GRT lookup and VPRN-to-GRT route leaking

GRT lookup and VPRN-to-GRT route leaking shows the GRT lookup and VPRN-to-GRT route leaking option for in-band management over a VPRN on the 7705 SAR-Hm.

Figure 1. GRT lookup and VPRN-to-GRT route leaking

In-band management using the GRT lookup and VPRN-to-GRT route leaking option is enabled by configuring the following elements:

  • A base router policy statement that includes a prefix list used to leak VPRN reachable addresses to the GRT. This prefix list includes the NSP NFM-P addresses and the management loopback interface that allows the CPM to respond to management queries or commands from the NSP NFM-P.

  • A management loopback interface configured under the VPRN to allow the CPM to respond to management queries from the NSP NFM-P.

  • A static route from the VPRN to the GRT for the system IP address of the node

  • Enable a GRT lookup from the VPRN to the GRT so that management traffic received over the VPRN from the NSP NFM-P to the 7705 SAR-Hm series node can reach the CPM. This uses the grt-lookup, enable-grt, and allow-local-management CLI commands in the config>service>vprn context. For descriptions of these commands, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR Classic CLI Command Reference Guide.

  • A VPRN-to-GRT route leak that populates the GRT routing table with addresses that are reachable by the VPRN, using the export-grt command. For a description of this command, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR Classic CLI Command Reference Guide. The reachable addresses include those for the NSP NFM-P and the local management loopback interface that allows responses from the CPM to return to the corresponding VPRN.

The following CLI output shows a configuration example of in-band management using GRT lookup and VPRN-to-GRT route leaking, based on GRT lookup and VPRN-to-GRT route leaking.

#--------------------------------------------------
echo "Policy Configuration"
#--------------------------------------------------
        policy-options
            begin
            prefix-list "NSP"
                prefix 1.1.1.1/24 exact
                prefix 2.2.2.2/24 exact
                prefix 192.168.255.0/32 exact
            exit
            policy-statement "NSP-leak"
                entry 10
                    from
                        prefix-list "NSP"
                    exit
                    action accept
                    exit
                exit
            exit
            commit
        exit
#--------------------------------------------------
echo "Service Configuration"
#--------------------------------------------------
    service
        customer 1 name "1" create
            description "Default customer"
        exit
        vprn 1 name "1" customer 1 create
            interface "NSP" create
            exit
        exit
        vprn 1 name "1" customer 1 create
            route-distinguisher 65650:1
            auto-bind-tunnel
                resolution-filter
                    gre
                exit
                resolution filter
            exit
            vrf-target target:65650:1
            interface "Mgmnt-interface" create
                address 192.168.255.0/32
                loopback
            exit
            static-route-entry 10.10.10.1/32
                grt
                    no shutdown
                exit
            exit
            grt-lookup
                enable-grt
                    allow-local-management
                exit
                export-grt "NSP-leak"
            exit
            no shutdown
        exit
    exit