cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bdaneu
New Contributor

How do you program 908e NTP to use a VRF interface

My Internet is on a VRF interface and the non VRF interface can't go out to the internet it only goes to the ISPs SIP server so how would I program the NTP to go out the VRF Frame relay interface that has internet.

0 Kudos
9 Replies
michael56
New Contributor III

Re: How do you program 908e NTP to use a VRF interface

You would have to build the DLCI and VRF inside your CPE device in order to communicate with the internet VRF. You'll need to compliment the internet VRF's configuration. You'll basically want something along these lines but would need to 'replace all' within the <.........> with the appropriate variables. Depending on your AOS some of the command syntax may/may not be accepted, but this configlet was constructed from a once working adtran device (probably a 4430 or 3430 router). The 908 should accept much of the commands, however you'll need to compensate for interfaces, variables and syntax changes. Here's what I can offer in the way of assistance:

!
ip vrf <CUG_#ONE>
rd <AS_NUMBER>:10
route-target export <AS_NUMBER>:10
route-target import <AS_NUMBER>:10
!
ip vrf <CUG_#TWO>
rd <AS_NUMBER>:11
route-target export <AS_NUMBER>:11
route-target import <AS_NUMBER>:11
!
interface GigabitEthernet0/0
description LAN Block /29
ip vrf forwarding <CUG_#ONE>
ip address <PUBLIC_LAN_BLOCK_IP_with_MASK>
no ip directed-broadcast
service-policy input <policy_name>
no ip redirects
no ip proxy-arp
cdp enable
no ip mroute-cache
duplex auto
speed auto
no shutdown
media-type rj45
negotiation auto
no mop enabled
!
interface GigabitEthernet0/1
description LAN Block /25
ip vrf forwarding <CUG_#ONE>
ip address <PRIVATE_LAN_BLOCK_with_MASK>
no ip directed-broadcast
service-policy input <policy_name>
no ip redirects
no ip proxy-arp
cdp enable
no ip mroute-cache
no shutdown
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/2
description VRF INTERFACE
ip vrf forwarding <CUG_#TWO>
ip address <OTHER_LAN_BLOCK_IP_with_MASK>
no ip directed-broadcast
service-policy input <policy_name>
no ip redirects
no ip proxy-arp
cdp enable
no ip mroute-cache
no shutdown
duplex auto
speed auto
no mop enabled
!


!
interface Serial0/0/0.#1 point-to-point
description PVC to CUG <CUG_#ONE>
ip vrf forwarding <CUG_#ONE>
no shutdown
ip address <DLCI_#ONE_LAN_IP_with_MASK>
max-reserved-bandwidth 100
service-policy output CUSTOM-QOS
frame-relay interface-dlci #1
!
interface Serial0/0/0.#2 point-to-point
description PVC to CUG <CUG_#TWO>
ip vrf forwarding <CUG_#ONE>
no shutdown
ip address <DLCI_#TWO_LAN_IP_with_MASK>
max-reserved-bandwidth 100
service-policy output CUSTOM-QOS
frame-relay interface-dlci #2
!


!
router bgp <AS_NUMBER>
bgp router-id <CPE_WAN_IP_ONLY>
bgp log-neighbor-changes
bgp asnotation dot
no bgp default ipv4-unicast
neighbor <PUBLIC_LAN_IP_NEIGHBOR> remote-as <CUG_#2_REMOTE_AS#>
!
address-family ipv4 vrf <CUG_#ONE>
  redistribute connected route-map con-bgp
  redistribute static
  neighbor <CUG_#1_PE_IP> remote-as <CUG_#1_REMOTE_AS#>
  neighbor <CUG_#1_PE_IP> activate
  neighbor <CUG_#1_PE_IP> send-community
  neighbor <CUG_#1_PE_IP> soft-reconfiguration inbound
  neighbor <CUG_#1_PE_IP> prefix-list E2E in
  neighbor <PUBLIC_LAN_IP_NEIGHBOR> remote-as <CUG_#2_REMOTE_AS#>
  neighbor <PUBLIC_LAN_IP_NEIGHBOR> activate
  neighbor <PUBLIC_LAN_IP_NEIGHBOR> send-community
  neighbor <PUBLIC_LAN_IP_NEIGHBOR> soft-reconfiguration inbound
  no auto-summary
  no synchronization
exit-address-family
address-family ipv4 vrf <CUG_#TWO>
  redistribute connected route-map con-bgp
  redistribute static
  neighbor <CUG_#2_PE_IP> remote-as <CUG_#1_REMOTE_AS#>
  neighbor <CUG_#2_PE_IP> activate
  neighbor <CUG_#2_PE_IP> send-community
  neighbor <CUG_#2_PE_IP> soft-reconfiguration inbound
  neighbor <CUG_#2_PE_IP> prefix-list E2E in
  no auto-summary
  no synchronization
exit-address-family

Re: How do you program 908e NTP to use a VRF interface

I am also not able to get the NTP client to use an interface in a non-default VRF, which is a pain. If this is really not possible can we please get this on the list of feature upgrades so it can get fixed?

Anonymous
Not applicable

Re: How do you program 908e NTP to use a VRF interface

bdaneu‌‌ and tedllewellyn‌‌ you should be able to tell the NTP client to use a non-default VRF using the following command:

ntp server vrf <name> <hostname | ipv4 address>

You can also set the source interface for a non-default VRF using this command:

ntp vrf <name> source <interface>

michael56
New Contributor III

Re: How do you program 908e NTP to use a VRF interface

Jordan,

Are you sure you’re emailing the correct person? I’m not an Adtran engineer/employee that would be able to have any firmware or AOS upgraded. I am just another forum participant on the Adtran forum. Although if you’re doing anything to transvers from a private ciruit to the internet, 1) your ISP would have to allow you to exit the private circuit or ATM circuit to get to the internet (most often thru a hardware or software firewall).

Thank you,

Michael

Re: How do you program 908e NTP to use a VRF interface

Nope, I've already tried those commands. Packet captures of traffic leaving the TA900e still show the traffic using the default VRF (publicly-addressed) interface. It doesn't work.

Anonymous
Not applicable

Re: How do you program 908e NTP to use a VRF interface

Would you mind attaching a copy of your configuration and pcap for me to look at?

Re: How do you program 908e NTP to use a VRF interface

Looking at your post again I think you may be talking about the NTP server on the TA900e. I'm talking about the NTP client on the IAD. Maybe the server will respond on a non-default VRF interface, but the client won't request NTP information from a server on a non-default VRF interface. If you are talking about the client I can put that config back together and get a packet trace.

Anonymous
Not applicable

Re: How do you program 908e NTP to use a VRF interface

The commands I referenced are for the NTP client on the unit. I recently tested this in my lab using those commands and was able to get the NTP client to send traffic on a non-default VRF, so go ahead and upload your config and packet capture if you can't get it to work.

Re: How do you program 908e NTP to use a VRF interface

You are right. NTP server will use a non-default VRF interface. SNTP not so much. Not really sure why they offer both.