Support
Community

You would have to build the DLCI and VRF inside your CPE device in order to communicate with the internet VRF. You'll need to compliment the internet VRF's configuration. You'll basically want something along these lines but would need to 'replace all' within the <.........> with the appropriate variables. Depending on your AOS some of the command syntax may/may not be accepted, but this configlet was constructed from a once working adtran device (probably a 4430 or 3430 router). The 908 should accept much of the commands, however you'll need to compensate for interfaces, variables and syntax changes. Here's what I can offer in the way of assistance:

!
ip vrf <CUG_#ONE>
rd <AS_NUMBER>:10
route-target export <AS_NUMBER>:10
route-target import <AS_NUMBER>:10
!
ip vrf <CUG_#TWO>
rd <AS_NUMBER>:11
route-target export <AS_NUMBER>:11
route-target import <AS_NUMBER>:11
!
interface GigabitEthernet0/0
description LAN Block /29
ip vrf forwarding <CUG_#ONE>
ip address <PUBLIC_LAN_BLOCK_IP_with_MASK>
no ip directed-broadcast
service-policy input <policy_name>
no ip redirects
no ip proxy-arp
cdp enable
no ip mroute-cache
duplex auto
speed auto
no shutdown
media-type rj45
negotiation auto
no mop enabled
!
interface GigabitEthernet0/1
description LAN Block /25
ip vrf forwarding <CUG_#ONE>
ip address <PRIVATE_LAN_BLOCK_with_MASK>
no ip directed-broadcast
service-policy input <policy_name>
no ip redirects
no ip proxy-arp
cdp enable
no ip mroute-cache
no shutdown
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/2
description VRF INTERFACE
ip vrf forwarding <CUG_#TWO>
ip address <OTHER_LAN_BLOCK_IP_with_MASK>
no ip directed-broadcast
service-policy input <policy_name>
no ip redirects
no ip proxy-arp
cdp enable
no ip mroute-cache
no shutdown
duplex auto
speed auto
no mop enabled
!

!
interface Serial0/0/0.#1 point-to-point
description PVC to CUG <CUG_#ONE>
ip vrf forwarding <CUG_#ONE>
no shutdown
ip address <DLCI_#ONE_LAN_IP_with_MASK>
max-reserved-bandwidth 100
service-policy output CUSTOM-QOS
frame-relay interface-dlci #1
!
interface Serial0/0/0.#2 point-to-point
description PVC to CUG <CUG_#TWO>
ip vrf forwarding <CUG_#ONE>
no shutdown
ip address <DLCI_#TWO_LAN_IP_with_MASK>
max-reserved-bandwidth 100
service-policy output CUSTOM-QOS
frame-relay interface-dlci #2
!

!
router bgp <AS_NUMBER>
bgp router-id <CPE_WAN_IP_ONLY>
bgp log-neighbor-changes
bgp asnotation dot
no bgp default ipv4-unicast
neighbor <PUBLIC_LAN_IP_NEIGHBOR> remote-as <CUG_#2_REMOTE_AS#>
!
address-family ipv4 vrf <CUG_#ONE>
  redistribute connected route-map con-bgp
  redistribute static
  neighbor <CUG_#1_PE_IP> remote-as <CUG_#1_REMOTE_AS#>
  neighbor <CUG_#1_PE_IP> activate
  neighbor <CUG_#1_PE_IP> send-community
  neighbor <CUG_#1_PE_IP> soft-reconfiguration inbound
  neighbor <CUG_#1_PE_IP> prefix-list E2E in
  neighbor <PUBLIC_LAN_IP_NEIGHBOR> remote-as <CUG_#2_REMOTE_AS#>
  neighbor <PUBLIC_LAN_IP_NEIGHBOR> activate
  neighbor <PUBLIC_LAN_IP_NEIGHBOR> send-community
  neighbor <PUBLIC_LAN_IP_NEIGHBOR> soft-reconfiguration inbound
  no auto-summary
  no synchronization
exit-address-family
address-family ipv4 vrf <CUG_#TWO>
  redistribute connected route-map con-bgp
  redistribute static
  neighbor <CUG_#2_PE_IP> remote-as <CUG_#1_REMOTE_AS#>
  neighbor <CUG_#2_PE_IP> activate
  neighbor <CUG_#2_PE_IP> send-community
  neighbor <CUG_#2_PE_IP> soft-reconfiguration inbound
  neighbor <CUG_#2_PE_IP> prefix-list E2E in
  no auto-summary
  no synchronization
exit-address-family

I am also not able to get the NTP client to use an interface in a non-default VRF, which is a pain. If this is really not possible can we please get this on the list of feature upgrades so it can get fixed?

Jordan,

Are you sure you’re emailing the correct person? I’m not an Adtran engineer/employee that would be able to have any firmware or AOS upgraded. I am just another forum participant on the Adtran forum. Although if you’re doing anything to transvers from a private ciruit to the internet, 1) your ISP would have to allow you to exit the private circuit or ATM circuit to get to the internet (most often thru a hardware or software firewall).

Thank you,

Michael

Nope, I've already tried those commands. Packet captures of traffic leaving the TA900e still show the traffic using the default VRF (publicly-addressed) interface. It doesn't work.

Looking at your post again I think you may be talking about the NTP server on the TA900e. I'm talking about the NTP client on the IAD. Maybe the server will respond on a non-default VRF interface, but the client won't request NTP information from a server on a non-default VRF interface. If you are talking about the client I can put that config back together and get a packet trace.

You are right. NTP server will use a non-default VRF interface. SNTP not so much. Not really sure why they offer both.