IPv6 VRF Aware System Message Logging

The IPv6 VRF Aware System Message Logging feature enables a device to send system logging (syslog) messages to an IPv6-enabled syslog server connected through a VPN routing and forwarding (VRF) interface. You can use the logging information for network monitoring and troubleshooting. This feature extends this capability to network traffic connected through VRFs.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for IPv6 VRF Aware System Message Logging

You must configure a VPN routing and forwarding (VRF) instance on a routing device and associate the VRF with an interface before you can configure the IPv6 VRF Aware System Message Logging feature.

Restrictions for IPv6 VRF Aware System Message Logging

You cannot specify a source address for virtual routing and forwarding (VRF) system logging messages. The IPv6 VRF Aware System Message Logging feature uses the VRF interface address as the source address for all VRF aware system logging messages.

Information About IPv6 VRF Aware System Message Logging

Benefits of VRF Aware System Message Logging

A VPN routing and forwarding (VRF) instance is an extension of IP routing that provides multiple routing instances. A VRF provides a separate IP routing and forwarding table to each VPN. You must configure a VRF on a routing device before you configure the VRF Aware System Message Logging feature.

After you configure the VRF Aware System Message Logging feature on a routing device, the device can send system logging (syslog) messages to a syslog host through a VRF interface. Then you can use logging messages to monitor and troubleshoot network traffic connected through a VRF. If the VRF Aware System Message Logging feature is not configured on a routing device, the routing device sends syslog messages to the syslog host only through the global routing table.

You can receive system logging messages through a VRF interface on any device configured with a VRF, that is:

  • On a provider edge (PE) device that is used with Multiprotocol Label Switching (MPLS) and multiprotocol Border Gateway Protocol (BGP) to provide a Layer 3 MPLS VPN network service.

  • On a customer edge (CE) device that is configured for VRF-Lite, which is a VRF implementation without multiprotocol BGP.

VRF Aware System Message Logging on a Provider Edge Device in an MPLS VPN Network

You can configure the VRF Aware System Message Logging feature on a provider edge (PE) device in a Layer 3 Multiprotocol Label Switching (MPLS) VPN network. The PE device can then send system logging (syslog) messages through a VPN routing and forwarding (VRF) interface to a syslog server located in the VPN.

The figure below shows an MPLS VPN network and the VRF Aware System Message Logging feature configured on a PE device associated with VRF VPN1. The PE device sends log messages through a VRF interface to a syslog server located in VPN1. You can display the messages from the syslog server on a terminal.

Figure 1. MPLS VPN and VRF Aware System Message Logging Configured on a Provider Edge Device

VRF Aware System Message Logging on a Customer Edge Device with VRF-Lite Configured

You can configure the VRF Aware System Message Logging feature on a customer edge (CE) device configured with the VRF-Lite feature. The CE device can then send system logging (syslog) messages through a VPN routing and forwarding (VRF) interface to syslog servers in multiple VPNs. The CE device can be either a router or a switch.

The figure below shows the VRF Aware System Message Logging feature configured on a VRF-Lite CE device. The CE device can send VRF syslog messages to syslog servers in the VPN1 network or the VPN2 network or to servers in both VPN1 and VPN2 networks. You can configure multiple VRFs on a VRF-Lite CE device, and the device can serve many customers.

Figure 2. VRF Aware System Message Logging Configured on a VRF-Lite Customer Edge Device

Message Levels for Logging Commands

The table below lists message levels for logging commands that you can use when you configure the VRF Aware System Message Logging feature. Information provided in the table below includes keyword level names and numbers, their description, and the associated syslog definitions. You can use either the level name or the level number with the logging trap level and logging buffered severity-level commands.

Table 1. Message Levels for logging Commands

Level Name

Level Number

Description

Syslog Definition

emergencies

0

System unusable

LOG_EMERG

alerts

1

Immediate action needed

LOG_ALERT

critical

2

Critical conditions

LOG_CRIT

errors

3

Error conditions

LOG_ERR

warnings

4

Warning conditions

LOG_WARNING

notifications

5

Normal but significant condition

LOG_NOTICE

informational

6

Informational messages only

LOG_INFO

debugging

7

Debugging messages

LOG_DEBUG

How to Configure IPv6 VRF Aware System Message Logging

Configuring VRF on a Routing Device

Configuring a VPN routing and forwarding (VRF) instance on a routing device helps provide customer connectivity to a VPN. The routing device can be a provider edge (PE) device connected to a Multiprotocol Label Switching (MPLS) VPN network or a customer edge (CE) device that is configured for VRF-Lite.

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.
Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

vrf definition vrf-name

Example:

Device (config)# vrf definition vpn1

Defines a VRF instance and enters VRF configuration mode.

  • The vrf-name argument is a name assigned to the VRF.

Step 4

address-family ipv6

Example:

Device(config-vrf)# address-family ipv6

Enables IPv6 address-family for the defined VRF and enters address family configuration mode.

Step 5

end

Example:

Device(config-vrf-af)# end

Exits address family configuration mode and returns to privileged EXEC mode.

Associating a VRF with an Interface

After configuring the VPN routing and forwarding (VRF) instance and associating it with an interface, you can configure the VRF Aware System Message Logging feature on the routing device.

Note

You cannot configure a source address for VRF system logging messages. The VRF Aware System Message Logging feature uses the VRF interface address as the source address for all VRF-aware system logging messages.


Before you begin

A VRF must be associated with an interface before you can forward VPN traffic.

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.
Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface type number

Example:

Device (config)# interface FastEthernet 0/0/0

Configures an interface type and enters interface configuration mode.

  • The type argument is the type of interface to be configured.

  • The number argument is the port, connector, or interface card number. The numbers are assigned at the factory at the time of installation or when the port, connector, or interface card is added to a system. Use the show interfaces command in privileged EXEC mode to view the available interfaces.

Step 4

vrf forwarding vrf-name

Example:

Device(config-if)# vrf forwarding vpn1

Associates a VRF with an interface or subinterface.

  • The vrf-name argument associates the interface with the specified VRF.

Step 5

no ipv6 address

Example:

Device(config-if)# no ipv6 address

Removes the existing IPv6 address set for an interface.

Step 6

ipv6 address address.prefix

Example:

Device(config-if)# ipv6 address 2001:DB8::1/32

Assigns an IPv6 address for the interface.

Step 7

end

Example:

Device(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Configuring VRF as a Source Interface for Logging on a Routing Device

Before you begin

You must perform the following tasks before you perform this task:
  • Configure a virtual routing and forwarding (VRF) instance on a routing device.

  • Associate a VRF with an interface.

Procedure

  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.
Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

logging source-interface interface-type interface-number vrf vrf-name

Example:

Device (config)# logging source-interface FastEthernet 0/0/0 vrf vpn1

Configures the VRF interface as the source interface for logging.

Step 4

logging host ipv6 ipv6-address vrf vrf-name

Example:

Device(config)# logging host ipv6 2001:DB8:: vrf vpn1

Configures and associates the IPv6-enabled logging host with the VRF.

Step 5

end

Example:

Device(config)# end

Exits global configuration mode and returns to privileged EXEC mode.

Verifying IPv6 VRF Aware System Message Logging

Procedure


Step 1

enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Example:

Device> enable
Step 2

show running-config | include logging

Displays the logging configuration for the device and the logging host for a virtual routing and forwarding (VRF) instance.

This example shows the configuration of a syslog server in VRF syslog with a server host address of 2001:DB8::1.

Example:

Device# show running-config | include logging

logging source-interface Ethernet0/1 vrf syslog
logging host ipv6 2001::DB8:1 vrf syslog
Step 3

show logging

Displays the state of syslog.

Example:

Device# show logging

Trap logging: level informational, 138 message lines logged
Logging to 2001:DB8::1 (v6) (udp port 514, audit disabled,
link up),
24 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging to 2001:DB8::1 (syslog) (udp port 514,
audit disabled,
link up),
4 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:
GigabitEthernet0/0/0 syslog

Configuration Examples for IPv6 VRF Aware System Message Logging

Example: Configuring VRF on a Routing Device

Device> enable
Device# configure terminal
Device(config)# vrf definition syslog_v6 
Device(config-vrf)# address-family ipv6 
Device(config-vrf-af)# end

Example: Associating a VRF with an Interface

Device> enable
Device# configure terminal
Device(config)# interface FastEthernet 0/0/0 
Device(config-if)# vrf forwarding vpn1 
Device(config-if)# no ipv6 address
Device(config-if)# ipv6 address 2001:DB8::1/32
Device(config-if)# end

Example: Configuring VRF as a Source Interface for Logging on a Routing Device

Device> enable
Device# configure terminal
Device(config)# logging source-interface FastEthernet 0/0/0 vrf vpn1 
Device(config)# logging host ipv6 address 2001:DB8::1 vrf vpn1 	
Device(config)# end

Additional References for IPv6 VRF Aware System Message Logging

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

MPLS and MPLS applications commands

Cisco IOS Multiprotocol Label Switching Command Reference

Concepts and tasks for configuring VRF-lite on a Catalyst 4500 switch

“Configuring VRF-lite” chapter in the Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide

Concepts and tasks for configuring VRF Lite on ML-Series Ethernet cards

“Configuring VRF-lite” chapter in the Ethernet Card Software Feature and Configuration Guide for the Cisco ONS 15454 SDH, ONS 15454, and ONS 15327

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for IPv6 VRF Aware System Message Logging

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 2. Feature Information for IPv6 VRF Aware System Message Logging

Feature Name

Releases

Feature Information

IPv6 VRF Aware System Message Logging

Cisco IOS XE Release 3.13S

The IPv6 VRF Aware System Message Logging feature enables a device to send system logging (syslog) messages to an IPv6-enabled syslog server connected through a VPN routing and forwarding (VRF) interface. You can use the logging information for network monitoring and troubleshooting. This feature extends this capability to network traffic connected through VRFs.

The following commands were modified: logging source-interface and logging host .