Solved: Re: BGP - Prefix not advertised with VRF Policy control enforcement

FFT · ‎08-07-2018

I have a weird issue with the BGP session between ACI leaf and one external ASR.

I successfully configured an external routed network with eBGP peering, then I created an EPG with the bridge domain attached to the L3-out and with the subnet advertised externally.

The strange behaviour is that if I set the "Policy control enforcement preference" on the VRF to "Unenforced", the leaf correctly announce the prefix to the ASR; if I set it to "Enforce" (both with Egress or Ingress direction), the prefix is no longer announced (but the BGP peering remains up).

Is it an expected behaviour or am I doing something wrong?

I must restrict ingress traffic, so the Policy control enforcement is mandatory for me.

scotteby · ‎08-07-2018

You need a contract. They not only filter but also allow routing prefixes in/out.

View solution in original post

scotteby · ‎08-07-2018

You need a contract. They not only filter but also allow routing prefixes in/out.

FFT · ‎08-07-2018

It works!

I see that even if I put an "all deny" policy on the contract, the leaf still makes the prefix advertisement, while if I leave the contract applied but without filters, the prefix is no longer being advertised.

That's a weird behaviour imho.

Thanks for the solution!