In order to understand the use of Front Door VRFs let us use a simple topology as below where we will create a Simple GRE tunnel between R1 and R4. Both R1 and R4 will learn about the tunnel destination address via underlying protocol i.e. OSPF in our case.
Once the tunnels are up/up we will create EIGRP neighborship over the tunnel interfaces between R1 and R4.
Tunnel Configuration of R1:
Tunnel Configuration on R4:
Currently route about tunnel destination 126.96.36.199 & 188.8.131.52 are learnt via OSPF
R1#sh ip route 184.108.40.206
R4#sh ip route 220.127.116.11
Now let us create EIGRP neighbor ship between R1 and R4 and let’s see what happens:
R1#sh runn | s r eigrp
R4# sh runn | s r eigrp
Now let’s check the logging on R1 or R4 to see what happened:
Below log shows we built EIGRP neighbor betweenR1 and R4 Tu10 interface.
Here we see the first the EIGRP neighbor ship goes down and then Tu 10 interface goes down due to recursive routing
You will continue to see these messages in the logs repeatedly.
The reason is that initially the Tunnel Destination address 18.104.22.168 and 22.214.171.124 were being learnt via OSPF as underlying protocol.
Once we create EIGRP over the Tunnel 10 interface we receive the route in routing table via EIGRP causing the underlying routing for Tunnel 10 via OSPF to fail ad hence taking tunnel down which in turn causes the EIGRP to go down.
Once EIGRP goes down, route for 126.96.36.199 and 188.8.131.52 again is learnt via OSPF and hence we see the Tunnel coming up and also EIGRP neighbor ship but then the whole process keeps on repeating.
R1#sh int tu10
R1# sh ip route 184.108.40.206
Tunnel Interface again comes up
Step 1: Create Front Door VRF named FVRF on R1 and R4.
Step 2: Configuring physical interface on R1 and R4 to be VRF aware:
R1#sh runn int fa0/0
R4#sh runn int fa0/0
Step 3: Change OSPF to be VRF aware:
R1#sh runn | s r ospf
Step4: Bind Tunnel Interface to FVRF.
We have not moved the Tunnel interface from Global routing table to VRF routing table, it’s just that we tell Tunnel interface to look for the underlying routing in VRF table rather than in Global routing table a was being done earlier.
Now we see the tunnel remains up and stable and also the EIGRP neighbor ship over the tunnel.
R1#sh ip eigrp nei
R1#sh ip route vrf FVRF 220.127.116.11
R1#Sh ip route 18.104.22.168