This documentation seems wrong, and doesn't work. Am I missing something or does the documentation need to be fixed.
Talking about :
Configuration Centralized VRF Route-Leaking - Shared Internet with Custom VRF
This has ip route 0.0.0.0/0 Null0 in the tenant vrf and advertises it to the tenant vrf.
Obviously this causes the default route to send it to the tenant vrf on the border and gets dropped. The imported 0.0.0.0/0 route from the shared internet vrf won't override the 0.0.0.0/0 static route, so the documentation doesn't make sense to me.
It seems to be missing a command to re-advertise previously imported routes, so it would import the default route from internet vrf and then use the 'advertise-as-vpn' command like in IOS-XR to re-advertise the imported route (with route map of course).
This command(advertise-as-vpn) doesn't seem to exist on nxos, and the way this documentation has the config, it doesn't work.
Either I'm missing a single command somewhere in my test lab , or the documentation is broken.
Has anyone else tried this?
I believe this particular section of the document is incorrect - I will work internally to verify this and get it corrected.
The majority of the configuration example is correct - however, the ip route 0.0.0.0/0 Null0 static route under each tenant VRF (Red, Blue, etc.) should instead be ip route 0.0.0.0/0 10.9.9.1 vrf Shared. This will put a default route in each tenant VRF that has a next-hop of 10.9.9.1 in the Shared VRF (which would be the external next-hop of your Internet-facing gateway).
As mentioned, I will check internally to verify whether this is correct and have the document corrected. Note that since the holiday season is around the corner, it might take some time for an updated copy to be published.
I tried that as well, and it sort-of worked. I need it to be dynamic though as in bgp default route is injected from '10.9.9.1' and imported into red/blue and then red/blue redistribute it (i.e. advertise-vpn/allow-vpn; i know these commands exist in some vrf context but I couldn't get it to work right with EVPN, although it may have been a bug, I will reinvestigate).
The static route worked but if 10.9.9.1 disappears and reappears the route doesn't come back properly, plus it's not a very elegant solution.
Thanks for looking into it at least! I hope to see a better solution proposed, and hopefully more features added to nxos, like being able to force re-advertisement of imported routes to evpn if necessary and also centralized gateway on evpn.