Unfortunately it doesn't work. Probably I've missed something, when described my topology...Note, that all three VRF are on the same (7301) router. VRF#1 and VRF#2 have full-views (via eBGP) from different upstreams. What I need to get into VRF#3, is mixed (VRF#1/VRF#2) full-view with default route from VRF#1.

So, I've configured following:

ip vrf VRF#1

rd 1:1

route-target export 1:1

route-target import 1:1

ip vrf VRF#2

rd 1:2

export map export-vrf2

route-target export 1:2

route-target import 1:2

ip vrf VRF#3

rd 1:3

import map import-vrf3

route-target export 1:3

route-target import 1:3

route-target import 1:1

route-target import 1:2

...

ip extcommunity-list 1 permit rt 0.0.0.0:2

...

ip prefix-list default seg 5 permit 0.0.0.0/0

...

route-map export-vrf2 permit 10

match ip addess prefix-list default

set extcommunity rt 0.0.0.0:2 additive

route-map import-vrf3 deny 10

match extcommunity 1

It looks like "set extcommunity" string in route-map export-vrf2 doesn't work, because i have following output when performing command:

#show ip bgp vnpv4 vrf VRF#3 0.0.0.0/0

BGP routing table entry for 1:3:0.0.0.0/0, version 27073

Paths: (2 available, best #2, table VRF#3)

Not advertised to any peer

Local, imported path from 1:1:0.0.0.0/0

X.X.X.X from X.X.X.X (X.X.X.X)

Origin IGP, metric 0, localpref 100, valid, internal, best

Community: blah blah blah

Extended Community: RT:1:1

Local, imported path from 1:2:0.0.0.0/0

Y.Y.Y.Y from Y.Y.Y.Y (Y.Y.Y.Y)

Origin IGP, metric 0, localpref 100, valid, internal

Community: blah blah blah

Extended Community: RT:1:2

~~~~~~

As we can see excommunity 0.0.0.0:2 hasn't been added, so the prefix hasn't been filtered...

Tim.

You shouldn't set the "route-target export 1:3" for VRF#1 and VRF#2 and use the "export map" to attach the appropriate route-target instead. By using the "route-target export" all prefixes will be tagged and will be accepted by the "route import 1:3" configured on VRF#3.

Here's a quick test that I ran:

ip vrf VRF#1

rd 1:1

export map export-vrf1

route-target export 1:1

route-target import 1:1

!

ip vrf VRF#2

rd 1:2

export map export-vrf2

route-target export 1:2

route-target import 1:2

!

ip vrf VRF#3

rd 1:3

route-target export 1:3

route-target import 1:3

!

ip prefix-list default seq 5 permit 0.0.0.0/0

!

route-map export-vrf2 permit 10

match ip address prefix-list default

!

route-map export-vrf2 permit 20

set extcommunity rt 1:3 additive

!

route-map export-vrf1 permit 10

set extcommunity rt 1:3 additive

!

Here's the result:

R1#sh ip ro vrf VRF#1

C 192.168.1.0/24 is directly connected, Ethernet0/0

S* 0.0.0.0/0 [1/0] via 192.168.1.2

R1#sh ip ro vrf VRF#2

C 192.168.2.0/24 is directly connected, Ethernet1/0

S* 0.0.0.0/0 [1/0] via 192.168.2.2

R1#sh ip ro vrf VRF#3

B 192.168.1.0/24 is directly connected, 00:21:50, Ethernet0/0

B 192.168.2.0/24 is directly connected, 00:21:50, Ethernet1/0

C 192.168.3.0/24 is directly connected, Ethernet2/0

B* 0.0.0.0/0 [20/0] via 192.168.1.2 (VRF#1), 00:21:50

R1#

R1#sh ip bgp v vrf VRF#3 192.168.1.0

BGP routing table entry for 1:3:192.168.1.0/24, version 10

Paths: (1 available, best #1, table VRF#3)

Not advertised to any peer

Local, imported path from 1:1:192.168.1.0/24

0.0.0.0 from 0.0.0.0 (1.1.1.1)

Origin incomplete, metric 0, localpref 100, weight 32768, valid, external, best

Extended Community: RT:1:1 RT:1:3

R1#sh ip bgp v vrf VRF#3 192.168.2.0

BGP routing table entry for 1:3:192.168.2.0/24, version 13

Paths: (1 available, best #1, table VRF#3)

Not advertised to any peer

Local, imported path from 1:2:192.168.2.0/24

0.0.0.0 from 0.0.0.0 (1.1.1.1)

Origin incomplete, metric 0, localpref 100, weight 32768, valid, external, best

Extended Community: RT:1:2 RT:1:3

R1#sh ip bgp v vrf VRF#3 0.0.0.0

BGP routing table entry for 1:3:0.0.0.0/0, version 8

Paths: (1 available, best #1, table VRF#3)

Not advertised to any peer

Local, imported path from 1:1:0.0.0.0/0

192.168.1.2 from 0.0.0.0 (1.1.1.1)

Origin incomplete, metric 0, localpref 100, weight 32768, valid, external, best

Extended Community: RT:1:1 RT:1:3

R1#

Hope this helps,

Hi!

now it works :)

thank you for support, I just thought that import/export map overrides route-target, not vice versa.

Tim.

Hi,

I am trying to make something similar to this configuration into two diferents 7600 Cisco Routers. I'll try to explain myself.

I would like that VRF-100, which is configured in 7600-1, learn some routes from VRF-300, which is cofigured in 7600-2. Also, I would like that VRF-300 lear default route from VRF-100. Its some kind of hub&spoke configuration.

I've configured the following:

*** Configuration in 7600-1:

ip vrf VRF-100

  rd 65001:100

  route-target export 65001:100

  route-target import 65001:100

  route-target import 65001:200

router bgp 65001

   address-family ipv4 vrf VRF-100

      redistribute ospf 100 vrf VRF-100

      default-information originate

   exit-address-family

router ospf 100 vrf VRF-100

   redistribute bgp 65001 subnets

*** Configuration in 7600-2:

ip vrf VRF-300

   rd 65001:300

   export map test-01

   route-target export 65001:300

   route-target import 65001:300

   route-target import 65001:100

router bgp 65001

   address-family ipv4 vrf VRF-300

      redistribute ospf 300 vrf VRF-300

   exit-address-family

router ospf 300 vrf VRF-300

   redistribute bgp 65001 subnets

ip access-list standard test-01

   permit 3.3.3.0 0.0.0.255

route-map test-01 permit 10

   match ip address test-01

   set extcommunity rt 65001:200 additive

interface Loopback300

ip vrf forwarding VRF-300

ip address 3.3.3.1 255.255.255.0

ip ospf 300 area 0

end

The 7600-1 router is learning the default gateway from OSPF from another device, and I'm redistributing it into bgp. But 7600-2 does not learn default route.

7600-1#sh ip route vrf VRF-100 0.0.0.0

Routing Table: VRF-100

Routing entry for 0.0.0.0/0, supernet

  Known via "ospf 100", distance 110, metric 1, candidate default path

  Tag 100, type extern 2, forward metric 100

  Redistributing via bgp 65001

  Last update from X.X.X.X on VlanXXX, 1d23h ago

  Routing Descriptor Blocks:

  * X.X.X.X, from Y.Y.Y.Y, 1d23h ago, via VlanXXX

      Route metric is 1, traffic share count is 1

      Route tag 100

7600_22A_A#

7600-2#sh ip route vrf VRF-300 0.0.0.0

Routing Table: VRF-300

% Network not in table

By the other hand, 7600-1 is not learning 3.3.3.0, which is beeing distributed by ospf 300 in 7600-2, redistributed into bgp and exported through the export map in the vrf configuration.

I thought this should work, but it is not working, so I might be doing something incorrectly.

I can not guess where is the problem. Can anybody help me?

Thanks

Hi There

Default-Route from OSPF can't be redistributed into BGP by virtue of design. In a hub and spoke scenario we would need to originate the default route in the MP-iBGP on the Hub Router.

Is the Network 3.3.3.0 on 7600-2 an InterArea or External Network Type LSA. We would need to add the keywords "match internal 1 internal 2 external" while redistributing OSPF to BGP under MP-iBGP config as by default only LSA Type 1 are redistributed.

Thanks & Regards

Vaibhava Varma

Hi Vibhava,

I solved it just adding a route-map in the redistribution from ospf to bgp.

router ospf 100 vrf VRF-100

   redistribute bgp 65001 subnets route-map DG

route-map   DG permit 10         

   match ip address prefix-list DG         

   set local-preference 150

ip   prefix-list DG permit 0.0.0.0/0

It's more or less what you say in your post. My default gateway was an external network type (it was a static route redistributed into ospf), but instead of adding all external routes into bgp, I add just the default.

Thank you so much for your explanation, because I didn't understand at all why the redistribution didn't work without the route-map. Now I understand it better =)

Thanks

Cristina

Hi,

Even 11 years after this thread is very worthful to learn how to do selective vrf import export. When using IOS XR, you should use import and export the usual rd as well:

RP/0/0/CPU0:XR2#sh runn form vrf VPN_D
Tue Jun 30 17:23:33.731 UTC
vrf VPN_D
vrf VPN_D address-family ipv4 unicast
vrf VPN_D address-family ipv4 unicast import route-policy ACCEPT-RT(100, 1)
vrf VPN_D address-family ipv4 unicast import route-target 102:202
vrf VPN_D address-family ipv4 unicast export route-policy EXPORT-RT-R8-LO100(100, 1)
vrf VPN_D address-family ipv4 unicast export route-target 102:202

In this case when importing you have to include as well the RD at the route-policy because it will filter all the rt except the one mentioned at the route-policy. When exporting you just have to add the rt additive.

route-policy ACCEPT-RT($a, $b)
  if (extcommunity rt matches-any (102:202)) or extcommunity rt matches-any ($a:$b) then
    pass
  endif
end-policy

route-policy EXPORT-RT-R8-LO100($a, $b)
  if destination in R8-LO88 then
    set extcommunity rt ($a:$b) additive
  endif
end-policy

I am sure that someone can do it simpler, but with this config I managed to set end to end connectivity bewteen both VRFs.

Hope this helps and thanks for your feedback on this.

Roberto