cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
682
Views
0
Helpful
2
Replies

VXLAN EVPN External Connection

mahdihabashi
Level 1
Level 1

Hi Friends !

I'm Going to configure VXLAN in my fabric and i have a very important question about external connections.

Can we Directly connect our Border Spine/Leaf to the Service Provider and put the service provider physical port into a VRF called for example External-Con.

Then we just import and export route targets between Tenants VRF and thais VRF to let our customers use Internet ?!

i have done this and there is a problem with it ...

all Service providers Routes are Leaked into my Customer VRF but there is no sign of my customer route in External-Con routing table

mahdihabashi_1-1679757382017.png

and here it is my imports and exports :

vrf context Cust-1
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
route-target import 1:1
route-target import 1:1 evpn
route-target export 1:1
route-target export 1:1 evpn
vrf context External-Con
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
route-target import 1:1
route-target import 1:1 evpn
route-target export 1:1
route-target export 1:1 evpn

 

2 Replies 2

M02@rt37
VIP
VIP

Hello @mahdihabashi 

Iit's possible that the routes from your customer VRF are not being properly exported to the External-Con VRF. You may need to configure route leaking or route redistribution to ensure that your customer routes are properly propagated to the External-Con VRF.

Based on the configuration you provided, it appears that you have configured two VRFs: "Cust-1" and "External-Con".

For "Cust-1", you have configured both import and export route targets with the same value of "1:1". This means that all routes with the "1:1" route target will be imported and exported from this VRF. For "External-Con", you have also configured import and export route targets with the same value of "1:1". This means that all routes with the "1:1" route target will be imported and exported from this VRF as well.

However, this configuration alone does not provide any mechanism for route leaking between the two VRFs. If you want to allow routes to be exchanged between these two VRFs, you will need to configure route leaking or route redistribution between them.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

M02@rt37
VIP
VIP

@mahdihabashi 

As an example:

vrf context Cust-1
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
route-target import 1:1
route-target import 1:1 evpn
route-target export 1:2
route-target export 1:2 evpn
route-target import evpn
route-target export evpn
!
vrf context External-Con
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
route-target import 1:2
route-target import 1:2 evpn
route-target export 1:1
route-target export 1:1 evpn
route-target import evpn
route-target export evpn
!
ip extcommunity-list 1 permit rt 1:1
ip extcommunity-list 2 permit rt 1:2
!
route-map CUST-TO-EXT permit 10
match extcommunity 1
set extcommunity rt 1:2 additive
!
route-map EXT-TO-CUST permit 10
match extcommunity 2
set extcommunity rt 1:1 additive
!
router bgp <AS Number>
address-family ipv4 unicast
neighbor [Neighbor IP Address] activate
neighbor [Neighbor IP Address] send-community
neighbor [Neighbor IP Address] route-map CUST-TO-EXT export
neighbor [Neighbor IP Address] route-map EXT-TO-CUST import

------------------------

In this configuration, we have added additional route targets to each VRF: "Cust-1" has an additional export route target of "1:2", while "External-Con" has an additional import route target of "1:2".

We have also created two extended community lists to permit the "1:1" and "1:2" route targets.

Then, we created two route maps: "CUST-TO-EXT" to leak routes from "Cust-1" to "External-Con", and "EXT-TO-CUST" to leak routes from "External-Con" to "Cust-1". These route maps match on the respective extended community lists and set the appropriate route targets to leak the routes.

Finally, we configured BGP with the appropriate route maps to import and export the leaked routes between the VRFs.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Review Cisco Networking for a $25 gift card