Solved: Re: BGP path preference over Static default route

Yuvi1983 · ‎09-03-2024

Hi Community,

I am having the following situation now,

R1 -asr1001 having static default route to firewall

0.0.0.0/0---> 192.168.0.17

On R1 I configured following & I like to prefer the BGP path over above default route path.

#R1 Config
interface TenGigabitEthernet0/0/0.500 >> Directly connected interface
encapsulation dot1Q 500
ip address 10.50.120.2 255.255.255.0
standby 1 ip 10.50.120.1
standby 1 priority 105
end

#BGP config on R1
router bgp 394566
bgp log-neighbor-changes
address-family ipv4
redistribute connected >> redistributed connected SVI
exit-address-family

ip vrf 250
rd 200:25
import ipv4 unicast map VRF-Global-to-VRF-250 >> filtering
!
!
interface TenGigabitEthernet0/0/0
no ip address
cdp enable
!
interface TenGigabitEthernet0/0/0.250 >> used for bgp with FW2
description firewall
encapsulation dot1Q 250
ip vrf forwarding 250
ip address 169.254.0.10 255.255.255.248
!
router bgp 394566
!
address-family ipv4 vrf 250
neighbor 169.254.0.9 remote-as 397013
neighbor 169.254.0.9 local-as 4200000001 no-prepend
neighbor 169.254.0.9 description firewall
neighbor 169.254.0.9 activate
neighbor 169.254.0.9 soft-reconfiguration inbound
exit-address-family
!
ip route vrf 250 10.53.120.0 255.255.255.0 169.254.0.9 global >> Added this route in vrf 250
end

#Advertisment
I see the routes are in vrf 250
asr1001#sh ip ro vrf 250
B 10.50.120.0/24
is directly connected, 01:04:19, TenGigabitEthernet0/0/0.500
L 10.50.120.2/32 is directly connected, TenGigabitEthernet0/0/0.500

asr1001#show bgp vpnv4 unicast vrf 250 neighbors 169.254.0.9 advertised-routes
BGP table version is 53, local router ID is 10.254.0.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:25 (default for vrf 250)
Import Map: VRF-Global-to-VRF-250, Address-Family: IPv4 Unicast, Pfx Count/Limit: 1/1000
*> 10.50.120.0/24 0.0.0.0 0 32768 ?

Total number of prefixes 1

I like to prefer the FW2 ( bgp path) over the default route path to reach destination 10.53.120.0/24

What config I am required to add please?

Thank you ...Yuvi

Yuvi1983 · ‎09-09-2024

Hi ,

I am facing the issue between Global vrf & vrf 250

Here is my config

ip prefix-list VRF-250 seq 10 permit 10.50.120.0/24 ( In VRF 250 )
ip prefix-list VRF-Global seq 10 permit 10.50.122.0/24 ( In Global )

R2#sh route-map VRF-Global-to-VRF-250
route-map VRF-Global-to-VRF-250, permit, sequence 10
Match clauses:
ip address prefix-lists: VRF-Global
Set clauses:
Policy routing matches: 0 packets, 0 bytes

R2#sh ip prefix-list VRF-Global
ip prefix-list VRF-Global: 2 entries
seq 10 permit 10.50.122.0/24

R2#sh route-map VRF-250-to-VRF-Global
route-map VRF-250-to-VRF-Global, permit, sequence 10
Match clauses:
ip address prefix-lists: VRF-250
Set clauses:
Policy routing matches: 0 packets, 0 bytes

R2#sh ip prefix-list VRF-250
ip prefix-list VRF-250: 2 entries
seq 10 permit 10.50.120.0/24

ip vrf 250
rd 250:25
import ipv4 unicast map VRF-Global-to-VRF-250
export ipv4 unicast map VRF-250-to-VRF-Global

R2#sh ip ro vrf 250
C 10.50.120.0/24 is directly connected, TenGigabitEthernet0/0/0.500
L 10.50.120.2/32 is directly connected, TenGigabitEthernet0/0/0.500
B 10.50.122.0/24
is directly connected, 2d13h, TenGigabitEthernet0/0/0.502
L 10.50.122.2/32 is directly connected, TenGigabitEthernet0/0/0.502

router bgp 394566
bgp log-neighbor-changes
address-family ipv4
redistribute connected

address-family ipv4 vrf 250
redistribute connected

#PING FROM VRF to Global -NOT WORKING
R2#ping vrf 250 10.50.122.2 source 10.50.120.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.50.122.2, timeout is 2 seconds:
Packet sent with a source address of 10.50.120.2
.....
Success rate is 0 percent (0/5)

What configuration I am missing please ?

View solution in original post

Flavio Miranda · ‎09-03-2024

@Yuvi1983

Static/default route alwas have lower administrative distance in comparison with dynamics protocol. But you can change that.

eBGP have administrative distance of 20 whilst the static route have administrative distance of 1 and you can change to something higher then 20.

ip route 0.0.0.0 0.0.0.0 192.168.0.17 30

Yuvi1983 · ‎09-04-2024

Thank you , AD updated accordingly .

I am having different issues for the vrf route leak

On asr1001 router having vrf 250 & bgp routes in this vrf

I like to export the bgp routes from vrf 250 to global vrf

ip vrf 250
rd 200:25
import ipv4 unicast map VRF-Global-to-VRF-250
export ipv4 unicast map bgpvrf250-to-globalvrf

asr1001(config)#router bgp 394566
asr1001(config-router)#address-family ipv4
asr1001(config-router-af)#redistribute vrf 250 bgp 394566 route-map bgpvrf250-to-globalvrf
% Inter-VRF redistribution is not supported by 'bgp'
asr1001(config-router-af)#

What will be the solution please ?

MHM Cisco World · ‎09-03-2024

I see only 10.50.x.x not 10.53 ?

That why router use defualt route.

FW use bgp dis you redistrubte 10.53.x.x ?

MHM

Yuvi1983 · ‎09-03-2024

Thank you MHM ,

I am receiving the 10.53.120.0/24 from FW2 via bgp

asr1001#show bgp vpnv4 unicast vrf 250 neighbors 169.254.0.9 received-routes
BGP table version is 61, local router ID is 10.254.0.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:25 (default for vrf 250)
Import Map: VRF-Global-to-VRF-250, Address-Family: IPv4 Unicast, Pfx Count/Limit: 2/1000
*> 10.53.120.0/24 169.254.0.9 0 397013 e
Total number of prefixes 34
asr1001#

Below is actual my Topology

I like to prefer the FW2 path to reach the destination 10.53.120.0/24 vs static route via R3

What config I am missing for static routes please?

MHM Cisco World · ‎09-03-2024

When you do

Show ip route vrf 250

Do yoh see

10.53.x.x ?

MHM

Yuvi1983 · ‎09-03-2024

Yes

asr1001#sh ip ro vrf 250 | i 10.53
B 10.53.120.0/24 [20/0] via 169.254.0.9, 1d08h

MHM Cisco World · ‎09-03-2024

Check below

MHM

MHM Cisco World · ‎09-03-2024

Check below

MHM

Yuvi1983 · ‎09-03-2024

Traceroute from asr1001

asr1001#traceroute 10.53.120.66
Going to R3, its using the static route instead of bgp
ip route 10.53.0.0 255.255.0.0 192.168.0.60

Tracepath from host in vlan 500

[root@and-dce-rhel01 ~]# tracepath 10.53.120.66
1?: [LOCALHOST] pmtu 1500
1: 10.50.120.2 0.295ms
1: 10.50.120.2 0.158ms
2: 192.168.0.60

Yuvi1983 · ‎09-03-2024

asr1001#sh run | i 10.53
ip route 10.53.0.0 255.255.0.0 192.168.0.60
ip route vrf 250 10.53.120.0 255.255.255.0 169.254.0.9 global 50
asr1001#

[root@and-dce-rhel01 ~]# tracepath 10.53.120.66
1?: [LOCALHOST] pmtu 1500
1: 10.50.120.2 0.172ms
1: 10.50.120.2 0.152ms
2: 192.168.0.60 0.222ms >> R3

Yuvi1983 · ‎09-03-2024

Its still following the path via R3 static route , Like to follow bgp path via FW2

Yuvi1983 · ‎09-03-2024

I like to reach the destination using the blue line path via bgp , there is existing static route " shown in green" want to prefer the bgp over existing static route

Yuvi1983 · ‎09-03-2024

My Destination network is 10.53.120.0/24

My local Source SVI is 10.50.120.0/24

Trying to reach destination via bgp path, vrf 250 used for bgp with FW2

asr1001#sh ip ro vrf 250 | i 10.53
B 10.53.120.0/24 [20/0] via 169.254.0.9, 01:17:16 >> received from FW2 via BGP

asr1001#sh ip ro vrf 250 | i 10.50

B 10.50.120.0/24 >> Directly connected svi redistributed " using redistribute connected " under bgp
L 10.50.120.2/32 is directly connected, TenGigabitEthernet0/0/0.500

asr1001#sh ip ro vrf 250

Routing Table: 250
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

B 10.50.120.0/24
is directly connected, 01:33:47, TenGigabitEthernet0/0/0.500
L 10.50.120.2/32 is directly connected, TenGigabitEthernet0/0/0.500
B 10.50.121.0/24
[20/11] via 192.168.0.17, 01:33:47, TenGigabitEthernet0/0/0.184
B 10.53.120.0/24 [20/0] via 169.254.0.9, 01:26:27

I am not having any static route in the vrf 250

There is default route in global , I set AD 50 for it

ip route 0.0.0.0 0.0.0.0 192.168.0.17 50

Trace from host in vlan 500 ( my source svi on asr1001)

[root@and-dce-rhel01 ~]# tracepath 10.53.120.66
1?: [LOCALHOST] pmtu 1500
1: 10.50.120.2 0.155ms
1: 10.50.120.2 0.135ms
2: 10.50.120.2 0.121ms !H stopping in asr1001
Resume: pmtu 1500
[root@and-dce-rhel01 ~]#

What config I do really missing please ? ..

MHM Cisco World · ‎09-03-2024