Monitoring and maintaining session limit per vrf, Half-duplex vrf – Cisco 10000 User Manual

4-21

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 4 Configuring Multiprotocol Label Switching

Half-Duplex VRF

Monitoring and Maintaining Session Limit Per VRF

To monitor and maintain the session limit Per VRF feature, enter the following commands in privileged
EXEC mode:

Half-Duplex VRF

The Half-Duplex VRF (HDVRF) feature provides scalable hub and spoke connectivity for subscribers
of a multiprotocol label switching-based virtual private network (MPLS VPN) service. These
subscribers connect to the provider edge (PE) router of the wholesale service provider, and they use the
same or different services (for example, the same or different VRFs). The HDVRF feature prevents local
connectivity between subscribers at the spoke PE router and ensures that a hub site provides subscriber
connectivity. Any sites that connect to the same PE router must forward intersite traffic using the hub
site. This ensures that the routing done at the spoke site is always access side interface to network side
interface, or network side interface to access side interface, and never access side to access side.

In hub and spoke topologies in which multiple-spoke customer edge (CE) routers, also referred to as
spokes, connect to the same PE router, the PE router locally switches the spokes without passing the
traffic through the upstream Internet service provider (ISP). In releases earlier than Cisco IOS
Release 12.2(16)BX2, when spokes connect to the same PE router, it was necessary to configure each
spoke in a separate VRF to ensure that the traffic between the spokes always traverses the central link
between the wholesale service provider and the ISP. However, this solution is manageable only if the
number of spokes is relatively small. When a large number of spokes are connected to the same PE
router, configuring a single VRF for each spoke can become quite complex and can greatly increase
memory usage. This is true especially in large-scale wholesale service provider environments that
support high-density remote access to Layer 3 VPNs.

Command

Purpose

Router# show vpdn session [all [interface |

tunnel

| username] | packets | sequence | state |

timers | window]

Displays VPDN session information including interface, tunnel,
username, packets, status, and window statistics.

The options are:

•

all—All session information for active sessions

•

all interface—Interface associated to a specific session

•

all tunnel—Tunnel attribute filter

•

all username—Username filter

•

packets—Packet and byte count

•

sequence—Sequence numbers

•

state—State of each session

•

timers—Timer information

•

window—Window information

Router# show vpdn

Displays a summary of all active VPDN tunnels.

Router# show vpdn group name

Displays the session limit set and the number of active sessions
and tunnels on the VPDN group you specify.

Router# show vpdn history failure

Displays information about VPDN user failures.