Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
2
Helpful
2
Replies

Routes not leaked in GRT when VRF RDs are different

Go to solution
ThomasD86
Level 1
Level 1

‎09-20-2023 03:50 AM

Hi,
I have a router that advertises this prefix 100:1 2.36.128.0/29 

This address has to be received by two ASR9K: Router A and B which have the same VRF configured with RD 100:2 and 100:3 respectively.

The routes are received by the two 9k and installed in the VRF but, I do want to leak them in the GRT. I created a policy to leak them and noticed this policy only works  if the VRF on Router A and B has the same RD configured as the VRF on the originating router.
If I configure a different RD on the VRF of Router A and B, the route stops being leaked into GRT unless I specify the option "allow-imported-vpn" after the route-policy in the vrf configuration.

I am not quite sure about this behavior. Why if the RD is the same on both the originating router and Router A and B the leaking policy works without needing the "allow-imported-vpn" whereas if I change the RD of the VRFs on router A and B I do need that command to leak routes.

Isn't in both cases the route I receive in the VRF an imported VPN?
Is this some kind of convenience feature where  in case of matching RDs XR just associates the route to the VRF without needing the additional configuration?

Thanks in advance for your help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Level 12
Level 12

‎09-20-2023 10:12 AM - edited ‎09-22-2023 08:31 AM

Hi @ThomasD86 ,

I have observed this same behavior in the past as well and I am unsure what it pertains to. Since most network design that I have been involved with use a different RD on each PE, it is safe to use the "allow-imported-vpn" whenever imported VPN prefixes need to be leaked to the GRT, whether the RDs are the same or not.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

2 Replies 2

Go to solution
Harold Ritter
Level 12
Level 12

‎09-20-2023 10:12 AM - edited ‎09-22-2023 08:31 AM

Hi @ThomasD86 ,

I have observed this same behavior in the past as well and I am unsure what it pertains to. Since most network design that I have been involved with use a different RD on each PE, it is safe to use the "allow-imported-vpn" whenever imported VPN prefixes need to be leaked to the GRT, whether the RDs are the same or not.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Go to solution
ThomasD86
Level 1
Level 1
In response to Harold Ritter

‎09-22-2023 08:28 AM

Hi Harold,

thank you for the clarification.


Have a nice Weekend!

0 Helpful
Customers Also Viewed These Support Documents