09-03-2024 12:08 AM
Hi Community,
I am having the following situation now,
R1 -asr1001 having static default route to firewall
0.0.0.0/0---> 192.168.0.17
On R1 I configured following & I like to prefer the BGP path over above default route path.
#R1 Config
interface TenGigabitEthernet0/0/0.500 >> Directly connected interface
encapsulation dot1Q 500
ip address 10.50.120.2 255.255.255.0
standby 1 ip 10.50.120.1
standby 1 priority 105
end
#BGP config on R1
router bgp 394566
bgp log-neighbor-changes
address-family ipv4
redistribute connected >> redistributed connected SVI
exit-address-family
ip vrf 250
rd 200:25
import ipv4 unicast map VRF-Global-to-VRF-250 >> filtering
!
!
interface TenGigabitEthernet0/0/0
no ip address
cdp enable
!
interface TenGigabitEthernet0/0/0.250 >> used for bgp with FW2
description firewall
encapsulation dot1Q 250
ip vrf forwarding 250
ip address 169.254.0.10 255.255.255.248
!
router bgp 394566
!
address-family ipv4 vrf 250
neighbor 169.254.0.9 remote-as 397013
neighbor 169.254.0.9 local-as 4200000001 no-prepend
neighbor 169.254.0.9 description firewall
neighbor 169.254.0.9 activate
neighbor 169.254.0.9 soft-reconfiguration inbound
exit-address-family
!
ip route vrf 250 10.53.120.0 255.255.255.0 169.254.0.9 global >> Added this route in vrf 250
end
#Advertisment
I see the routes are in vrf 250
asr1001#sh ip ro vrf 250
B 10.50.120.0/24
is directly connected, 01:04:19, TenGigabitEthernet0/0/0.500
L 10.50.120.2/32 is directly connected, TenGigabitEthernet0/0/0.500
asr1001#show bgp vpnv4 unicast vrf 250 neighbors 169.254.0.9 advertised-routes
BGP table version is 53, local router ID is 10.254.0.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:25 (default for vrf 250)
Import Map: VRF-Global-to-VRF-250, Address-Family: IPv4 Unicast, Pfx Count/Limit: 1/1000
*> 10.50.120.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 1
I like to prefer the FW2 ( bgp path) over the default route path to reach destination 10.53.120.0/24
What config I am required to add please?
Thank you ...Yuvi
Solved! Go to Solution.
09-09-2024 03:05 AM - edited 09-09-2024 05:32 AM
Hi ,
I am facing the issue between Global vrf & vrf 250
Here is my config
ip prefix-list VRF-250 seq 10 permit 10.50.120.0/24 ( In VRF 250 )
ip prefix-list VRF-Global seq 10 permit 10.50.122.0/24 ( In Global )
R2#sh route-map VRF-Global-to-VRF-250
route-map VRF-Global-to-VRF-250, permit, sequence 10
Match clauses:
ip address prefix-lists: VRF-Global
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R2#sh ip prefix-list VRF-Global
ip prefix-list VRF-Global: 2 entries
seq 10 permit 10.50.122.0/24
R2#sh route-map VRF-250-to-VRF-Global
route-map VRF-250-to-VRF-Global, permit, sequence 10
Match clauses:
ip address prefix-lists: VRF-250
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R2#sh ip prefix-list VRF-250
ip prefix-list VRF-250: 2 entries
seq 10 permit 10.50.120.0/24
ip vrf 250
rd 250:25
import ipv4 unicast map VRF-Global-to-VRF-250
export ipv4 unicast map VRF-250-to-VRF-Global
R2#sh ip ro vrf 250
C 10.50.120.0/24 is directly connected, TenGigabitEthernet0/0/0.500
L 10.50.120.2/32 is directly connected, TenGigabitEthernet0/0/0.500
B 10.50.122.0/24
is directly connected, 2d13h, TenGigabitEthernet0/0/0.502
L 10.50.122.2/32 is directly connected, TenGigabitEthernet0/0/0.502
router bgp 394566
bgp log-neighbor-changes
address-family ipv4
redistribute connected
address-family ipv4 vrf 250
redistribute connected
#PING FROM VRF to Global -NOT WORKING
R2#ping vrf 250 10.50.122.2 source 10.50.120.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.50.122.2, timeout is 2 seconds:
Packet sent with a source address of 10.50.120.2
.....
Success rate is 0 percent (0/5)
What configuration I am missing please ?
09-03-2024 03:17 AM
Static/default route alwas have lower administrative distance in comparison with dynamics protocol. But you can change that.
eBGP have administrative distance of 20 whilst the static route have administrative distance of 1 and you can change to something higher then 20.
ip route 0.0.0.0 0.0.0.0 192.168.0.17 30
09-04-2024 11:40 PM - edited 09-04-2024 11:42 PM
Thank you , AD updated accordingly .
I am having different issues for the vrf route leak
On asr1001 router having vrf 250 & bgp routes in this vrf
I like to export the bgp routes from vrf 250 to global vrf
ip vrf 250
rd 200:25
import ipv4 unicast map VRF-Global-to-VRF-250
export ipv4 unicast map bgpvrf250-to-globalvrf
asr1001(config)#router bgp 394566
asr1001(config-router)#address-family ipv4
asr1001(config-router-af)#redistribute vrf 250 bgp 394566 route-map bgpvrf250-to-globalvrf
% Inter-VRF redistribution is not supported by 'bgp'
asr1001(config-router-af)#
What will be the solution please ?
09-03-2024 05:19 AM
I see only 10.50.x.x not 10.53 ?
That why router use defualt route.
FW use bgp dis you redistrubte 10.53.x.x ?
MHM
09-03-2024 08:49 AM
Thank you MHM ,
I am receiving the 10.53.120.0/24 from FW2 via bgp
asr1001#show bgp vpnv4 unicast vrf 250 neighbors 169.254.0.9 received-routes
BGP table version is 61, local router ID is 10.254.0.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:25 (default for vrf 250)
Import Map: VRF-Global-to-VRF-250, Address-Family: IPv4 Unicast, Pfx Count/Limit: 2/1000
*> 10.53.120.0/24 169.254.0.9 0 397013 e
Total number of prefixes 34
asr1001#
Below is actual my Topology
I like to prefer the FW2 path to reach the destination 10.53.120.0/24 vs static route via R3
What config I am missing for static routes please?
09-03-2024 10:30 AM
When you do
Show ip route vrf 250
Do yoh see
10.53.x.x ?
MHM
09-03-2024 10:39 AM
Yes
asr1001#sh ip ro vrf 250 | i 10.53
B 10.53.120.0/24 [20/0] via 169.254.0.9, 1d08h
09-03-2024 10:41 AM - edited 09-03-2024 10:45 AM
Check below
MHM
09-03-2024 10:44 AM - edited 09-04-2024 12:55 AM
Check below
MHM
09-03-2024 10:47 AM
Traceroute from asr1001
asr1001#traceroute 10.53.120.66
Going to R3, its using the static route instead of bgp
ip route 10.53.0.0 255.255.0.0 192.168.0.60
Tracepath from host in vlan 500
[root@and-dce-rhel01 ~]# tracepath 10.53.120.66
1?: [LOCALHOST] pmtu 1500
1: 10.50.120.2 0.295ms
1: 10.50.120.2 0.158ms
2: 192.168.0.60
09-03-2024 10:58 AM
asr1001#sh run | i 10.53
ip route 10.53.0.0 255.255.0.0 192.168.0.60
ip route vrf 250 10.53.120.0 255.255.255.0 169.254.0.9 global 50
asr1001#
[root@and-dce-rhel01 ~]# tracepath 10.53.120.66
1?: [LOCALHOST] pmtu 1500
1: 10.50.120.2 0.172ms
1: 10.50.120.2 0.152ms
2: 192.168.0.60 0.222ms >> R3
09-03-2024 11:02 AM
Its still following the path via R3 static route , Like to follow bgp path via FW2
09-03-2024 11:09 AM
I like to reach the destination using the blue line path via bgp , there is existing static route " shown in green" want to prefer the bgp over existing static route
09-03-2024 10:45 PM - edited 09-03-2024 11:25 PM
My Destination network is 10.53.120.0/24
My local Source SVI is 10.50.120.0/24
Trying to reach destination via bgp path, vrf 250 used for bgp with FW2
asr1001#sh ip ro vrf 250 | i 10.53
B 10.53.120.0/24 [20/0] via 169.254.0.9, 01:17:16 >> received from FW2 via BGP
asr1001#sh ip ro vrf 250 | i 10.50
B 10.50.120.0/24 >> Directly connected svi redistributed " using redistribute connected " under bgp
L 10.50.120.2/32 is directly connected, TenGigabitEthernet0/0/0.500
asr1001#sh ip ro vrf 250
Routing Table: 250
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
B 10.50.120.0/24
is directly connected, 01:33:47, TenGigabitEthernet0/0/0.500
L 10.50.120.2/32 is directly connected, TenGigabitEthernet0/0/0.500
B 10.50.121.0/24
[20/11] via 192.168.0.17, 01:33:47, TenGigabitEthernet0/0/0.184
B 10.53.120.0/24 [20/0] via 169.254.0.9, 01:26:27
I am not having any static route in the vrf 250
There is default route in global , I set AD 50 for it
ip route 0.0.0.0 0.0.0.0 192.168.0.17 50
Trace from host in vlan 500 ( my source svi on asr1001)
[root@and-dce-rhel01 ~]# tracepath 10.53.120.66
1?: [LOCALHOST] pmtu 1500
1: 10.50.120.2 0.155ms
1: 10.50.120.2 0.135ms
2: 10.50.120.2 0.121ms !H stopping in asr1001
Resume: pmtu 1500
[root@and-dce-rhel01 ~]#
What config I do really missing please ? ..
09-03-2024 11:44 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide