MPLS VPN

 

Ok now the fun stuff start, MPLS VPN’s, I have created nice topology with ISP “someisp.net” and two customers that have connected their branches in NY and Tel Aviv, “google.net” a small company and “shirannet.net” an innovative company working Native IPv6.

Now this time I would go in a different approach instead of talking and talking (I mean writing and writing) I will give you all configurations and .net file I did and let you play around.

MPLS VPN Topology configuration + .net

Some pointers:

1) You can divide the topology into 2 main sections Provider and Customer and 3 virtual divisions (explained below):

a) Provider Back Bone, relatively simple configuration P router are set only with IGP (OSPF flat area 0)
b) PE’s are the complex part, holding both the Customer Interconnecting protocol Provider Topology and doing the conversion between them.
c) Customer Edge again simple configuration

2) ttl propagation in the configuration files I have provided you I have left the default behavior of ttl propagation where the inner ttl field (original packet) is decremented along the path reveling Service Provider path, normally it is not what you will have, and the way to change that behavior is very simple with single command on each PE router see below example:

PE_newyork_someisp.n(config)#no mpls ip propagate-ttl

another scenario is where “shirannet.net” customer is using native IPv6 and you will notice that if you perform a trace and and the ttl propagation is enabled your trace will not function properly and that is because the backbone routers P routers are not IPv6 enabled at all they do not know what is IPv6!!!

! Before diableing ttl propagation 
CE_newyork_shirannet.net#traceroute  2001:CE72:68::2
Type escape sequence to abort.
Tracing the route to 2001:CE72:68::2
  1 2001:CE92:68::1 52 msec 16 msec 8 msec
  2  *  *  *
  3  *
CE_newyork_shirannet.net#ping  2001:CE72:68::2
!
! altoug there is nothing wrong with End To End Connectivity
!
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:CE72:68::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/64/88 ms
!
! After diableing ttl propagation also trace is fine :-)
!
CE_newyork_shirannet.net#traceroute  2001:CE72:68::2
Type escape sequence to abort.
Tracing the route to 2001:CE72:68::2
  1 2001:CE92:68::1 36 msec 36 msec 24 msec
  2 2001:CE72:68::1 52 msec 56 msec 32 msec
  3 2001:CE72:68::2 52 msec 48 msec 60 msec
CE_newyork_shirannet.net#traceroute  2001:CE72:68::2

 

3) Another last thing I would like to point your attention again concerning IPv6, notice to the vrf configuration, using the new method:

! This is the new way of define vrf's and the only supported
! When working with IPv6 and vrf's
vrf definition shirannet.net
 rd 20000:40
 route-target export 20000:40
 route-target import 20000:40
 !
 address-family ipv6
 exit-address-family
!
!I did both methods just to get your attention on both ways
!
ip vrf google.net
 rd 10000:80
 route-target export 10000:80
 route-target import 10000:80
!

 

Ok, That is it I hope you will have fun, I think that the basic configuration will allow you to play and test all kind of scenarios and get better understanding on the subject.

Step By Step MPLS – Basic MPLS Setup

 

Initial configuration , very basic with no MPLS, connectivity only to directly connected interfaces.

R1	R2	R3	R4
! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface FastEthernet0/0 ip address 10.0.31.1 255.255.255.0 duplex auto speed auto !	! ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface FastEthernet0/0 ip address 10.0.42.2 255.255.255.0 duplex auto speed auto !	! ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 no clns route-cache ! interface FastEthernet0/0 ip address 10.0.31.3 255.255.255.0 duplex auto speed auto   no clns route-cache ! interface Serial1/0 ip address 10.0.43.3 255.255.255.0   serial restart-delay 0 no clns route-cache !	! ! interface Loopback0 ip address 4.4.4.4 255.255.255.255 no clns route-cache ! interface FastEthernet0/0 ip address 10.0.42.4 255.255.255.0 duplex auto speed auto ! interface Serial1/0 ip address 10.0.43.4 255.255.255.0   serial restart-delay 0 no clns route-cache !

adding to the following configuration MPLS labels we will start with default label distribution protocol (on most new IOS’s LDP is the default) you can verify your IOS default 

R2(config)#mpls label protocol ?
  ldp  Use LDP (default)
  tdp  Use TDP

now I have enabled on R3 and R4 under all the interfaces MPLS label distribution after I have verified that both are using the LDP by default see example:

R4(config)#int f0/0
R4(config-if)#mp
R4(config-if)#mpls ip
R4(config-if)#int s1/0
R4(config-if)#mpls ip
R4(config-if)#exit
R4(config)#mpl
R4(config)#mpls ip
====================
R3(config)#mpls ip
R3(config)#int f0/0
R3(config-if)#mpls ip
R3(config-if)#int s1/0
R3(config-if)#mpls ip

And I would like to verify LDP has been established correctly

# I see interfaces are configured properly
R3#sh mpls interfaces
Interface              IP            Tunnel   BGP Static Operational
FastEthernet0/0        Yes (ldp)     No       No  No     Yes
Serial1/0              Yes (ldp)     No       No  No     Yes
# But No neighbor???!
R3#sh mpls ldp neighbor
# see below local LDP id and recived LDP id!!! I do not have a route!
R3#sh mpls ldp discovery
 Local LDP Identifier:
    3.3.3.3:0
    Discovery Sources:
    Interfaces:
        FastEthernet0/0 (ldp): xmit
        Serial1/0 (ldp): xmit/recv
            LDP Id: 4.4.4.4:0; no route
R3#
=============================================
#also I can do debug and see, notice below to the connection attempt to open
R4#debug mpls ldp transport events
00:25:43: ldp: Send ldp hello; Serial1/0, src/dst 10.0.43.4/224.0.0.2, inst_id 0
00:25:43: ldp: Rcvd ldp hello; Serial1/0, from 10.0.43.3 (3.3.3.3:0), intf_id 0, opt 0xC
00:25:43: ldp: ldp Hello from 10.0.43.3 (3.3.3.3:0) to 224.0.0.2, opt 0xC
00:25:43: ldp: local idb = Serial1/0, holdtime = 15000, peer 10.0.43.3 holdtime = 15000
00:25:43: ldp: Link intvl min cnt = 2, intvl = 5000, idb = Serial1/0
00:25:43: ldp: Opening ldp conn; adj 0x63D88708, 4.4.4.4 <-> 3.3.3.3
00:25:43: ldp: No route to peer 3.3.3.3; set LDP_CTX_HANDLE_ROUTEUP
=============================================
# as soon as I am setting up a ip route routers for the loopback interface
R4(config)#ip route 3.3.3.3 255.255.255.255 10.0.43.3
R3(config)#ip route 4.4.4.4 255.255.255.255 10.0.43.4
R3(config)#
00:56:41: tagcon: Assign peer id; 4.4.4.4:0: id 0
00:56:41: %LDP-5-NBRCHG: LDP Neighbor 4.4.4.4:0 is UP
00:56:41: tagcon: peer 4.4.4.4:0 (pp 0x63D6E478): advertise 10.0.31.3
00:56:41: tagcon: peer 4.4.4.4:0 (pp 0x63D6E478): advertise 10.0.43.3
00:56:41: tagcon: peer 4.4.4.4:0 (pp 0x63D6E478): advertise 3.3.3.3
00:56:41: tagcon: peer 4.4.4.4:0 (pp 0x63D6E478): advertise 3.3.3.3/32, label 3 (imp-null) (#2)
00:56:41: tagcon: peer 4.4.4.4:0 (pp 0x63D6E478): advertise 10.0.31.0/24, label 3 (imp-null) (#4)
00:56:41: tagcon: peer 4.4.4.4:0 (pp 0x63D6E478): advertise 10.0.43.0/24, label 3 (imp-null) (#6)
00:56:41: tagcon: peer 4.4.4.4:0 (pp 0x63D6E478): advertise 4.4.4.4/32, label 1000 (#8)
00:56:41: tagcon: Allocating address 10.0.42.4 advertised by LDP router-id 4.4.4.4
R3(config)#
00:56:41: tagcon: Allocating address 10.0.43.4 advertised by LDP router-id 4.4.4.4
00:56:41: tagcon: Allocating address 4.4.4.4 advertised by LDP router-id 4.4.4.4
R4(config)#^Z
R4#un all
00:56:40: %LDP-5-NBRCHG: LDP Neighbor 3.3.3.3:0 is UP
00:56:41: %SYS-5-CONFIG_I: Configured from console by console

 

Now notice as after the LDP has been established using multicast UDP a TCP session is created (similar to BGP) sourced from high port to TCP port 646

R4#sh mpls ldp neighbor
    Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 4.4.4.4:0
        TCP connection: 3.3.3.3.646 - 4.4.4.4.11586
        State: Oper; Msgs sent/rcvd: 10/10; Downstream
        Up time: 00:02:36
        LDP discovery sources:
          Serial1/0, Src IP addr: 10.0.43.3
        Addresses bound to peer LDP Ident:
          10.0.31.3       10.0.43.3       3.3.3.3

you can see above the TCP connection parameters, using the loopback interfaces from 4.4.4.4 to 3.3.3.3

next step to allow end to end connectivity and avoid to have and setup multiple static route statements, I have configured OSPF under all 4 routers:

!
router ospf 1
 router-id <loopbcak_ip>
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!

And verified I have end to end connectivity:

R2#ping 1.1.1.1 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/44/56 ms
R2#

Now you ask where is the MPLS here, you have done a simple OSPF setup and that is true, basic MPLS such as that have no benefit, however that is the basic, I do not want to show the complex before we all understand the first step.

So here is my LFIB label forwarding information base:

R2#sh mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
17     1002        10.0.31.0/24      0          Fa0/0      10.0.42.4
18     1003        1.1.1.1/32        0          Fa0/0      10.0.42.4
19     1000        3.3.3.3/32        0          Fa0/0      10.0.42.4
20     Pop tag     4.4.4.4/32        0          Fa0/0      10.0.42.4
21     Pop tag     10.0.43.0/24      0          Fa0/0      10.0.42.4

 

each router is building such a table according to the LDP information received and sent.
What is the information you see? Local tag this are the local generated tags used to generate downstream away from the destination, the outgoing tag is used for the upstream labeling to the destination, you cab also see how much bytes of label switching was done, very informative.

Note: I normally like to modify the range of labeling just to sort the table for my self see below.

R4(config)#mpls label range 1000 2000

the default is:

R2#sh mpls label range
Downstream Generic label region: Min/Max label: 16/100000

last issue, you saw from above that the byte counter on R2 is 0 but you remember I did a connectivity check end to end from R2 to R1, so why did it not show as increased?! PHP (not the programming language) penultimate hop popping a long name for short task.

R4#sh mpls forwarding-table
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop
Label  Label or VC   or Tunnel Id      Switched      interface
1000   Pop Label     3.3.3.3/32        0             Se1/0      point2point
1001   Pop Label     2.2.2.2/32        1140          Fa0/0      10.0.42.2
1002   Pop Label     10.0.31.0/24      0             Se1/0      point2point
1003   1001          1.1.1.1/32        1080          Se1/0      point2point
R4#

when I sent ping from 2.2.2.2 to 1.1.1.1 R2 pushed label 1003 to the echo request R4 received 1003 and swap with 1001

R3#sh mpls forwarding-table
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop
Label  Label or VC   or Tunnel Id      Switched      interface
1000   Pop Label     4.4.4.4/32        0             Se1/0      point2point
1001   Pop Label     1.1.1.1/32        1140          Fa0/0      10.0.31.1
1002   Pop Label     10.0.42.0/24      0             Se1/0      point2point
1003   1001          2.2.2.2/32        1080          Se1/0      point2point

R3 received 1001 POP the label and sent to R1

R1#sh mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     1003        2.2.2.2/32        0          Fa0/0      10.0.31.3
17     Pop tag     3.3.3.3/32        0          Fa0/0      10.0.31.3
18     Pop tag     10.0.43.0/24      0          Fa0/0      10.0.31.3
19     1000        4.4.4.4/32        0          Fa0/0      10.0.31.3
20     1002        10.0.42.0/24      0          Fa0/0      10.0.31.3

as you can see R1 byte counters are also clean. R1 received normal ip with icmp echo request, replaying with echo replay now pushing 1003 and R3 swapping 1003 to 1001 and finally R4 popping 1001 sending normal echo replay to R2 

R2#ping 1.1.1.1 source lo0 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 64/64/64 ms
R2#
R4#
01:46:35: MPLS turbo: Fa0/0: rx: Len 118 Stack {1003 0 255} - ipv4 data
01:46:35: MPLS turbo: Se1/0: tx: Len 108 Stack {1001 0 254} - ipv4 data
01:46:35: MPLS turbo: Se1/0: rx: Len 108 Stack {1001 0 254} - ipv4 data
R4#
R3#
01:46:35: MPLS turbo: Se1/0: rx: Len 108 Stack {1001 0 254} - ipv4 data
01:46:35: MPLS turbo: Fa0/0: rx: Len 118 Stack {1003 0 255} - ipv4 data
01:46:35: MPLS turbo: Se1/0: tx: Len 108 Stack {1001 0 254} - ipv4 data
R3#
R1#deb ip pack de
*Mar  1 01:39:04.799: IP: s=2.2.2.2 (FastEthernet0/0), d=1.1.1.1, len 100, rcvd 4
*Mar  1 01:39:04.803:     ICMP type=8, code=0
*Mar  1 01:39:04.803: ICMP: echo reply sent, src 1.1.1.1, dst 2.2.2.2
*Mar  1 01:39:04.803: IP: tableid=0, s=1.1.1.1 (local), d=2.2.2.2 (FastEthernet0/0), routed via FIB
*Mar  1 01:39:04.803: IP: s=1.1.1.1 (local), d=2.2.2.2 (FastEthernet0/0), len 100, sending
*Mar  1 01:39:04.803:     ICMP type=0, code=0

 

I hope that was helpful, I would like you to try it for your self so again here is my basic GNS setup:

autostart = False
[127.0.0.1:7200]
    workingdir = C:\Users\shiran\AppData\Local\Temp
    udp = 10000
    [[3640]]
        image = E:\ Root\SOFTWARE\CISCO\c3640-jk9o3s-mz.124-16.bin
        idlepc = 0x605ac320
        ghostios = True
        chassis = 3640
    [[ROUTER R1]]
        model = 3640
        console = 2000
        aux = 2100
        cnfg = R1.cfg
        slot0 = NM-1FE-TX
        f0/0 = R3 f0/0
        x = -533.0
        y = -198.0
    [[ROUTER R2]]
        model = 3640
        console = 2001
        aux = 2101
        cnfg = R2.cfg
        slot0 = NM-1FE-TX
        f0/0 = R4 f0/0
        x = 227.0
        y = -202.0
[127.0.0.1:7201]
    workingdir = C:\Users\shiran\AppData\Local\Temp
    udp = 10100
    [[7200]]
        image = E:\ Root\SOFTWARE\CISCO\c7200-k91p-mz.122-25.S15.bin
        idlepc = 0x608ca290
        ghostios = True
    [[ROUTER R4]]
        console = 2004
        cnfg = C:\Program Files (x86)\GNS3\R4.cfg
        slot0 = C7200-IO-2FE
        f0/0 = R2 f0/0
        slot1 = PA-4T+
        s1/0 = R3 s1/0
        x = -31.0
        y = -87.0
    [[ROUTER R3]]
        console = 2003
        cnfg = C:\Program Files (x86)\GNS3\R3.cfg
        slot0 = C7200-IO-2FE
        f0/0 = R1 f0/0
        slot1 = PA-4T+
        s1/0 = R4 s1/0
        x = -271.0
        y = -87.0
[GNS3-DATA]
    configs = C:\Program Files (x86)\GNS3
    [[NOTE 1]]
        text = s1/0
        x = -6.86874660092
        y = 25.2377529973
        interface = R4 s1/0
    [[NOTE 2]]
        text = f0/0
        x = 69.5349221487
        y = 5.71505408099
        interface = R4 f0/0
    [[NOTE 3]]
        text = s1/0
        x = 72.8687466009
        y = 18.7622470027
        interface = R3 s1/0
    [[NOTE 4]]
        text = f0/0
        x = -3.83092469005
        y = 6.39605862368
        interface = R3 f0/0
    [[NOTE 5]]
        text = f0/0
        x = -6.99933176856
        y = 21.7687899898
        interface = R2 f0/0
    [[NOTE 6]]
        text = f0/0
        x = 72.9993317686
        y = 22.2312100102
        interface = R1 f0/0

Step by Step Into MPLS – VRF LITE

 

Although VRF (virtual routing and forwarding) is not actually part of the MPLS you can think of the VRF as a helper for the MPLS in achieving the MPLS VPN infrastructure, now as I would like to make that a very simple to understand guide , I will address here only the VRF part without any MPLS, also known as VRF Lite.

Simple Topology :

R1 Configuration	R2 Configuration
! ip cef no ip domain lookup ! ! ip vrf VRF_GOLD ! ip vrf VRF_SILVER ! ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 100 ip vrf forwarding VRF_SILVER ip address 10.0.0.1 255.255.255.0 ! interface FastEthernet0/0.2 encapsulation dot1Q 200 ip vrf forwarding VRF_GOLD ip address 20.0.0.1 255.255.255.0 !	! ip cef no ip domain lookup ! ip vrf VRF_GOLD ! ip vrf VRF_SILVER ! ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 100 ip vrf forwarding VRF_SILVER ip address 10.0.0.2 255.255.255.0 ! interface FastEthernet0/0.2 encapsulation dot1Q 200 ip vrf forwarding VRF_GOLD ip address 20.0.0.2 255.255.255.0 ! !

 

As you can see from above I have done something very simple, 2 VRF’s GOLD and SILVER, I have configured sub interface for FastEthernet 0/0 and each is assigned to its own VRF with the ip vrf forwarding <VRF_NAME> command.

see what happen if I try to see my routing table:

R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set

What happen here?! where are my connected interfaces ?!

Well this is the VRF, as you can see from above configuration I have configured only interface assigned to VRF, and the VRF job is to take my router and give each VRF a totally separate virtual ip routing table. you can see the same result is with R2 main routing table.

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set

So , where is the routing table I have created?!

R1

R1#sh ip route vrf VRF_GOLD
Routing Table: VRF_GOLD
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     20.0.0.0/24 is subnetted, 1 subnets
C       20.0.0.0 is directly connected, FastEthernet0/0.2
R1#sh ip route vrf VRF_SILVER
Routing Table: VRF_SILVER
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/0.1

 

R2

R2#sh ip vrf
  Name                             Default RD          Interfaces
  VRF_GOLD                         <not set>           Fa0/0.2
  VRF_SILVER                       <not set>           Fa0/0.1
R2#sh ip route vrf VRF_GOLD
Routing Table: VRF_GOLD
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     20.0.0.0/24 is subnetted, 1 subnets
C       20.0.0.0 is directly connected, FastEthernet0/0.2

 

Now lets check simple connectivity:

R2#ping 20.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.2, timeout is 2 seconds:
.....
 

Now what is going on?!  I am pinging my own interface!!!

Relax again, when working with VRF everything need to be referred with the VRF, ping traceroute…

R2#ping vrf VRF_GOLD 20.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.2, timeout is 2 seconds:
!!!!!
R2#ping vrf VRF_GOLD 20.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.1, timeout is 2 seconds:
.!!!!
R2#ping vrf VRF_SILVER 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
.!!!!

 

Now I would like to take it one step further and show you that the VRF is locally significant, meaning the router it self have virtual separation there is no tagging or added header’s or anything like MPLS.

R2(config)#ip vrf VRF_A
R2(config-vrf)#ip vrf VRF_B
R2(config-vrf)#int f0/0.1
R2(config-subif)#ip vrf f
R2(config-subif)#ip vrf forwarding VRF_A
% Interface FastEthernet0/0.1 IP address 10.0.0.2 removed due to enabling VRF VRF_A
R2(config-subif)#ip add 10.0.0.2 255.255.255.0
R2(config-subif)#int f0/0.2
R2(config-subif)#ip vrf forwarding VRF_B
% Interface FastEthernet0/0.2 IP address 20.0.0.2 removed due to enabling VRF VRF_B
R2(config-subif)#ip add 20.0.0.2 255.255.255.0
R2(config-subif)#^Z
R2#sh
*Mar  1 00:08:58.651: %SYS-5-CONFIG_I: Configured from console by console
R2#sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  up                    up  
FastEthernet0/0.1          10.0.0.2        YES manual up                    up  
FastEthernet0/0.2          20.0.0.2        YES manual up                    up  
R2#sh ip vrf
  Name                             Default RD          Interfaces
  VRF_A                            <not set>           Fa0/0.1
  VRF_B                            <not set>           Fa0/0.2
  VRF_GOLD                         <not set>
  VRF_SILVER                       <not set>

as you can see from above I have configured 2 new VRF’s and reassign them to the interfaces, replacing old VRF_GOLD and VRF_SILVER, notice I had to reconfigure the ip address, as when assigning VRF to an interface the ip address is removed (I have just assigned the same to each interface)

Now lets test

R2#ping vrf VRF_A 10.0.0.1 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 200/200/200 ms

 

Success !!!

Now If you have any doubts

R1#debug ip packet detail
IP packet debugging is on (detailed)
R1#
*Mar  1 00:09:20.979: IP: tableid=1, s=10.0.0.2 (FastEthernet0/0.1), d=10.0.0.1 (FastEthernet0/0.1), routed via RIB
*Mar  1 00:09:20.979: IP: s=10.0.0.2 (FastEthernet0/0.1), d=10.0.0.1 (FastEthernet0/0.1), len 100, rcvd 3
*Mar  1 00:09:20.983:     ICMP type=8, code=0
*Mar  1 00:09:20.983: IP: tableid=1, s=10.0.0.1 (local), d=10.0.0.2 (FastEthernet0/0.1), routed via FIB
*Mar  1 00:09:20.983: IP: s=10.0.0.1 (local), d=10.0.0.2 (FastEthernet0/0.1), len 100, sending
*Mar  1 00:09:20.983:     ICMP type=0, code=0
R1#un all

 

Now I could have made it more confusing and switch the names, but why go there take below .net file for GNS and play your self:

autostart = False
[127.0.0.1:7200]
    workingdir = D:\DYN\Work
    udp = 10000
    [[3640]]
        image = D:\DYN\C3640-JK.BIN
        idlepc = 0x6060d328
        ghostios = True
        chassis = 3640
    [[ROUTER R1]]
        model = 3640
        console = 2000
        cnfg = R1.cfg
        slot0 = NM-1FE-TX
        f0/0 = R2 f0/0
        x = -221.0
        y = -91.0
    [[ROUTER R2]]
        model = 3640
        console = 2001
        cnfg = R2.cfg
        slot0 = NM-1FE-TX
        f0/0 = R1 f0/0
        x = 144.0
        y = -83.0
[GNS3-DATA]
    configs = .
    [[NOTE 1]]
        text = f0/0
        x = -6.99933176856
        y = 21.7687899898
        interface = R2 f0/0
    [[NOTE 2]]
        text = f0/0
        x = 72.9993317686
        y = 22.2312100102
        interface = R1 f0/0

 

This is the very basic VRF , If you understand that it is the first step to understanding MPLS VPN’s