cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1204
Views
4
Helpful
31
Replies

BGP path preference over Static default route

Yuvi1983
Level 1
Level 1

Hi Community, 

I am having the following situation now,

R1 -asr1001 having static default route to firewall 

       0.0.0.0/0---> 192.168.0.17

On R1 I configured following & I like to prefer the BGP path over above default route path.

 

Yuvi1983_1-1725346557244.png

#R1 Config
interface TenGigabitEthernet0/0/0.500 >> Directly connected interface
encapsulation dot1Q 500
ip address 10.50.120.2 255.255.255.0
standby 1 ip 10.50.120.1
standby 1 priority 105
end

#BGP config on R1
router bgp 394566
bgp log-neighbor-changes
address-family ipv4
redistribute connected >> redistributed connected SVI
exit-address-family

ip vrf 250
rd 200:25
import ipv4 unicast map VRF-Global-to-VRF-250 >> filtering
!
!
interface TenGigabitEthernet0/0/0
no ip address
cdp enable
!
interface TenGigabitEthernet0/0/0.250 >> used for bgp with FW2
description firewall
encapsulation dot1Q 250
ip vrf forwarding 250
ip address 169.254.0.10 255.255.255.248
!
router bgp 394566
!
address-family ipv4 vrf 250
neighbor 169.254.0.9 remote-as 397013
neighbor 169.254.0.9 local-as 4200000001 no-prepend
neighbor 169.254.0.9 description firewall
neighbor 169.254.0.9 activate
neighbor 169.254.0.9 soft-reconfiguration inbound
exit-address-family
!
ip route vrf 250 10.53.120.0 255.255.255.0 169.254.0.9 global >> Added this route in vrf 250
end

#Advertisment
I see the routes are in vrf 250
asr1001#sh ip ro vrf 250
B 10.50.120.0/24
is directly connected, 01:04:19, TenGigabitEthernet0/0/0.500
L 10.50.120.2/32 is directly connected, TenGigabitEthernet0/0/0.500

asr1001#show bgp vpnv4 unicast vrf 250 neighbors 169.254.0.9 advertised-routes
BGP table version is 53, local router ID is 10.254.0.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:25 (default for vrf 250)
Import Map: VRF-Global-to-VRF-250, Address-Family: IPv4 Unicast, Pfx Count/Limit: 1/1000
*> 10.50.120.0/24 0.0.0.0 0 32768 ?

Total number of prefixes 1


I like to prefer the FW2 ( bgp path) over the default route path to reach destination 10.53.120.0/24

What config I am required to add please?

 Thank you ...Yuvi 

 

 

 

 

  

31 Replies 31

I am still doing config edit & testing . will come back ...Thank you so much 

Hi , 

I am facing the issue between Global vrf & vrf 250 

Yuvi1983_0-1725876247069.png

Here is my config 

ip prefix-list VRF-250 seq 10 permit 10.50.120.0/24 ( In VRF 250 )
ip prefix-list VRF-Global seq 10 permit 10.50.122.0/24 ( In Global )


R2#sh route-map VRF-Global-to-VRF-250
route-map VRF-Global-to-VRF-250, permit, sequence 10
Match clauses:
ip address prefix-lists: VRF-Global
Set clauses:
Policy routing matches: 0 packets, 0 bytes

R2#sh ip prefix-list VRF-Global
ip prefix-list VRF-Global: 2 entries
seq 10 permit 10.50.122.0/24


R2#sh route-map VRF-250-to-VRF-Global
route-map VRF-250-to-VRF-Global, permit, sequence 10
Match clauses:
ip address prefix-lists: VRF-250
Set clauses:
Policy routing matches: 0 packets, 0 bytes

R2#sh ip prefix-list VRF-250
ip prefix-list VRF-250: 2 entries
seq 10 permit 10.50.120.0/24


ip vrf 250
rd 250:25
import ipv4 unicast map VRF-Global-to-VRF-250
export ipv4 unicast map VRF-250-to-VRF-Global

 

R2#sh ip ro vrf 250
C 10.50.120.0/24 is directly connected, TenGigabitEthernet0/0/0.500
L 10.50.120.2/32 is directly connected, TenGigabitEthernet0/0/0.500
B 10.50.122.0/24
is directly connected, 2d13h, TenGigabitEthernet0/0/0.502
L 10.50.122.2/32 is directly connected, TenGigabitEthernet0/0/0.502

router bgp 394566
bgp log-neighbor-changes
address-family ipv4
redistribute connected

address-family ipv4 vrf 250
redistribute connected

#PING FROM VRF to Global -NOT WORKING
R2#ping vrf 250 10.50.122.2 source 10.50.120.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.50.122.2, timeout is 2 seconds:
Packet sent with a source address of 10.50.120.2
.....
Success rate is 0 percent (0/5)

What configuration I am missing please ?