05-17-2014 01:35 PM - edited 03-01-2019 05:03 PM
EIGRP Inter-VRF Redistribution
This document will describe on how to redistribute EIGRP routes between different VRF instances on a single router. There are cases wherein a router would sit in multiple EIGRP domains (although not a good design) and would need to redistribute routes without affecting the entire routing table of multiple routers especially R1 which is the hub.
EIGRPs 50, 100, and 200 were all configured in R1. AS100 and AS200 should be able to communicate with each other but AS50 should be a standalone EIGRP domain. Let’s say for example R4 and R5 are newly acquired networks that were connected through R1 for routing.
First, we need to configure R1 interfaces and VRFs (I added loopback interfaces so there will be more networks to be advertised):
R1:
ip vrf EIGRP100
rd 100:100
!
ip vrf EIGRP200
rd 200:200
!
ip vrf EIGRP50
rd 50:50
interface Loopback100
ip vrf forwarding EIGRP100
ip address 10.100.0.1 255.255.255.0
!
interface Loopback200
ip vrf forwarding EIGRP200
ip address 10.200.0.1 255.255.255.0
!
interface FastEthernet0/0
ip vrf forwarding EIGRP100
ip address 10.100.1.1 255.255.255.0
!
interface Serial0/0
ip vrf forwarding EIGRP50
ip address 10.50.1.1 255.255.255.0
clock rate 2000000
!
interface FastEthernet0/1
ip vrf forwarding EIGRP200
ip address 10.200.1.1 255.255.255.0
!
interface Serial0/1
ip vrf forwarding EIGRP50
ip address 10.50.2.1 255.255.255.0
clock rate 2000000
The left hand side of the network belongs to AS100 which is using 10.100.0.0/16 network. The right side is 10.200.0.0/16 which is AS200 and the bottom part is 10.50.0.0/16 which is AS50.
We first need to create the EIGRP process to enable EIGRP peering to spoke routers. All spoke routers were configured with standard and straightforward EIGRP configuration.
R1:
router eigrp 6000
no auto-summary
!
address-family ipv4 vrf EIGRP50
network 10.50.0.0 0.0.255.255
no auto-summary
autonomous-system 50
exit-address-family
!
address-family ipv4 vrf EIGRP200
network 10.200.0.0 0.0.255.255
no auto-summary
autonomous-system 200
exit-address-family
!
address-family ipv4 vrf EIGRP100
network 10.100.0.0 0.0.255.255
no auto-summary
autonomous-system 100
exit-address-family
R2:
interface Loopback100
ip address 10.100.3.2 255.255.255.0
!
interface FastEthernet0/0
ip address 10.100.1.2 255.255.255.0
!
!
router eigrp 100
network 0.0.0.0
no auto-summary
R3:
interface Loopback200
ip address 10.200.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 10.200.1.3 255.255.255.0
!
!
router eigrp 200
network 0.0.0.0
no auto-summary
!
R4:
interface Loopback50
ip address 10.50.5.4 255.255.255.0
!
!
interface Serial0/0
ip address 10.50.1.4 255.255.255.0
!
!
router eigrp 50
network 0.0.0.0
no auto-summary
!
R5:
interface Loopback50
ip address 10.50.3.5 255.255.255.0
!
!
interface Serial0/0
ip address 10.50.2.5 255.255.255.0
!
!
router eigrp 50
network 0.0.0.0
no auto-summary
!
From R1’s point of view, the EIGRP peering to spoke routers are active.
R1#show ip eigrp vrf EIGRP50 neighbor
IP-EIGRP neighbors for process 50
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.50.1.4 Se0/0 11 00:15:33 39 234 0 6
0 10.50.2.5 Se0/1 13 00:15:43 38 228 0 4
R1#show ip eigrp vrf EIGRP100 neighbor
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.100.1.2 Fa0/0 13 00:20:37 423 2538 0 10
R1#show ip eigrp vrf EIGRP200 neighbor
IP-EIGRP neighbors for process 200
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.200.1.3 Fa0/1 10 00:20:42 607 3642 0 8
We now need to enable the communication between EIGRP100 and EIGRP200. We need to use BGP and route-targets to enable the communication between the two VRFs.
R1:
ip vrf EIGRP100
rd 100:100
route-target export 100:100
route-target import 200:200
!
ip vrf EIGRP200
rd 200:200
route-target export 200:200
route-target import 100:100
router bgp 6000
no synchronization
bgp router-id 1.1.1.1 (I just configured this to ensure BGP will run with RID)
bgp log-neighbor-changes
no auto-summary
!
address-family ipv4 vrf EIGRP200
redistribute eigrp 200
no synchronization
exit-address-family
!
address-family ipv4 vrf EIGRP100
redistribute eigrp 100
no synchronization
exit-address-family
Using BGP, we have redistributed EIGRP100 routes to BGP with RD of 100:100 and with an RT of 100:100. Same goes with EIGRP200 where RD and RT are 200:200.
As you can see, both 10.100.0.0/16 and 10.200.0.0/16 networks are now present in the BGP table.
R1#show bgp vpnv4 unicast all
BGP table version is 32, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:100 (default for vrf EIGRP100)
*> 10.100.0.0/24 0.0.0.0 0 32768 ?
*> 10.100.1.0/24 0.0.0.0 0 32768 ?
*> 10.100.3.0/24 10.100.1.2 409600 32768 ?
*> 10.200.0.0/24 0.0.0.0 0 32768 ?
*> 10.200.1.0/24 0.0.0.0 0 32768 ?
*> 10.200.3.0/24 10.200.1.3 409600 32768 ?
Route Distinguisher: 200:200 (default for vrf EIGRP200)
*> 10.100.0.0/24 0.0.0.0 0 32768 ?
*> 10.100.1.0/24 0.0.0.0 0 32768 ?
*> 10.100.3.0/24 10.100.1.2 409600 32768 ?
*> 10.200.0.0/24 0.0.0.0 0 32768 ?
*> 10.200.1.0/24 0.0.0.0 0 32768 ?
*> 10.200.3.0/24 10.200.1.3 409600 32768 ?
Both networks can now be seen in the BGP topology and all we need to do is to redistribute BGP back to EIGRP so that spoke routers can receive the prefix information. This will also inject the external routes to EIGRP topology table.
R1:
router eigrp 6000
no auto-summary
!
address-family ipv4 vrf EIGRP200
redistribute bgp 6000 metric 1000 100 255 1 1500
!
address-family ipv4 vrf EIGRP100
redistribute bgp 6000 metric 1000 100 255 1 1500
During this process, BGP table for EIGRP100 VRF would pick the routes with route-target of 200:200 (since we configured 200:200 to be imported in EIGRP100VRF) and redistribute it to EIGRP AS100 topology. R1 can now advertise the 10.200.0.0/16 routes to R2.
BGP table for EIGRP200 VRF would also pick the 100:100 route-target routes and inject it to EIGRP AS200 topology so it can be advertised to R3.
R1#show ip eigrp vrf EIGRP100 topology
IP-EIGRP Topology Table for AS(100)/ID(10.100.0.1) Routing Table: EIGRP100
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 10.100.3.0/24, 1 successors, FD is 409600
via 10.100.1.2 (409600/128256), FastEthernet0/0
P 10.100.0.0/24, 1 successors, FD is 128256
via Connected, Loopback100
P 10.100.1.0/24, 1 successors, FD is 281600
via Connected, FastEthernet0/0
P 10.200.3.0/24, 1 successors, FD is 2585600
via Redistributed (2585600/0)
P 10.200.0.0/24, 1 successors, FD is 2585600
via Redistributed (2585600/0)
P 10.200.1.0/24, 1 successors, FD is 2585600
via Redistributed (2585600/0)
R1#show ip eigrp vrf EIGRP200 topology
IP-EIGRP Topology Table for AS(200)/ID(10.200.0.1) Routing Table: EIGRP200
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 10.100.3.0/24, 1 successors, FD is 2585600
via Redistributed (2585600/0)
P 10.100.0.0/24, 1 successors, FD is 2585600
via Redistributed (2585600/0)
P 10.100.1.0/24, 1 successors, FD is 2585600
via Redistributed (2585600/0)
P 10.200.3.0/24, 1 successors, FD is 409600
via 10.200.1.3 (409600/128256), FastEthernet0/1
P 10.200.0.0/24, 1 successors, FD is 128256
via Connected, Loopback200
P 10.200.1.0/24, 1 successors, FD is 281600
via Connected, FastEthernet0/1
R2 can now see the 10.200.x.x routes as EIGRP EX routes.
R2#show ip route | begin Gateway
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 6 subnets
C 10.100.3.0 is directly connected, Loopback100
D 10.100.0.0 [90/409600] via 10.100.1.1, 00:35:10, FastEthernet0/0
C 10.100.1.0 is directly connected, FastEthernet0/0
D EX 10.200.3.0 [170/2611200] via 10.100.1.1, 00:34:20, FastEthernet0/0
D EX 10.200.0.0 [170/2611200] via 10.100.1.1, 00:34:05, FastEthernet0/0
D EX 10.200.1.0 [170/2611200] via 10.100.1.1, 00:34:05, FastEthernet0/0
R3 can now see 10.100.x.x routes as EIGRP EX routes as well.
R3#show ip route | b Gateway
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 6 subnets
D EX 10.100.3.0 [170/2611200] via 10.200.1.1, 00:35:06, FastEthernet0/0
D EX 10.100.0.0 [170/2611200] via 10.200.1.1, 00:34:51, FastEthernet0/0
D EX 10.100.1.0 [170/2611200] via 10.200.1.1, 00:34:51, FastEthernet0/0
C 10.200.3.0 is directly connected, Loopback200
D 10.200.0.0 [90/409600] via 10.200.1.1, 00:35:57, FastEthernet0/0
C 10.200.1.0 is directly connected, FastEthernet0/0
R4 should not be able to see any of the AS100 or 200 networks. It can only see AS50 networks.
R4#show ip route | b Gateway
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 4 subnets
C 10.50.1.0 is directly connected, Serial0/0
D 10.50.2.0 [90/2681856] via 10.50.1.1, 00:00:05, Serial0/0
D 10.50.3.0 [90/2809856] via 10.50.1.1, 00:31:52, Serial0/0
C 10.50.5.0 is directly connected, Loopback50
R2 can now reach R3 via R1.
R2#ping 10.200.3.3 source loopback 100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.200.3.3, timeout is 2 seconds:
Packet sent with a source address of 10.100.3.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/41/64 ms
Outstanding solution, the only place on the internet where I've seen a good description of how to leak routes between EIGRP autonomous systems.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: