Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
47141
Views
5
Helpful
16
Replies

VRF Import/Export - how to filter routes

rdechavez
Level 1
Level 1

‎10-30-2008 01:46 PM

Hi,

Is there another way of filtering the routes you want to import into a vrf because the 'route-target export' and 'route-target import' imports ALL the routes tagged with the given 'asn:xx'. I wanted to have only selected routes imported from one vrf to another. Vrf 'import map' command does not work for me?

Does filtering makes sense or practical at vrf-vrf level? Where do you use 'import map' command?

thanks

resti

Labels:
0 Helpful
16 Replies 16

Harold Ritter
Cisco Employee
Cisco Employee
In response to SAM MUNZANI

‎05-12-2014 11:35 AM

Hi Sam,

The route has to be present. If 192.168.1.0/24 is removed from VRF1, it is automatically removed from VRF2 as well.

 

Regards,

Harold

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

SAM MUNZANI
Level 1
Level 1
In response to Harold Ritter

‎05-12-2014 12:30 PM

Hi Harold,

Actually my needs are a little different. Instead of leaking between 2 VRFs, I need to leak to global. Have a default in my VRF that gets imported to global table.

Goals:
1. At hub and spoke both sites, let ISP connection run in a separate VRF. Gets a little extra security from internet.

2. When ISP connection is active, let each site route its traffic out to internet directly. However when the local ISP connection fails, remove the default route that points to ISP so that OSPF learned default from the hub site routes all traffic to hub and puts on internet.

What's working:
DMVPN tunnels work fine across INET VRF.

What's not working:
1. The IP SLA tracked route leak to global VRF is not working. Traffic doesn't go out to internet directly using local connection.

I followed following example for this configuration.
http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/multiprotocol-label-switching-vpns-mpls-vpns/47807-routeleaking.html

Any suggestions? Is it possible or supported configuration?

Below is a diagram of my setup.

Below is my relevant config snapshot. 2.2.2.1 is actually my another FW in front in the lab that does all NAT and provides internet connection to this lab.


ip sla auto discovery
ip sla 1
 icmp-echo 8.8.8.8 source-ip 2.2.2.2
 vrf INET
ip sla schedule 1 life forever start-time now
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 2.2.2.1 track 1
ip route vrf INET 0.0.0.0 0.0.0.0 2.2.2.1

!

Lab-RTR#sh ip sla sumary
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending

ID           Type        Destination       Stats       Return      Last
                                           (ms)        Code        Run
-----------------------------------------------------------------------
*1           icmp-echo   8.8.8.8           RTT=32      OK          4 seconds ago

!

Lab-RTR#sh ip route | in 0.0.0.0
Gateway of last resort is 10.254.2.99 to network 0.0.0.0
O*E1  0.0.0.0/0 [110/221] via 10.254.2.99, 00:00:59, Tunnel2

As you can see, its learning default from Tunnel instead of taking the static default.

 

 

 

0 Helpful
Customers Also Viewed These Support Documents