cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
41133
Views
5
Helpful
16
Replies
rdechavez
Beginner

VRF Import/Export - how to filter routes

Hi,

Is there another way of filtering the routes you want to import into a vrf because the 'route-target export' and 'route-target import' imports ALL the routes tagged with the given 'asn:xx'. I wanted to have only selected routes imported from one vrf to another. Vrf 'import map' command does not work for me?

Does filtering makes sense or practical at vrf-vrf level? Where do you use 'import map' command?

thanks

resti

16 REPLIES 16
Harold Ritter
Cisco Employee

Resti,

The import and export maps are purposely designed to selectively import/export routes between VRFs.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thanks Harold for your response.

Do you have an example of this especially the complete route-map used or previous topic citing this example. Cant find a sample fo this in Cisco docs.

thanks,

Resti,

Here's a very simple scenario, where you only want 192.168.1.0/24 to be exported from VRF1 to VRF2 and 192.168.2.0/24 to be exported from VRF2 to VRF1.

ip vrf VRF1

rd 1:1

route-target both 1:1

export map toVRF2

!

ip vrf VRF2

rd 1:2

route-target both 1:2

export map toVRF1

!

route-map toVRF1 permit 10

match ip address 2

set extcommunity rt 1:1

!

route-map toVRF2 permit 10

match ip address 1

set extcommunity rt 1:2

!

access-list 1 permit 192.168.1.0

access-list 2 permit 192.168.2.0

!

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi,

I tried it but it did not work for me. Anything I'm missing? Here's my config, and 'show ip bgp vpn4 all', and IOS c7200-js-mz.124-16a.bin.:

thanks,

!

ip vrf Customer_A

rd 100:110

route-target export 100:1000

route-target import 100:1000

!

ip vrf Customer_B

rd 100:120

export map CE5_Export

route-target export 100:2000

route-target import 100:2000

!

!

access-list 99 permit 10.30.30.0 0.0.0.255

access-list 99 permit 10.40.40.0 0.0.0.255

!

route-map CE5_Export permit 10

match ip address 99

set extcommunity rt 100:1000

!

PE4#sh ip bgp vpnv4 all

BGP table version is 56, local router ID is 10.128.1.6

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:110 (default for vrf Customer_A)

*>i10.128.1.7/32 10.128.1.3 0 100 0 65100 i

*> 10.128.1.10/32 10.128.4.14 0 0 65400 i

*>i10.128.4.0/30 10.128.1.3 0 100 0 65100 i

r> 10.128.4.12/30 10.128.4.14 0 0 65400 i

*>i172.100.1.0/24 10.128.1.3 0 100 0 65100 i

*> 172.100.4.0/24 10.128.4.14 0 0 65400 i

*> 192.168.1.0 10.128.4.14 0 0 65400 i

*> 192.168.2.0 10.128.4.14 0 0 65400 i

*> 192.168.3.0 10.128.4.14 0 0 65400 i

Route Distinguisher: 100:120 (default for vrf Customer_B)

*> 10.30.30.0/24 10.128.5.14 0 0 65500 i

*> 10.40.40.0/24 10.128.5.14 0 0 65500 i

*> 10.128.1.11/32 10.128.5.14 0 0 65500 i

r> 10.128.5.12/30 10.128.5.14 0 0 65500 i

PE4#

Can you please post the output of "sh ip bgp v a 10.30.30.0"

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi,

Here's the output of that command:

PE4#sh ip bgp vpnv4 all 10.30.30.0

BGP routing table entry for 100:120:10.30.30.0/24, version 46

Paths: (1 available, best #1, table Customer_B)

Advertised to update-groups:

1

65500

10.128.5.14 from 10.128.5.14 (10.128.1.11)

Origin IGP, metric 0, localpref 100, valid, external, best

Extended Community: RT:100:2000

mpls labels in/out 32/nolabel

PE4#

brgds,

Hello,

I would try to remove "route-target export 100:2000" from the the following configuration:

ip vrf Customer_B

rd 100:120

export map CE5_Export

route-target export 100:2000

route-target import 100:2000

Also, I would add a further statement in the route-map for the remaining prefixes, such as:

route-map CE5_Export permit 20

set extcommunity rt 100:2000

In all the examples I have seen, when they are using an "export map", they are not using it together with "route-target export" . I do not know why this is so. In your case, it seems that "route-target export" overrides the "export map". In the "export map" command documentation the expected behavior in such a situation is not defined. Interestingly, the "import map" command is required together with "route-target import" (for automatic route filtering to work I guess).

Kind Regards,

M.

Hi,

Thanks M for yr reply. I did not have time to try your suggestion yet but I think I got one solution and it's consistently working for me.

I noticed that you have to clear vrf's bgp session to make sure changes take into effect otherwise SOME changes esp export/import map under 'ip vrf' section do not take into effect automatically.

Below is the command I used on the PE. With this my original configuration works.

#clear ip bgp vrf ipv4 unicast soft

e.g.

PE4# clear ip bgp vrf Customer_B ipv4 unicast 65500 soft

brgds,

Resti,

I ran into a similar issue at initial configuration. The workaround was to remove the route-map and re-apply it. A reload also fixed this issue.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Yeah, i guess sometimes we to live with these 'undocumented features'!

Thanks&brgds,

Hi,

Please consider the command "set extcommunity rt additive" in the route-map. If you omit the "additive" keyword then only the value from the route-map will be taken, whereas with the "additive" also the regular export route-targets will be used.

Harold,

What might explain the observed behaviour: modification of the export route-map will NOT trigger a re-import into BGP. So a "clear ip route" or a "clear ip bgp vpnv4 vrf..." can be required.

I usually first configure the route-map and afterwards the export map command. Usually this assures proper marking with the desired values.

Regards,

Martin

Martin,

Excellent observation. It is always a good idea to configure the route-map before applying it.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi Martin,

Thanks for the tips. I tested it and understand the effect of having the keyword 'additive' in it. Definitely useful feature.

Best regards,

Hi Harold,

How does VRF export work? Does it export the route regardless or does it have to be present? In your example when you export 192.168.1.0/24 from VRF1 to VRF2, what happens if the 192.168.1.0/24 route goes away from the routing table? Will the export remove that route from VRF2 automatically?

Thanks,

Sam

Content for Community-Ad

This widget could not be displayed.