Solved: Re: Imported vpnv4 prefix with next hop on another VRF

daniele matta · ‎04-26-2021

Hi all, has anyone tested a setup where the PE router has imported a VPNV4 prefix where the next hop of this prefix instead of being in the Global routing table was on another VRF. Or even in the same but imported via RT ?

Harold Ritter · ‎04-27-2021

It sounds like you could use L2VPN circuits as an overlay.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

Harold Ritter · ‎04-26-2021

Hi Daniele,

> where the next hop of this prefix instead of being in the Global routing table was on another VRF.

It is definitely possible to import/export between two separate VRFs on the same device.

vrf definition vrf_b
rd 1:1
!
address-family ipv4
route-target

export 1:1
route-target import 1:1
route-target import 1:2
exit-address-family

!

vrf definition vrf_b
rd 1:2
!
address-family ipv4
route-target export 1:2
route-target import 1:2
route-target import 1:1
exit-address-family

!
interface GigabitEthernet0/1
vrf forwarding vrf_a
ip address 192.168.12.1 255.255.255.0
!
interface GigabitEthernet0/2
vrf forwarding vrf_b
ip address 192.168.13.1 255.255.255.0

!

router bgp 109
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 109
neighbor 2.2.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf vrf_a
redistribute connected
exit-address-family
!
address-family ipv4 vrf vrf_b
redistribute connected
exit-address-family
!

Router#sh ip route vrf vrf_a

Routing Table: vrf_a
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, GigabitEthernet0/1
L 192.168.12.1/32 is directly connected, GigabitEthernet0/1
192.168.13.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.13.0/24 is directly connected, 00:03:02, GigabitEthernet0/2
L 192.168.13.1/32 is directly connected, GigabitEthernet0/2
Router#sh ip route vrf vrf_b

Routing Table: vrf_b
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.12.0/24 is directly connected, 00:03:32, GigabitEthernet0/1
L 192.168.12.1/32 is directly connected, GigabitEthernet0/1
192.168.13.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.13.0/24 is directly connected, GigabitEthernet0/2
L 192.168.13.1/32 is directly connected, GigabitEthernet0/2
Router#

> Or even in the same but imported via RT ?

I am not sure why you would want to import the route in the same VRF if the next hop is already inside the local VRF.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

daniele matta · ‎04-26-2021

Thank you Harold,

i did know that you could import/export between different vrf on the same box, but has your example the 2 prefixes are local on the router.
What i would need is that the connectivity is between 2 remote PEs.

Something like the VRF on the PE1 would import prefixes from a remote PE2.

Now the prefixes imported in the VRF would have the next-hop the remote PE2 loopback and this Loopback could have been propagated to the PE1 via routing protocol... on the Global Routing table. This would be a common setup.

My question is instead of via the Global routing could the VRF learn the remote PE2 loopback via another RTi/e ?

Hope now is clearer

Harold Ritter · ‎04-26-2021

> My question is instead of via the Global routing could the VRF learn the remote PE2 loopback via another RTi/e ?

The next hop is indeed the loopback of the remote PE and this loopback address is reachable via the MPLS core. This is the requirement for L3VPN. I doubt that what you are referring to is actually supported. Could you tell us a bit more about what you are trying to achieve?

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

daniele matta · ‎04-26-2021

Harold, yes is not a very standard setup and i would like to simplified it, here a network diagram with the example:

Basically, the PELeft would advertise its loopback to the router MiddleUP via, eBGP (maybe LU?) .
The router in the middle instead of having the peering in the Global, would have the peering in a IPV4 VPNV4 Unicast (VRF_LOOP)

Now these 2 routers, MiddleUP and the PELeft would have a eBGP vpnv4 peering towards the MiddleDown router. Both peering would have next hop unchanged to avoid the insertion of the MiddleDown router in the path (basically its just a reflector)

I wrote an imaginary vpnv4 table of what i thought this configuration could generate.

The last router the PERight, would have also 2 peering. With the MiddleUP to learn the IPV4 LU topology for the last next hop. And a VPNV4 towards the MiddleDown so that it can import the prefixes from the 2 VPN targeting the RT1:1 and RT2:2.
Also here you can find what i have in mind for the routing tables.

Harold Ritter · ‎04-27-2021

Hi Daniele,

The VPNv4 next-hop needs to be resolvable from the global routing table. What are you trying to accomplish by putting the next-hop (1.1.1.1) in a VRF instead of the global?

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

daniele matta · ‎04-27-2021

Imagine that between the Middle router there would be an MPLS backbone maintained by another organization and they don't allow me to use that address (just as example) i was thinking to create a vpnv4 like an overlay on top of the MPLS backbone. I discussed this with some other peer and seems really not to be possible.
Thank you anyway for having a look at it.
Regards

Harold Ritter · ‎04-27-2021

It sounds like you could use L2VPN circuits as an overlay.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

MHM Cisco World · ‎04-26-2021

Your customer is connect to CE not to PE,
now when PE1 will redistribute the prefix learn from PE2 to CE1 it will change the next-hop to be the VRF interface of PE1 and hence CE1 will see the PE1 vrf interface not loopback of PE2.