In order to understand the use of Front Door VRFs let us use a simple topology as below where we will create a Simple GRE tunnel between R1 and R4. Both R1 and R4 will learn about the tunnel destination address via underlying protocol i.e. OSPF in our case.
Once the tunnels are up/up we will create EIGRP neighborship over the tunnel interfaces between R1 and R4.
Tunnel Configuration of R1:
Tunnel Configuration on R4:
Currently route about tunnel destination 220.127.116.11 & 18.104.22.168 are learnt via OSPF
R1#sh ip route 22.214.171.124
R4#sh ip route 126.96.36.199
Now let us create EIGRP neighbor ship between R1 and R4 and let’s see what happens:
R1#sh runn | s r eigrp
R4# sh runn | s r eigrp
Now let’s check the logging on R1 or R4 to see what happened:
Below log shows we built EIGRP neighbor betweenR1 and R4 Tu10 interface.
Here we see the first the EIGRP neighbor ship goes down and then Tu 10 interface goes down due to recursive routing
You will continue to see these messages in the logs repeatedly.
The reason is that initially the Tunnel Destination address 188.8.131.52 and 184.108.40.206 were being learnt via OSPF as underlying protocol.
Once we create EIGRP over the Tunnel 10 interface we receive the route in routing table via EIGRP causing the underlying routing for Tunnel 10 via OSPF to fail ad hence taking tunnel down which in turn causes the EIGRP to go down.
Once EIGRP goes down, route for 220.127.116.11 and 18.104.22.168 again is learnt via OSPF and hence we see the Tunnel coming up and also EIGRP neighbor ship but then the whole process keeps on repeating.
R1#sh int tu10
R1# sh ip route 22.214.171.124
Tunnel Interface again comes up
Step 1: Create Front Door VRF named FVRF on R1 and R4.
Step 2: Configuring physical interface on R1 and R4 to be VRF aware:
R1#sh runn int fa0/0
R4#sh runn int fa0/0
Step 3: Change OSPF to be VRF aware:
R1#sh runn | s r ospf
Step4: Bind Tunnel Interface to FVRF.
We have not moved the Tunnel interface from Global routing table to VRF routing table, it’s just that we tell Tunnel interface to look for the underlying routing in VRF table rather than in Global routing table a was being done earlier.
Now we see the tunnel remains up and stable and also the EIGRP neighbor ship over the tunnel.
R1#sh ip eigrp nei
R1#sh ip route vrf FVRF 126.96.36.199
R1#Sh ip route 188.8.131.52