Cisco NX-OS/IOS Layer-3 Virtualization Comparison

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(updated with IOS - NX-OS difference regarding export maps)
 
Line 1: Line 1:
-
<font size = "3">'''Objective'''</font>  
+
<font size="3">'''Objective'''</font>  
This tech note outlines the main differences in Layer 3 virtualization support between Cisco® NX-OS Software and Cisco IOS® Software. Sample configurations are included for Cisco NX-OS and Cisco IOS Software for some common features to demonstrate the similarities and differences. Please refer to the [http://www.cisco.com/en/US/products/ps9402/products_installation_and_configuration_guides_list.html NX-OS documentation on Cisco.com] for a complete list of supported features.  
This tech note outlines the main differences in Layer 3 virtualization support between Cisco® NX-OS Software and Cisco IOS® Software. Sample configurations are included for Cisco NX-OS and Cisco IOS Software for some common features to demonstrate the similarities and differences. Please refer to the [http://www.cisco.com/en/US/products/ps9402/products_installation_and_configuration_guides_list.html NX-OS documentation on Cisco.com] for a complete list of supported features.  
 +
<br> <font size="3">'''Virtualization Routing and Forwarding Overview'''</font>
-
<font size = "3">'''Virtualization Routing and Forwarding Overview'''</font>
+
Virtual Routing and Forwarding (VRF) provides an additional layer of network virtualization on top of virtual device contexts (VDCs). VRF provides separate unicast and multicast address space and associated routing protocols that make independent forwarding decisions. All unicast and multicast protocols support VRF functionality.
-
Virtual Routing and Forwarding (VRF) provides an additional layer of network virtualization on top of virtual device contexts (VDCs). VRF provides separate unicast and multicast address space and associated routing protocols that make independent forwarding decisions. All unicast and multicast protocols support VRF functionality.
+
<br> <font size="3">'''Important Cisco NX-OS and Cisco IOS Software Differences'''</font>
 +
In Cisco NX-OS:
-
<font size = "3">'''Important Cisco NX-OS and Cisco IOS Software Differences'''</font>
+
*Cisco NX-OS supports 1000 VRF instances per chassis consisting of 250 VRF instances per VDC with 4 VDCs (994 VRF instances can be configured in 1 VDC).
 +
*Two VRF instances are configured by default. The management port on the supervisor module is assigned to the '''management''' VRF, and all I/O module ports are assigned to the '''default''' VRF.
 +
*VRF instances can be enabled without any command-line interface (CLI) prerequisites. Cisco IOS Software requires '''ip cef''' to be enabled globally before a VRF instance can be configured.
 +
*Multicast routing/forwarding can be configured per VRF instance without having to globally enable the VRF instance for multicast . Cisco IOS Software requires the global '''ip multicast-routing vrf ''&lt;name&gt;'' ''' command per VRF instance.
 +
*The CLI for enabling VRF routing for a protocol is consistent for all routing protocols, whereas Cisco IOS Software uses address families for Border Gateway Protocol (BGP), Routing Information Protocol (RIP), and Enhanced Interior Gateway Routing Protocol (EIGRP) and requires unique routing process IDs per VRF for Integrated Intermediate System-to-Intermediate System (ISIS) and Open Shortest Path First (OSPF).
 +
*In Cisco NX-OS, numerous VRF instances can be assigned to a single routing protocol instance.
 +
*IP static routes are configured under the specified '''vrf context'''. In Cisco IOS Software, all static routes are configured in global configuration mode with the '''vrf''' option.
 +
*A VRF instance can be manually disabled with the '''shutdown''' command. Cisco IOS Software does not have the CLI capability to manually disable a VRF instance.
 +
*If a VRF context is removed with the '''no vrf context ''&lt;name&gt;'' '''configuration command, the VRF context commands will be removed from the running configuration making the VRF non-functional, but all non context related VRF commands will remain in the running configuration. When a VRF is removed in Cisco IOS Software, the VRF instance and all related VRF commands are automatically removed from the running configuration, including any interface IP addresses previously associated to the VRF instance.
 +
*The '''default''' VRF instance is the default routing context for all '''show''' commands.
 +
*When configuring route import / export functionality for VRF-lite or MPLS VPNs, NX-OS requires export statement to be configured in order for export map to take effect. In IOS, export map can take effect without configuring export statement.
-
In Cisco NX-OS:
+
<br>  
-
* Cisco NX-OS supports 1000 VRF instances per chassis consisting of 250 VRF instances per VDC with 4 VDCs (994 VRF instances can be configured in 1 VDC).
+
-
* Two VRF instances are configured by default. The management port on the supervisor module is assigned to the '''management''' VRF, and all I/O module ports are assigned to the '''default''' VRF.
+
-
* VRF instances can be enabled without any command-line interface (CLI) prerequisites. Cisco IOS Software requires '''ip cef''' to be enabled globally before a VRF instance can be configured.
+
-
* Multicast routing/forwarding can be configured per VRF instance without having to globally enable the VRF instance for multicast .  Cisco IOS Software requires the global '''ip multicast-routing vrf ''<name>'' ''' command per VRF instance.
+
-
* The CLI for enabling VRF routing for a protocol is consistent for all routing protocols, whereas Cisco IOS Software uses address families for Border Gateway Protocol (BGP), Routing Information Protocol (RIP), and Enhanced Interior Gateway Routing Protocol (EIGRP) and requires unique routing process IDs per VRF for Integrated Intermediate System-to-Intermediate System (ISIS) and Open Shortest Path First (OSPF).
+
-
* In Cisco NX-OS, numerous VRF instances can be assigned to a single routing protocol instance.
+
-
* IP static routes are configured under the specified '''vrf context'''. In Cisco IOS Software, all static routes are configured in global configuration mode with the '''vrf''' option.
+
-
* A VRF instance can be manually disabled with the '''shutdown''' command. Cisco IOS Software does not have the CLI capability to manually disable a VRF instance.
+
-
* If a VRF context is removed  with the '''no vrf context ''<name>'' '''configuration command, the VRF context commands will be removed from the running configuration making the VRF non-functional, but all non context related VRF commands will remain in the running configuration.  When a VRF is removed in Cisco IOS Software, the VRF instance and all related VRF commands are automatically removed from the running configuration, including any interface IP addresses previously associated to the VRF instance.
+
-
* The '''default''' VRF instance is the default routing context for all '''show''' commands.
+
 +
<br> <font size="3">'''Things You Should Know'''</font>
 +
The following list provides some additional facts about Cisco NX-OS that should be helpful when configuring and maintaining VRF instances.
 +
<br>
-
<font size = "3">'''Things You Should Know'''</font>
+
*When you assign a VRF instance to an interface with an IP address previously configured, the interface IP address is automatically removed.
 +
*Static routes or dynamic routing protocols can be configured for routing in a VRF instance (BGP, EIGRP, ISIS, OSPF, static routes, and RIPv2).
 +
*IP troubleshooting tools such as ping and traceroute are VRF aware and require the name of a specific VRF instance if testing in the '''default''' VRF instance is not desired.
 +
*The '''routing-context vrf''' command can be executed in EXEC mode to change the routing context to a non-default VRF instance. For example, typing '''routing-context vrf management''' changes the routing context, so all VRF related commands are executed in the '''management''' VRF as opposed to the '''default''' VRF.
 +
*Network management–related services such as authentication, authorization and accounting (AAA), Call Home, DNS, FTP, HTTP, NetFlow, NTP, PING, RADIUS, SCP, sFTP, SNMP, SSH, Syslog, TACACS+, TELNET, TFTP, Traceroute, and XML are VRF aware.
 +
*The global configuration '''write erase boot''' command will erase the '''management''' VRF instance configuration. The '''write erase''' command without the '''boot''' option will not.
-
The following list provides some additional facts about Cisco NX-OS that should be helpful when configuring and maintaining VRF instances.
+
<br> <font size="3">'''Configuration Comparison'''</font>
 +
The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. Sample code is provided only to illustrate how to enable VRF routing. The Cisco NX-OS CLI is simpler and more consistent since it allows multiple VRF instances to be assigned to a single routing protocol instance, whereas Cisco IOS Software uses different techniques depending on the routing protocol.
-
* When you assign a VRF instance to an interface with an IP address previously configured, the interface IP address is automatically removed.
+
<br>  
-
* Static routes or dynamic routing protocols can be configured for routing in a VRF instance (BGP, EIGRP, ISIS, OSPF, static routes, and RIPv2).
+
-
* IP troubleshooting tools such as ping and traceroute are VRF aware and require the name of a specific VRF instance if testing in the '''default''' VRF instance is not desired.
+
-
* The '''routing-context vrf''' command can be executed in EXEC mode to change the routing context to a non-default VRF instance.  For example, typing '''routing-context vrf management''' changes the routing context, so all VRF related commands are executed in the '''management''' VRF as opposed to the '''default''' VRF.
+
-
* Network management–related services such as authentication, authorization and accounting (AAA), Call Home, DNS, FTP, HTTP, NetFlow, NTP, PING, RADIUS, SCP, sFTP, SNMP, SSH, Syslog, TACACS+, TELNET, TFTP, Traceroute, and XML are VRF aware.
+
-
* The global configuration <b>write erase boot</b> command will erase the <b>management</b> VRF instance configuration.  The <b>write erase</b> command without the <b>boot</b> option will not.
+
 +
{| border="0" cellpadding="2" cellspacing="6"
 +
|-
 +
! width="475" align="center" | <font size="5">'''''Cisco IOS CLI'''''</font>
 +
! width="475" align="center" | <font size="5">'''''Cisco NX-OS CLI'''''</font>
 +
|-
 +
| <font size="3">'''Creating a VRF Instance'''</font>
 +
|}
-
<font size = "3">'''Configuration Comparison'''</font>
+
{| border="0" cellpadding="2" cellspacing="6"
 +
|-
 +
! width="475" align="left" style="background:#ED9121;" | <font color="white">'''ip cef'''  
 +
ip vrf vrf-1
-
The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. Sample code is provided only to illustrate how to enable VRF routing. The Cisco NX-OS CLI is simpler and more consistent since it allows multiple VRF instances to be assigned to a single routing protocol instance, whereas Cisco IOS Software uses different techniques depending on the routing protocol.
+
<br> New Syntax:
 +
 
 +
<br> vrf definition vrf-1
 +
 
 +
address-family ipv4
 +
</font>
 +
! width="475" align="left" style="background:#99CCFF;" | '''vrf context vrf-1'''
 +
|}
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
!width="475" align="center" |<font size = "5">'''''Cisco IOS CLI'''''</font>
 
-
!width="475" align="center" |<font size = "5">'''''Cisco NX-OS CLI'''''</font>
 
-
|-
 
-
|<font size = "3">'''Creating a VRF Instance'''</font>
 
|-
|-
 +
| <font size="3">'''Assigning an Interface to a VRF'''</font>
 +
|}
 +
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''ip cef
+
|-
-
ip vrf vrf-1
+
! width="475" align="left" style="background:#ED9121;" | <font color="white">'''interface Ethernet2/1'''
 +
ip vrf forwarding vrf-1  
 +
ip address 192.168.10.1 255.255.255.0
 +
</font>
 +
! width="475" align="left" style="background:#99CCFF;" | '''interface Ethernet2/1'''
 +
vrf member vrf-1
-
New Syntax:
+
ip address 192.168.10.1/24
 +
|}
-
vrf definition vrf-1
 
-
 
-
address-family ipv4'''
 
-
!width="475" align="left" style="background:#99CCFF;" |'''vrf context vrf-1'''
 
-
|-
 
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
|<font size = "3">'''Assigning an Interface to a VRF'''</font>
 
|-
|-
-
{| border="0" cellpadding="2" cellspacing="6"
+
| <font size="3">'''Enabling BGP in a VRF'''</font>
-
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''interface Ethernet2/1
+
|}
-
ip vrf forwarding vrf-1
+
-
ip address 192.168.10.1 255.255.255.0'''
 
-
!width="475" align="left" style="background:#99CCFF;" |'''interface Ethernet2/1
 
-
 
-
vrf member vrf-1
 
-
 
-
ip address 192.168.10.1/24'''
 
-
|-
 
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
|<font size = "3">'''Enabling BGP in a VRF'''</font>
 
|-
|-
-
{| border="0" cellpadding="2" cellspacing="6"
+
! width="475" align="left" style="background:#ED9121;" | <font color="white">'''router bgp 10'''
-
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''router bgp 10
+
address-family ipv4 vrf vrf-1
 +
 
 +
neighbor 192.168.10.2 remote-as 20
 +
 
 +
neighbor 192.168.10.2 activate
 +
 
 +
network 192.168.1.1 mask 255.255.255.255
 +
 
 +
exit-address-family
 +
</font>
 +
! width="475" align="left" style="background:#99CCFF;" | '''router bgp 10'''
 +
vrf vrf-1
 +
 
 +
address-family ipv4 unicast
 +
 
 +
network 192.168.1.1/32
 +
 
 +
neighbor 192.168.10.2 remote-as 20
 +
 
 +
address-family ipv4 unicast
 +
 
 +
|}
-
address-family ipv4 vrf vrf-1
 
-
 
-
neighbor 192.168.10.2 remote-as 20
 
-
 
-
neighbor 192.168.10.2 activate
 
-
 
-
network 192.168.1.1 mask 255.255.255.255
 
-
 
-
exit-address-family'''
 
-
!width="475" align="left" style="background:#99CCFF;" |'''router bgp 10
 
-
vrf vrf-1
 
-
   
 
-
address-family ipv4 unicast
 
-
     
 
-
network 192.168.1.1/32
 
-
   
 
-
neighbor 192.168.10.2 remote-as 20
 
-
     
 
-
address-family ipv4 unicast'''
 
-
|-
 
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
|<font size = "3">'''Enabling EIGRP in a VRF'''</font>
 
|-
|-
 +
| <font size="3">'''Enabling EIGRP in a VRF'''</font>
 +
|}
 +
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''interface Ethernet2/1
+
|-
 +
! width="475" align="left" style="background:#ED9121;" | <font color="white">'''interface Ethernet2/1'''
 +
ip vrf forwarding vrf-1  
-
ip vrf forwarding vrf-1
+
ip address 192.168.10.1 255.255.255.0
-
ip address 192.168.10.1 255.255.255.0
+
<br>
 +
router eigrp 10
 +
address-family ipv4 vrf vrf-1
-
router eigrp 10
+
autonomous-system 10  
-
address-family ipv4 vrf vrf-1
+
network 192.168.10.0
-
autonomous-system 10
+
no auto-summary
 +
</font>
 +
! width="475" align="left" style="background:#99CCFF;" | '''interface Ethernet2/1'''
 +
vrf member vrf-1
-
network 192.168.10.0
+
ip address 192.168.10.1/24
-
no auto-summary'''
+
ip router eigrp 10
-
!width="475" align="left" style="background:#99CCFF;" |'''interface Ethernet2/1
+
-
vrf member vrf-1
+
<br> router eigrp 10
-
ip address 192.168.10.1/24
+
vrf vrf-1  
-
 
+
-
ip router eigrp 10
+
 +
|}
-
router eigrp 10
 
-
 
-
vrf vrf-1'''
 
-
|-
 
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
|<font size = "3">'''Enabling ISIS in a VRF'''</font>
 
|-
|-
 +
| <font size="3">'''Enabling ISIS in a VRF'''</font>
 +
|}
 +
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''interface Ethernet2/1
+
|-
-
+
! width="475" align="left" style="background:#ED9121;" | <font color="white">'''interface Ethernet2/1'''
-
ip vrf forwarding vrf-1
+
ip vrf forwarding vrf-1  
-
+
-
ip address 192.168.10.1 255.255.255.0
+
-
+
-
ip router isis 10
+
 +
ip address 192.168.10.1 255.255.255.0
 +
ip router isis 10
-
router isis 10
+
<br>
-
+
-
vrf vrf-1
+
-
+
-
net 49.0001.0000.0001.00'''
+
-
!width="475" align="left" style="background:#99CCFF;" |'''interface Ethernet2/1
+
-
 
+
-
vrf member vrf-1
+
-
 
+
-
ip address 192.168.10.1/24
+
-
 
+
-
ip router isis 10
+
 +
router isis 10
 +
 +
vrf vrf-1
 +
 +
net 49.0001.0000.0001.00
 +
</font>
 +
! width="475" align="left" style="background:#99CCFF;" | '''interface Ethernet2/1'''
 +
vrf member vrf-1
 +
 +
ip address 192.168.10.1/24
 +
 +
ip router isis 10
 +
 +
<br> router isis 10
 +
 +
vrf vrf-1
 +
 +
net 49.0001.0000.0001.00
 +
 +
|}
-
router isis 10
 
-
 
 
-
vrf vrf-1
 
-
   
 
-
net 49.0001.0000.0001.00'''
 
-
|-
 
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
|<font size = "3">'''Enabling OSPF in a VRF'''</font>
 
|-
|-
 +
| <font size="3">'''Enabling OSPF in a VRF'''</font>
 +
|}
 +
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''interface Ethernet2/1
+
|-
-
+
! width="475" align="left" style="background:#ED9121;" | <font color="white">'''interface Ethernet2/1'''
-
ip vrf forwarding vrf-1
+
ip vrf forwarding vrf-1  
-
+
-
ip address 192.168.10.1 255.255.255.0
+
 +
ip address 192.168.10.1 255.255.255.0
-
router ospf 10 vrf vrf-1
+
<br> router ospf 10 vrf vrf-1  
-
network 192.168.10.0 0.0.0.255 area 0'''
+
network 192.168.10.0 0.0.0.255 area 0  
-
!width="475" align="left" style="background:#99CCFF;" |'''interface Ethernet2/1
+
</font>
 +
! width="475" align="left" style="background:#99CCFF;" | '''interface Ethernet2/1'''
 +
vrf member vrf-1  
-
vrf member vrf-1
+
ip address 192.168.10.1/24
-
ip address 192.168.10.1/24
+
ip router ospf 10 area 0
-
ip router ospf 10 area 0
+
<br> router ospf 10  
 +
vrf vrf-1
-
router ospf 10
+
|}
-
vrf vrf-1'''
 
-
|-
 
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
|<font size = "3">'''Enabling RIPv2 in a VRF'''</font>
 
|-
|-
 +
| <font size="3">'''Enabling RIPv2 in a VRF'''</font>
 +
|}
 +
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''interface Ethernet2/1
+
|-
-
ip vrf forwarding vrf-1
+
! width="475" align="left" style="background:#ED9121;" | <font color="white">'''interface Ethernet2/1'''
 +
ip vrf forwarding vrf-1  
-
ip address 192.168.10.1 255.255.255.0
+
ip address 192.168.10.1 255.255.255.0  
 +
<br> router rip
-
router rip
+
address-family ipv4 vrf vrf-1  
-
+
-
address-family ipv4 vrf vrf-1
+
-
+
-
network 192.168.10.0
+
-
+
-
version 2
+
-
+
-
exit-address-family'''
+
-
!width="475" align="left" style="background:#99CCFF;" |'''interface Ethernet2/1
+
-
vrf member vrf-1
+
-
 
+
-
ip address 192.168.10.1/24
+
-
 
+
-
ip router rip 10
+
 +
network 192.168.10.0
-
router rip 10
+
version 2
 +
 
 +
exit-address-family
 +
</font>
 +
! width="475" align="left" style="background:#99CCFF;" | '''interface Ethernet2/1'''
 +
vrf member vrf-1
 +
 
 +
ip address 192.168.10.1/24
 +
 
 +
ip router rip 10
 +
 
 +
<br> router rip 10  
 +
 
 +
vrf vrf-1
 +
 
 +
|}
-
vrf vrf-1
 
-
|-
 
{| border="0" cellpadding="2" cellspacing="6"
{| border="0" cellpadding="2" cellspacing="6"
-
|<font size = "3">'''Configuring Static Routes in a VRF'''</font>
 
|-
|-
-
{| border="0" cellpadding="2" cellspacing="6"
+
| <font size="3">'''Configuring Static Routes in a VRF'''</font>
-
!width="475" align="left" style="background:#ED9121;" |<font color="white">'''ip route vrf vrf-1 192.168.2.0 255.255.255.0 192.168.10.2'''
+
|}
-
!width="475" align="left" style="background:#99CCFF;" |'''vrf context vrf-1
+
-
ip route 192.168.2.0/24 192.168.10.2'''
+
{| border="0" cellpadding="2" cellspacing="6"
|-
|-
-
|}
+
! width="475" align="left" style="background:#ED9121;" | <font color="white">'''ip route vrf vrf-1 192.168.2.0 255.255.255.0 192.168.10.2'''</font>
-
 
+
! width="475" align="left" style="background:#99CCFF;" | '''vrf context vrf-1'''
 +
ip route 192.168.2.0/24 192.168.10.2
 +
|}
 +
<br>
-
<font size = "3">'''Verification Command Comparison'''</font>
+
<br> <font size="3">'''Verification Command Comparison'''</font>  
-
The following table compares some useful '''show''' commands for verifying and troubleshooting VRF instances.
+
The following table compares some useful '''show''' commands for verifying and troubleshooting VRF instances.  
 +
<br>
{| border="1" cellpadding="2"
{| border="1" cellpadding="2"
-
!width="225" align="left" style="background:#99CCFF;" |'''Cisco NX-OS VRF'''
 
-
!width="225" align="left" style="background:#99CCFF;" |'''Cisco IOS Software VRF'''
 
-
!width="475" align="left" style="background:#99CCFF;" |'''Command Description'''
 
|-
|-
-
|'''show vrf'''|| show ip vrf || Displays a list of all configured VRF instances
+
! width="225" align="left" style="background:#99CCFF;" | '''Cisco NX-OS VRF'''  
 +
! width="225" align="left" style="background:#99CCFF;" | '''Cisco IOS Software VRF'''
 +
! width="475" align="left" style="background:#99CCFF;" | '''Command Description'''
|-
|-
-
|'''show vrf''' ''<name>''|| show ip vrf ''<name>'' || Displays a specific VRF instance
+
| '''show vrf'''
 +
| show ip vrf  
 +
| Displays a list of all configured VRF instances
|-
|-
-
|'''show vrf''' ''<name>'' '''detail'''|| show ip vrf detail ''<name>'' || Displays details for a specific VRF instance
+
| '''show vrf''' ''&lt;name&gt;''
 +
| show ip vrf ''&lt;name&gt;''  
 +
| Displays a specific VRF instance
|-
|-
-
|'''show vrf''' ''<name>'' '''interface'''|| - || Displays the interface assignment for a specific VRF instance
+
| '''show vrf''' ''&lt;name&gt;'' '''detail'''
 +
| show ip vrf detail ''&lt;name&gt;''
 +
| Displays details for a specific VRF instance
|-
|-
-
|'''show vrf default'''|| - || Displays a summary of the '''default''' VRF instance
+
| '''show vrf''' ''&lt;name&gt;'' '''interface'''
 +
| -
 +
| Displays the interface assignment for a specific VRF instance
|-
|-
-
|'''show vrf detail'''|| show ip vrf detail || Displays details for all VRF instances
+
| '''show vrf default'''
 +
| -
 +
| Displays a summary of the '''default''' VRF instance
|-
|-
-
|'''show vrf interface'''|| show ip vrf interfaces || Displays VRF interface assignments for all VRF instances
+
| '''show vrf detail'''
 +
| show ip vrf detail
 +
| Displays details for all VRF instances
|-
|-
-
|'''show vrf management'''|| - || Displays a summary of the '''management''' VRF instance
+
| '''show vrf interface'''
 +
| show ip vrf interfaces
 +
| Displays VRF interface assignments for all VRF instances
|-
|-
-
| <font color="white"> - || <font color="white"> - || <font color="white"> -
+
| '''show vrf management'''
 +
| -  
 +
| Displays a summary of the '''management''' VRF instance
|-
|-
-
|'''show ip route vrf all'''|| - || Displays routes for all VRF instances
+
| <font color="white">-</font>
 +
| <font color="white">-</font>
 +
| <font color="white">-</font>
|-
|-
-
|'''show ip route vrf default'''|| - || Displays routes for the '''default''' VRF instance
+
| '''show ip route vrf all'''
 +
| -  
 +
| Displays routes for all VRF instances
|-
|-
-
|'''show ip route vrf management'''|| - || Displays routes for the '''management''' VRF instance
+
| '''show ip route vrf default'''
 +
| -  
 +
| Displays routes for the '''default''' VRF instance
|-
|-
-
|'''show ip route vrf''' ''<name>''|| show ip route vrf ''<name>'' || Displays routes for a specific VRF instance (multiple sub-options)
+
| '''show ip route vrf management'''
 +
| -
 +
| Displays routes for the '''management''' VRF instance
|-
|-
-
| <font color="white"> - || <font color="white"> - || <font color="white"> -
+
| '''show ip route vrf''' ''&lt;name&gt;''
 +
| show ip route vrf ''&lt;name&gt;''
 +
| Displays routes for a specific VRF instance (multiple sub-options)
|-
|-
-
|'''show ip arp vrf''' ''<name>''|| show ip arp vrf ''<name>'' || Displays Address Resolution Protocol (ARP) entries for a specific VRF instance
+
| <font color="white">-</font>
 +
| <font color="white">-</font>
 +
| <font color="white">-</font>
|-
|-
-
| <font color="white"> - || <font color="white"> - || <font color="white"> -
+
| '''show ip arp vrf''' ''&lt;name&gt;''
 +
| show ip arp vrf ''&lt;name&gt;''
 +
| Displays Address Resolution Protocol (ARP) entries for a specific VRF instance
|-
|-
-
|'''show ip bgp vrf ''' ''<name>''|| show ip bgp vpnv4 vrf ''<name>'' || Displays BGP commands for a specific VRF instance
+
| <font color="white">-</font>
 +
| <font color="white">-</font>
 +
| <font color="white">-</font>
|-
|-
-
|'''show ip eigrp vrf ''' ''<name>''|| show ip eigrp vrf ''<name>'' || Displays EIGRP information for specific VRF instance
+
| '''show ip bgp vrf ''' ''&lt;name&gt;''
 +
| show ip bgp vpnv4 vrf ''&lt;name&gt;''  
 +
| Displays BGP commands for a specific VRF instance
|-
|-
-
|'''show ip isis vrf ''' ''<name>''|| show isis ''<#>'' || Displays ISIS commands for a specific VRF instance
+
| '''show ip eigrp vrf ''' ''&lt;name&gt;''
 +
| show ip eigrp vrf ''&lt;name&gt;''  
 +
| Displays EIGRP information for specific VRF instance
|-
|-
-
|'''show ip ospf vrf ''' ''<name>''|| show ip ospf ''<#>'' || Displays OSPF information for a specific VRF instance
+
| '''show ip isis vrf ''' ''&lt;name&gt;''
 +
| show isis ''&lt;#&gt;''  
 +
| Displays ISIS commands for a specific VRF instance
|-
|-
-
|'''show ip rip vrf ''' ''<name>''|| show ip rip database vrf ''<name>'' || Displays RIP information for a specific VRF instance
+
| '''show ip ospf vrf ''' ''&lt;name&gt;''
 +
| show ip ospf ''&lt;#&gt;''  
 +
| Displays OSPF information for a specific VRF instance
|-
|-
-
|'''show ip static-route vrf ''' ''<name>''|| - || Displays static routes for a specific VRF instance
+
| '''show ip rip vrf ''' ''&lt;name&gt;''
 +
| show ip rip database vrf ''&lt;name&gt;''
 +
| Displays RIP information for a specific VRF instance
|-
|-
-
| <font color="white"> - || <font color="white"> - || <font color="white"> -
+
| '''show ip static-route vrf ''' ''&lt;name&gt;''
 +
| -  
 +
| Displays static routes for a specific VRF instance
|-
|-
-
|'''show forwarding vrf''' ''<name>''|| show ip cef vrf ''<name>'' || Displays FIB information for a specific VRF (multiple sub-options)
+
| <font color="white">-</font>
 +
| <font color="white">-</font>
 +
| <font color="white">-</font>
|-
|-
-
| <font color="white"> - || <font color="white"> - || <font color="white"> -
+
| '''show forwarding vrf''' ''&lt;name&gt;''
 +
| show ip cef vrf ''&lt;name&gt;''
 +
| Displays FIB information for a specific VRF (multiple sub-options)
|-
|-
-
|'''show routing vrf'''|| - || Displays a subset of the '''show vrf''' commands
+
| <font color="white">-</font>
 +
| <font color="white">-</font>
 +
| <font color="white">-</font>
|-
|-
-
|'''show routing-context'''|| - || Displays the current routing context
+
| '''show routing vrf'''
 +
| -  
 +
| Displays a subset of the '''show vrf''' commands
|-
|-
 +
| '''show routing-context'''
 +
| -
 +
| Displays the current routing context
|}
|}

Latest revision as of 19:29, 17 January 2012

Objective

This tech note outlines the main differences in Layer 3 virtualization support between Cisco® NX-OS Software and Cisco IOS® Software. Sample configurations are included for Cisco NX-OS and Cisco IOS Software for some common features to demonstrate the similarities and differences. Please refer to the NX-OS documentation on Cisco.com for a complete list of supported features.


Virtualization Routing and Forwarding Overview

Virtual Routing and Forwarding (VRF) provides an additional layer of network virtualization on top of virtual device contexts (VDCs). VRF provides separate unicast and multicast address space and associated routing protocols that make independent forwarding decisions. All unicast and multicast protocols support VRF functionality.


Important Cisco NX-OS and Cisco IOS Software Differences

In Cisco NX-OS:

  • Cisco NX-OS supports 1000 VRF instances per chassis consisting of 250 VRF instances per VDC with 4 VDCs (994 VRF instances can be configured in 1 VDC).
  • Two VRF instances are configured by default. The management port on the supervisor module is assigned to the management VRF, and all I/O module ports are assigned to the default VRF.
  • VRF instances can be enabled without any command-line interface (CLI) prerequisites. Cisco IOS Software requires ip cef to be enabled globally before a VRF instance can be configured.
  • Multicast routing/forwarding can be configured per VRF instance without having to globally enable the VRF instance for multicast . Cisco IOS Software requires the global ip multicast-routing vrf <name> command per VRF instance.
  • The CLI for enabling VRF routing for a protocol is consistent for all routing protocols, whereas Cisco IOS Software uses address families for Border Gateway Protocol (BGP), Routing Information Protocol (RIP), and Enhanced Interior Gateway Routing Protocol (EIGRP) and requires unique routing process IDs per VRF for Integrated Intermediate System-to-Intermediate System (ISIS) and Open Shortest Path First (OSPF).
  • In Cisco NX-OS, numerous VRF instances can be assigned to a single routing protocol instance.
  • IP static routes are configured under the specified vrf context. In Cisco IOS Software, all static routes are configured in global configuration mode with the vrf option.
  • A VRF instance can be manually disabled with the shutdown command. Cisco IOS Software does not have the CLI capability to manually disable a VRF instance.
  • If a VRF context is removed with the no vrf context <name> configuration command, the VRF context commands will be removed from the running configuration making the VRF non-functional, but all non context related VRF commands will remain in the running configuration. When a VRF is removed in Cisco IOS Software, the VRF instance and all related VRF commands are automatically removed from the running configuration, including any interface IP addresses previously associated to the VRF instance.
  • The default VRF instance is the default routing context for all show commands.
  • When configuring route import / export functionality for VRF-lite or MPLS VPNs, NX-OS requires export statement to be configured in order for export map to take effect. In IOS, export map can take effect without configuring export statement.



Things You Should Know

The following list provides some additional facts about Cisco NX-OS that should be helpful when configuring and maintaining VRF instances.


  • When you assign a VRF instance to an interface with an IP address previously configured, the interface IP address is automatically removed.
  • Static routes or dynamic routing protocols can be configured for routing in a VRF instance (BGP, EIGRP, ISIS, OSPF, static routes, and RIPv2).
  • IP troubleshooting tools such as ping and traceroute are VRF aware and require the name of a specific VRF instance if testing in the default VRF instance is not desired.
  • The routing-context vrf command can be executed in EXEC mode to change the routing context to a non-default VRF instance. For example, typing routing-context vrf management changes the routing context, so all VRF related commands are executed in the management VRF as opposed to the default VRF.
  • Network management–related services such as authentication, authorization and accounting (AAA), Call Home, DNS, FTP, HTTP, NetFlow, NTP, PING, RADIUS, SCP, sFTP, SNMP, SSH, Syslog, TACACS+, TELNET, TFTP, Traceroute, and XML are VRF aware.
  • The global configuration write erase boot command will erase the management VRF instance configuration. The write erase command without the boot option will not.


Configuration Comparison

The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. Sample code is provided only to illustrate how to enable VRF routing. The Cisco NX-OS CLI is simpler and more consistent since it allows multiple VRF instances to be assigned to a single routing protocol instance, whereas Cisco IOS Software uses different techniques depending on the routing protocol.


Cisco IOS CLI Cisco NX-OS CLI
Creating a VRF Instance
ip cef

ip vrf vrf-1


New Syntax:


vrf definition vrf-1

address-family ipv4

vrf context vrf-1


Assigning an Interface to a VRF
interface Ethernet2/1

ip vrf forwarding vrf-1

ip address 192.168.10.1 255.255.255.0

interface Ethernet2/1

vrf member vrf-1

ip address 192.168.10.1/24

Enabling BGP in a VRF
router bgp 10

address-family ipv4 vrf vrf-1

neighbor 192.168.10.2 remote-as 20

neighbor 192.168.10.2 activate

network 192.168.1.1 mask 255.255.255.255

exit-address-family

router bgp 10

vrf vrf-1

address-family ipv4 unicast

network 192.168.1.1/32

neighbor 192.168.10.2 remote-as 20

address-family ipv4 unicast

Enabling EIGRP in a VRF
interface Ethernet2/1

ip vrf forwarding vrf-1

ip address 192.168.10.1 255.255.255.0


router eigrp 10

address-family ipv4 vrf vrf-1

autonomous-system 10

network 192.168.10.0

no auto-summary

interface Ethernet2/1

vrf member vrf-1

ip address 192.168.10.1/24

ip router eigrp 10


router eigrp 10

vrf vrf-1

Enabling ISIS in a VRF
interface Ethernet2/1

ip vrf forwarding vrf-1

ip address 192.168.10.1 255.255.255.0

ip router isis 10


router isis 10

vrf vrf-1

net 49.0001.0000.0001.00

interface Ethernet2/1

vrf member vrf-1

ip address 192.168.10.1/24

ip router isis 10


router isis 10

vrf vrf-1

net 49.0001.0000.0001.00

Enabling OSPF in a VRF
interface Ethernet2/1

ip vrf forwarding vrf-1

ip address 192.168.10.1 255.255.255.0


router ospf 10 vrf vrf-1

network 192.168.10.0 0.0.0.255 area 0

interface Ethernet2/1

vrf member vrf-1

ip address 192.168.10.1/24

ip router ospf 10 area 0


router ospf 10

vrf vrf-1

Enabling RIPv2 in a VRF
interface Ethernet2/1

ip vrf forwarding vrf-1

ip address 192.168.10.1 255.255.255.0


router rip

address-family ipv4 vrf vrf-1

network 192.168.10.0

version 2

exit-address-family

interface Ethernet2/1

vrf member vrf-1

ip address 192.168.10.1/24

ip router rip 10


router rip 10

vrf vrf-1

Configuring Static Routes in a VRF
ip route vrf vrf-1 192.168.2.0 255.255.255.0 192.168.10.2 vrf context vrf-1

ip route 192.168.2.0/24 192.168.10.2



Verification Command Comparison

The following table compares some useful show commands for verifying and troubleshooting VRF instances.


Cisco NX-OS VRF Cisco IOS Software VRF Command Description
show vrf show ip vrf Displays a list of all configured VRF instances
show vrf <name> show ip vrf <name> Displays a specific VRF instance
show vrf <name> detail show ip vrf detail <name> Displays details for a specific VRF instance
show vrf <name> interface - Displays the interface assignment for a specific VRF instance
show vrf default - Displays a summary of the default VRF instance
show vrf detail show ip vrf detail Displays details for all VRF instances
show vrf interface show ip vrf interfaces Displays VRF interface assignments for all VRF instances
show vrf management - Displays a summary of the management VRF instance
- - -
show ip route vrf all - Displays routes for all VRF instances
show ip route vrf default - Displays routes for the default VRF instance
show ip route vrf management - Displays routes for the management VRF instance
show ip route vrf <name> show ip route vrf <name> Displays routes for a specific VRF instance (multiple sub-options)
- - -
show ip arp vrf <name> show ip arp vrf <name> Displays Address Resolution Protocol (ARP) entries for a specific VRF instance
- - -
show ip bgp vrf <name> show ip bgp vpnv4 vrf <name> Displays BGP commands for a specific VRF instance
show ip eigrp vrf <name> show ip eigrp vrf <name> Displays EIGRP information for specific VRF instance
show ip isis vrf <name> show isis <#> Displays ISIS commands for a specific VRF instance
show ip ospf vrf <name> show ip ospf <#> Displays OSPF information for a specific VRF instance
show ip rip vrf <name> show ip rip database vrf <name> Displays RIP information for a specific VRF instance
show ip static-route vrf <name> - Displays static routes for a specific VRF instance
- - -
show forwarding vrf <name> show ip cef vrf <name> Displays FIB information for a specific VRF (multiple sub-options)
- - -
show routing vrf - Displays a subset of the show vrf commands
show routing-context - Displays the current routing context

Rating: 4.9/5 (18 votes cast)

Personal tools