ā10-04-2024 07:28 AM - edited ā10-04-2024 07:30 AM
Hi,
I am not familiar with the concept of Import/export Map VRF. But I would like to advertise 192.168.100.1 from VRF A to VRF B and also advertise 192.168.200.1 from VRF B to VRF A. In the diagram below, I have drawn the topology and included the configuration. Could you please confirm if the configuration is correct? Am I missing anything in the configuration?"
Solved! Go to Solution.
ā10-08-2024 03:23 AM
Hi, here is a solution with extcommunities. PE1 will advertise the prefix 192.168.100.1 with rt 1:1 and with additonal rt 2:2. PE2 will accept all BGP updates which include rt 2:2 (including 192.168.100.1). The same logic applies to PE2 and additional rt 1:1.
ā10-04-2024 07:34 AM
this not all codes you need bgp
MHM
ā10-04-2024 07:38 AM - edited ā10-04-2024 07:39 AM
yes, I know I need Ibgp for advertising routes between different VRF. Please ignore BGP configuration in this scenario. Somewhere I read that I have to also configure set extcommunity rt 1:1 and set extcommunity rt 2:2 in both router? What does set extcommunity do ? Is it necessary ?
ā10-04-2024 03:10 PM - edited ā10-04-2024 03:11 PM
no need set excommunity rt, check the lab I share
and by the way since the vrf is different in each site then you need to use vpnv4 + mpls
MHM
ā10-08-2024 03:23 AM
Hi, here is a solution with extcommunities. PE1 will advertise the prefix 192.168.100.1 with rt 1:1 and with additonal rt 2:2. PE2 will accept all BGP updates which include rt 2:2 (including 192.168.100.1). The same logic applies to PE2 and additional rt 1:1.
ā10-08-2024 04:36 AM
This not correct at all it only make thing more complex.
When I use ext RT ?
When I received same prefix from two PE' here I can not match prefix under route-map so I make one PE add ext RT and use it as filter.
MHM
ā10-04-2024 11:28 AM
For VRF import/export it is enough. I dont think you need the "route-target import 1:1" on PE-1 and "route-target import 2:2" on PE2.
The same way you dont need route-export 2:2 on PE1 and route-target export 1:1 on PE2
You need to export what is in the router and import what is on the other router
ā10-04-2024 03:09 PM
This lab for you how you can config import and export map
R2#show run
R2#show running-config
Building configuration...
Current configuration : 2032 bytes
!
! Last configuration change at 01:03:45 UTC Sat Oct 5 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
ip vrf blue
rd 2:2
import map vrf-red
route-target export 1:1
route-target import 1:1
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 100.0.0.2 255.255.255.0
duplex full
mpls ip
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
router ospf 100
network 2.2.2.2 0.0.0.0 area 0
network 100.0.0.0 0.0.0.255 area 0
!
router bgp 100
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf blue
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
ip prefix-list no-vrf-red seq 5 permit 111.111.111.111/32
!
ip prefix-list vrf-red seq 5 permit 11.11.11.11/32
!
route-map vrf-red permit 10
match ip address prefix-list vrf-red
!
route-map vrf-red deny 20
match ip address prefix-list no-vrf-red
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
R1#show ru
R1#show running-config
Building configuration...
Current configuration : 2228 bytes
!
! Last configuration change at 01:07:19 UTC Sat Oct 5 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
ip vrf red
rd 1:1
export map vrf-blue
route-target export 1:1
route-target import 1:1
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback11
ip vrf forwarding red
ip address 11.11.11.11 255.255.255.255
!
interface Loopback12
ip vrf forwarding red
ip address 12.12.12.12 255.255.255.255
!
interface Loopback111
ip vrf forwarding red
ip address 111.111.111.111 255.255.255.255
!
interface FastEthernet0/0
ip address 100.0.0.1 255.255.255.0
duplex full
mpls ip
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
router ospf 100
network 1.1.1.1 0.0.0.0 area 0
network 100.0.0.0 0.0.0.255 area 0
!
router bgp 100
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf red
redistribute connected
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
ip prefix-list no-vrf-blue seq 5 permit 12.12.12.12/32
!
route-map vrf-blue deny 10
match ip address prefix-list no-vrf-blue
!
route-map vrf-blue permit 20
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide