface, because that is a special interface
which shared by many APNs.
which shared by many APNs.
4.
add a APN into the VRF:
APN config : vrf <name>