EBGP Advertisement between Cisco ASR to firewall

Yuvi1983 · ‎08-22-2024

Hi Community ,

I am having asr1001 & added the following config for bgp

ip vrf 250

interface Port-channel1.250
encapsulation dot1Q 250
ip vrf forwarding 250
ip address 169.254.0.11 255.255.255.248

router bgp 65133
bgp router-id 10.254.0.2
bgp log-neighbor-changes

address-family ipv4 vrf 250

network 10.200.0.0 mask 255.255.255.0
network 10.220.0.0 mask 255.255.255.0
neighbor 169.254.0.9 remote-as 397013
neighbor 169.254.0.9 local-as 4200000001 no-prepend
neighbor 169.254.0.9 activate
neighbor 169.254.0.9 soft-reconfiguration inbound
exit-address-family

BGP established with Neighbour

core1-rt-and#show bgp vpnv4 unicast vrf 250 summary
BGP router identifier 10.254.0.2, local AS number 65133
BGP table version is 34, main routing table version 34
7 network entries using 1792 bytes of memory
7 path entries using 840 bytes of memory
3/3 BGP path/bestpath attribute entries using 768 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
1 BGP community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3448 total bytes of memory
BGP activity 371/336 prefixes, 458/423 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
169.254.0.9 4 397013 8969 8508 34 0 0 2d16h 4
core1-rt-and#

Networks under bgp with network command are not advertising to Neighbour.

network 10.200.0.0 mask 255.255.255.0
network 10.220.0.0 mask 255.255.255.0

Do I am missing any configuration for VRF 250 please?

Whats the config I am really missing here ?

Thank you ..

MHM Cisco World · ‎08-23-2024

https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/216541-vrf-configuration-examples-on-ios-xe.html

Check link how to leak between vrf and global

Also vrf you config is missing RD

MHM

Yuvi1983 · ‎08-29-2024

Thank you, I added the following configurations but still asr1001 not advertising

I like to advertise the network 10.50.120.0/24 connected directly on asr1001

Following is the configurations; can you please tell what I am missing in the following configurations?

#SVI on asr1001
interface Port-channel1.500
description Test SVI on ASR1001
encapsulation dot1Q 500
ip address 10.50.120.3 255.255.255.0
standby 1 ip 10.50.120.1

#Route-map
asr1001#sh route-map VRF-Global-to-VRF-250
route-map VRF-Global-to-VRF-250, permit, sequence 10
Match clauses:
ip address prefix-lists: VRF-Global
Set clauses:
Policy routing matches: 0 packets, 0 bytes

#Prefix-list
asr1001#sh ip prefix-list VRF-Global
ip prefix-list VRF-Global: 2 entries
seq 5 permit 10.50.120.0/24

# ip vrf & bgp configurations

ASR1001#
ip vrf 250
rd 200:250
import ipv4 unicast map VRF-Global-to-VRF-250
!
!
interface Port-channel1
no ip address
no negotiation auto
!
interface Port-channel1.250 (USED for BGP config, BGP neighborship established with firewall)
description firewall
encapsulation dot1Q 250
ip vrf forwarding 250
ip address 169.254.0.11 255.255.255.248
!
router bgp 65133
!
address-family ipv4 vrf 250
redistribute connected route-map VRF-Global-to-VRF-250
neighbor 169.254.0.9 remote-as 397013
neighbor 169.254.0.9 local-as 4200000001 no-prepend
neighbor 169.254.0.9 description firewall
neighbor 169.254.0.9 activate
neighbor 169.254.0.9 soft-reconfiguration inbound
exit-address-family
!
end

asr1001#show bgp vpnv4 unicast vrf 250 summary
BGP router identifier 10.254.0.2, local AS number 65133
BGP table version is 55, main routing table version 55
5 network entries using 1280 bytes of memory
5 path entries using 600 bytes of memory
3/3 BGP path/bestpath attribute entries using 768 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
1 BGP community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2696 total bytes of memory
BGP activity 375/342 prefixes, 466/433 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
169.254.0.9 4 397013 32167 30514 55 0 0 1w2d 4
core1-rt-and#

asr1001#show bgp vpnv4 unicast vrf 250 neighbors 169.254.0.9 advertised-routes

No found 10.50.120.0/24 in the routing table

MHM Cisco World · ‎08-30-2024

router bgp 65133

Redistrubte connect <<- since SVI in global we will redistrubte it into global bgp' and bgp will import these prefix into vrf 250

address-family ipv4 vrf 250
redistribute connected route-map VRF-Global-to-VRF-250 <<- no need this we use import map for global to vrf

You will face other issue which is from svi to any prefix learn from vrf 250' this solve by

Ip route vrf x.x.x.x/× <next-hop> global

Try above and check

MHM