Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1242
Views
0
Helpful
2
Replies

Import specific routes from specific vrfs - need equivalent of route-map and

Jeffrey Wampler
Level 1
Level 1

‎06-08-2017 09:41 PM

We have a service network that hosts servers to be shared with multiple customers, and we provide full MPLS networks for those customers. So within each customer VRF we need to be able to allow customers to advertise any route to our PEs, so they can transport traffic across their VRF to any destination PE.

Say CUST1 (RT 1:1) has been assigned 172.16.0.0/24 as their client to our service.

Say CUST2 (RT 2:1) has been assigned 172.16.1.0/24 as their client to our service.

So far easy import RT 1:1 and 2:2 with a map (filter/prefix-list) allowing only 172.16.0.0/24 and 172.16.1.0/24.

!

ip vrf SP

 rd 208.83.11.4:100

 import map SP-IMPORT

 route-target export 100:1

 route-target import 1:1

 route-target import 2:1

!

ip prefix-list CUST1 seq 100 permit 172.16.0.0/24

ip prefix-list CUST2 seq 100 permit 172.16.1.0/24

route-map SP-IMPORT permit 100

match ip address prefix-list CUST1

route-map SP-IMPORT permit 200

match ip address prefix-list CUST2

 

Now say CUST1 has 172.16.1.0/24 in their vrf used for another purpose, so we want to import 172.16.1.0/24 but NOT from CUST1. This is where it all breaks down.

We tried:

!

ip vrf SP

 rd 208.83.11.4:100

 import map SP-IMPORT

 route-target export 100:1

 route-target import 1:1

 route-target import 2:1

!

ip extcommunity-list standard CUST1 permit rt 1:1

ip extcommunity-list standard CUST2 permit rt 2:1

!

ip prefix-list CUST1 seq 100 permit 172.16.0.0/24

ip prefix-list CUST2 seq 100 permit 172.16.1.0/24

route-map SP-IMPORT permit 100

match ip address prefix-list CUST1

match extcommunity CUST1

route-map SP-IMPORT permit 200

match ip address prefix-list CUST2

match extcommunity CUST2

BUT.... since the matches are address AND extcommunity the route-map MATCH becomes an OR so if either match the import is a success, so we get 172.16.1.0/24 from CUST1 when we want it from CUST2.

Cannot figure out even with continue how to select routes from a specific VRF/RT ONLY any help would be greatly appreciated.

Thanks,

JW

 

Labels:
0 Helpful
2 Replies 2

Bharat Negi
Level 1
Level 1

‎06-13-2017 03:05 AM

Hi JW

Try to filter 172.16.1.0/24 using a export-map when CUST1 is exporting out of VRF towards MPLS backbone.

Or use an export-map with ACL matching 172.16.0.0/24 and set a different RT (say 1:4) when CUST1 is exporting out of VRF towards MPLS backbone and then import 1:4 at vrf SP.

Regards

Bharat

0 Helpful

Yahia CHARIF
Level 1
Level 1

‎06-14-2017 04:34 AM

Hi Jeffrey,

I don't think that the AND close becomes OR in your route-map. I tested that and it works fine.

If several match commands are present in a clause, all must succeed for a given route in order for that route to match the clause (in other words, the logical AND algorithm is applied for multiple match commands).

http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/49111-route-map-bestp.html#basics

Your configuration is correct:

ip vrf SP
  rd 208.83.11.4:100
  import map SP-IMPORT
  route-target export 100:1
  route-target import 1:1
  route-target import 2:1
!

ip extcommunity-list standard CUST1 permit rt 1:1
ip extcommunity-list standard CUST2 permit rt 2:1
!

ip prefix-list CUST1 seq 100 permit 172.16.0.0/24
ip prefix-list CUST2 seq 100 permit 172.16.1.0/24
!

route-map SP-IMPORT permit 100
  match ip address prefix-list CUST1
  match extcommunity CUST1

route-map SP-IMPORT permit 200
  match ip address prefix-list CUST2
  match extcommunity CUST2

!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents