10-28-2019 04:48 PM
Im creating a ISIS-SPBM Fabric with our new VSP 8608 Core-Switches. For that i need to implement 4 different VRFs, that can only communicate via the Firewall. After having the configuration for VRF 0 completed i realized, that route redistribution between the nodes only works in VRF 0. As i tried to enable route redistribution in one of the other VRFs i got the error in the title:
switch4:1(config)#router vrf voice
switch4:1(router-vrf)#isis redistribute direct
Error: ISIS instance does not exist in VRF: "voice"
how to proceed here? do i need to create additional ISIS-Instances for the different VRFs? Is it possible to enable/assign an ISIS-Instance to additional VRFs? what about the BVLANs? Do i need one per VRF/ISIS-Instance? Same with virtual-ist?
running config:
#
# ISIS SPBM CONFIGURATION
#
router isis
spbm 1
spbm 1 nick-name 0.4d.b4
spbm 1 b-vid 4051-4052 primary 4051
spbm 1 multicast enable
spbm 1 ip enable
spbm 1 smlt-virtual-bmac 00:00:00:00:00:34
spbm 1 smlt-peer-system-id 00db.face.0003
exit
#
# VIRTUAL IST CONFIGURATION
#
virtual-ist  peer-ip 172.28.72.3 vlan 4053
 
#
# ISIS CONFIGURATION
#
router isis
sys-name "switch4"    
ip-source-address 172.28.64.4
is-type l1
system-id 00db.face.0004
manual-area 10.01
exit
router isis enable
 
#
#  OSPF CONFIGURATION - GlobalRouter
#
router ospf
exit
#
#  OSPF CONFIGURATION - VRF
#
 
#
# IP REDISTRIBUTION CONFIGURATION - GlobalRouter
#
router isis
redistribute direct
redistribute direct enable
exit
#
# IP REDISTRIBUTION CONFIGURATION - VRF
#
 
Solved! Go to Solution.
10-28-2019 06:17 PM
You are almost there. The following is an example of how to redistribute direct and static routes in the vrf VOICE:
router vrf voice
isis redistribute static
isis redistribute static enable
isis redistribute direct
isis redistribute direct enable
exit
isis apply redistribute static vrf voice
isis apply redistribute direct vrf voice
I think it is the last part you are missing now.
(Naturally you will need to create the voice VRF on another switch and enable ipvpn on it as well to see the routes propagated)
Regarding IPVPN - this is not actually VPN as you know it. IPVPN is how we enable a “L3 VSN” which is what you are doing here.
Regarding the license - run the ‘show license’ command to see what is loaded. Without a license the system will allow you to use advanced features (licensed features) for a trial period of 60 days. Be aware that if you don’ t have the license you will lose that function after the trial expires and the system is reset.
11-04-2019 03:25 PM
Yes, you have a Premier license (L3V) + MACsec license.
10-29-2019 10:45 AM
i love you mate, this worked like a charm. last question, this is the output of my “show license”:
************************************************************************************
        Command Execution Time: Tue Oct 29 11:00:29 2019 CET
************************************************************************************
    License file name      :    Lizenz_Slot8_XXXXXXXXX.xml
    License Type           :    L3V with MACsec
    Duration Type          :    Perpetual
    Generation Time        :    XXXX/XX/XX XX:XX:XX
    Expiration Time        :    
    Host ID                :    XXXXXXXXXXX
************************************************************************
Features requiring a L3V + MacSec license:
    -  Layer 3 VSNs
    -  MACsec
    -  VRF Scaling
************************************************************************
    Number of IO license entitlements: 8
    License granted for slots        : 1  2  3  4  5  6  7  8  
************************************************************************
Is this the correct license for using ipvpn?
10-28-2019 06:17 PM
You are almost there. The following is an example of how to redistribute direct and static routes in the vrf VOICE:
router vrf voice
isis redistribute static
isis redistribute static enable
isis redistribute direct
isis redistribute direct enable
exit
isis apply redistribute static vrf voice
isis apply redistribute direct vrf voice
I think it is the last part you are missing now.
(Naturally you will need to create the voice VRF on another switch and enable ipvpn on it as well to see the routes propagated)
Regarding IPVPN - this is not actually VPN as you know it. IPVPN is how we enable a “L3 VSN” which is what you are doing here.
Regarding the license - run the ‘show license’ command to see what is loaded. Without a license the system will allow you to use advanced features (licensed features) for a trial period of 60 days. Be aware that if you don’ t have the license you will lose that function after the trial expires and the system is reset.
10-28-2019 05:10 PM
i didn’t enable ipvpn. all systems and connections are private, so i haven’t checked anything about vpn. is ipvpn the feature i need to implement an isis over different VRFs?
enabling ipvpn doesn’t give me an error about a missing license. does that mean the license is present?
for testing purpose i enabled ipvpn on the voice vrf and tried to configure ip distribution:
router vrf voice
ipvpn
I-sid 150000
ipvpn enable
isis redistribute direct
WARNING: Routes will not be injected until apply command is issued after enable command
isis redistribute direct enable
exit
isis apply redistribute direct
but this didn’t create the according routes in the vrfs routing table
