09-03-2024 12:08 AM
Hi Community,
I am having the following situation now,
R1 -asr1001 having static default route to firewall
0.0.0.0/0---> 192.168.0.17
On R1 I configured following & I like to prefer the BGP path over above default route path.
#R1 Config
interface TenGigabitEthernet0/0/0.500 >> Directly connected interface
encapsulation dot1Q 500
ip address 10.50.120.2 255.255.255.0
standby 1 ip 10.50.120.1
standby 1 priority 105
end
#BGP config on R1
router bgp 394566
bgp log-neighbor-changes
address-family ipv4
redistribute connected >> redistributed connected SVI
exit-address-family
ip vrf 250
rd 200:25
import ipv4 unicast map VRF-Global-to-VRF-250 >> filtering
!
!
interface TenGigabitEthernet0/0/0
no ip address
cdp enable
!
interface TenGigabitEthernet0/0/0.250 >> used for bgp with FW2
description firewall
encapsulation dot1Q 250
ip vrf forwarding 250
ip address 169.254.0.10 255.255.255.248
!
router bgp 394566
!
address-family ipv4 vrf 250
neighbor 169.254.0.9 remote-as 397013
neighbor 169.254.0.9 local-as 4200000001 no-prepend
neighbor 169.254.0.9 description firewall
neighbor 169.254.0.9 activate
neighbor 169.254.0.9 soft-reconfiguration inbound
exit-address-family
!
ip route vrf 250 10.53.120.0 255.255.255.0 169.254.0.9 global >> Added this route in vrf 250
end
#Advertisment
I see the routes are in vrf 250
asr1001#sh ip ro vrf 250
B 10.50.120.0/24
is directly connected, 01:04:19, TenGigabitEthernet0/0/0.500
L 10.50.120.2/32 is directly connected, TenGigabitEthernet0/0/0.500
asr1001#show bgp vpnv4 unicast vrf 250 neighbors 169.254.0.9 advertised-routes
BGP table version is 53, local router ID is 10.254.0.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:25 (default for vrf 250)
Import Map: VRF-Global-to-VRF-250, Address-Family: IPv4 Unicast, Pfx Count/Limit: 1/1000
*> 10.50.120.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 1
I like to prefer the FW2 ( bgp path) over the default route path to reach destination 10.53.120.0/24
What config I am required to add please?
Thank you ...Yuvi
Solved! Go to Solution.
09-05-2024 10:48 AM
I am still doing config edit & testing . will come back ...Thank you so much
09-09-2024 03:05 AM - edited 09-09-2024 05:32 AM
Hi ,
I am facing the issue between Global vrf & vrf 250
Here is my config
ip prefix-list VRF-250 seq 10 permit 10.50.120.0/24 ( In VRF 250 )
ip prefix-list VRF-Global seq 10 permit 10.50.122.0/24 ( In Global )
R2#sh route-map VRF-Global-to-VRF-250
route-map VRF-Global-to-VRF-250, permit, sequence 10
Match clauses:
ip address prefix-lists: VRF-Global
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R2#sh ip prefix-list VRF-Global
ip prefix-list VRF-Global: 2 entries
seq 10 permit 10.50.122.0/24
R2#sh route-map VRF-250-to-VRF-Global
route-map VRF-250-to-VRF-Global, permit, sequence 10
Match clauses:
ip address prefix-lists: VRF-250
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R2#sh ip prefix-list VRF-250
ip prefix-list VRF-250: 2 entries
seq 10 permit 10.50.120.0/24
ip vrf 250
rd 250:25
import ipv4 unicast map VRF-Global-to-VRF-250
export ipv4 unicast map VRF-250-to-VRF-Global
R2#sh ip ro vrf 250
C 10.50.120.0/24 is directly connected, TenGigabitEthernet0/0/0.500
L 10.50.120.2/32 is directly connected, TenGigabitEthernet0/0/0.500
B 10.50.122.0/24
is directly connected, 2d13h, TenGigabitEthernet0/0/0.502
L 10.50.122.2/32 is directly connected, TenGigabitEthernet0/0/0.502
router bgp 394566
bgp log-neighbor-changes
address-family ipv4
redistribute connected
address-family ipv4 vrf 250
redistribute connected
#PING FROM VRF to Global -NOT WORKING
R2#ping vrf 250 10.50.122.2 source 10.50.120.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.50.122.2, timeout is 2 seconds:
Packet sent with a source address of 10.50.120.2
.....
Success rate is 0 percent (0/5)
What configuration I am missing please ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide