GRT lookup and VPRN-to-GRT route leaking
GRT lookup and VPRN-to-GRT route leaking shows the GRT lookup and VPRN-to-GRT route leaking option for in-band management over a VPRN on the 7705 SAR-Hm.
In-band management using the GRT lookup and VPRN-to-GRT route leaking option is enabled by configuring the following elements:
-
A base router policy statement that includes a prefix list used to leak VPRN reachable addresses to the GRT. This prefix list includes the NSP NFM-P addresses and the management loopback interface that allows the CPM to respond to management queries or commands from the NSP NFM-P.
-
A management loopback interface configured under the VPRN to allow the CPM to respond to management queries from the NSP NFM-P.
-
A static route from the VPRN to the GRT for the system IP address of the node
-
Enable a GRT lookup from the VPRN to the GRT so that management traffic received over the VPRN from the NSP NFM-P to the 7705 SAR-Hm series node can reach the CPM. This uses the grt-lookup, enable-grt, and allow-local-management CLI commands in the config>service>vprn context. For descriptions of these commands, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR Classic CLI Command Reference Guide.
-
A VPRN-to-GRT route leak that populates the GRT routing table with addresses that are reachable by the VPRN, using the export-grt command. For a description of this command, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR Classic CLI Command Reference Guide. The reachable addresses include those for the NSP NFM-P and the local management loopback interface that allows responses from the CPM to return to the corresponding VPRN.
The following CLI output shows a configuration example of in-band management using GRT lookup and VPRN-to-GRT route leaking, based on GRT lookup and VPRN-to-GRT route leaking.
#--------------------------------------------------
echo "Policy Configuration"
#--------------------------------------------------
policy-options
begin
prefix-list "NSP"
prefix 1.1.1.1/24 exact
prefix 2.2.2.2/24 exact
prefix 192.168.255.0/32 exact
exit
policy-statement "NSP-leak"
entry 10
from
prefix-list "NSP"
exit
action accept
exit
exit
exit
commit
exit
#--------------------------------------------------
echo "Service Configuration"
#--------------------------------------------------
service
customer 1 name "1" create
description "Default customer"
exit
vprn 1 name "1" customer 1 create
interface "NSP" create
exit
exit
vprn 1 name "1" customer 1 create
route-distinguisher 65650:1
auto-bind-tunnel
resolution-filter
gre
exit
resolution filter
exit
vrf-target target:65650:1
interface "Mgmnt-interface" create
address 192.168.255.0/32
loopback
exit
static-route-entry 10.10.10.1/32
grt
no shutdown
exit
exit
grt-lookup
enable-grt
allow-local-management
exit
export-grt "NSP-leak"
exit
no shutdown
exit
exit