Re: Advertising interface route into different VRFs

bhaskar038 · ‎08-04-2018

Hi,

I'm trying to configure VRFs for multiple providers and struck with the following. The router R1 is connected to Provider-1, Switch and Provider-2. BGP is running between provider and R1.

Provider-1 is in VRF-1 and Provider-2 is in VRF-2. But, the f0/0 is in global routing table. I would like to advertise the f0/0 subnet to all the provider VRFs. I tried network XXXX mask xxxx. But, still not advertising as the subnet is not in routing table.Can someone help me this?

Julio E. Moisa · ‎08-04-2018

Hi

You could use the command import <RT> or import map.

This link could be useful

http://packetlife.net/blog/2010/mar/29/inter-vrf-routing-vrf-lite/

Is possible share the config?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

bhaskar038 · ‎08-06-2018

Julio,

Thanks for the response. Will review the blog and get back to you

Julio E. Moisa · ‎08-06-2018

You are welcome,

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

paul driver · ‎08-05-2018

Hello

Basically youll could also to tell each vrf to check the global rib table staticlly for that subnet

Example:

ip Route vrf A x.x.x.x y.y.y.y fa0/0 global

ip Route vrf B x.x.x.x y.y.y.y fa0/0 global

as julio suggested and if applicable please post your configuration so it can be reviewed by the forum

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

bhaskar038 · ‎08-06-2018

Thanks Paul for the response. The following is config. I tried the static routes and unfortunately, it did not work.

ASR(config)#$f Windstream 1.1.1.0 255.255.255.0 fastEthernet 0/0

% For VPN routes, must specify a next hop IP address if not a point-to-point interface

Building configuration...

Current configuration : 2108 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ASR

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 5

no ip icmp rate-limit unreachable

ip cef

!

ip vrf Level-3

rd 300:10

!

ip vrf Windstream

description Windstream VRF

rd 200:10

import ipv4 unicast map Global-to-VRF

!

ip vrf Winstream

!

ip vrf forwarding

!

no ip domain lookup

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

ip tcp synwait-time 5

!

interface FastEthernet0/0

ip address 1.1.1.2 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip vrf forwarding Windstream

ip address 192.168.100.2 255.255.255.0

duplex auto

speed auto

!

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

interface FastEthernet2/0

ip vrf forwarding Level-3

ip address 192.168.200.2 255.255.255.0

duplex auto

speed auto

!

router bgp 100

no synchronization

bgp log-neighbor-changes

no auto-summary

!

address-family ipv4 vrf Windstream

redistribute connected

neighbor 192.168.100.1 remote-as 200

neighbor 192.168.100.1 activate

no synchronization

network 1.1.1.0 mask 255.255.255.0

exit-address-family

!

address-family ipv4 vrf Level-3

redistribute connected

neighbor 192.168.200.1 remote-as 300

neighbor 192.168.200.1 activate

no synchronization

network 1.1.1.0 mask 255.255.255.0

exit-address-family

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

access-list 10 permit 1.1.1.0 0.0.0.255

no cdp log mismatch duplex

!

route-map Global-to-VRF permit 10

match ip address 10

!

control-plane

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

line vty 0 4

login

!

end

paul driver · ‎08-07-2018

Hello

Apologies i have misunderstood I see now you have routing protocol running , have you tried applying it to one vrf and route-leaking to another or as stated by others route leak via route-map

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

bhaskar038 · ‎08-07-2018

Paul,

That interface should be advertised over all the VRFs

Georg Pauwen · ‎08-05-2018

Hello,

in addition to the other posts, the below should leak network 192.168.1.0/24 into both VRFs (AS numbers are arbitrary, obviously):

ip vrf WINDSTREAM
rd 1:1
import ipv4 unicast map GRT_TO_VRF
!
ip vrf LEVEL3
rd 2:2
import ipv4 unicast map GRT_TO_VRF
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
description LAN
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface FastEthernet0/1
ip vrf forwarding WINDSTREAM
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface FasttEthernet0/2
ip vrf forwarding LEVEL3
ip address 20.20.20.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
router bgp 65000
bgp router-id 1.1.1.1
bgp log-neighbor-changes
redistribute connected route-map GRT_TO_VRF
neighbor 10.10.10.2 remote-as 65001
neighbor 20.20.20.2 remote-as 65002
!
address-family ipv4 vrf WINDSTREAM
neighbor 10.10.10.2 remote-as 65001
neighbor 10.10.10.2 activate
exit-address-family
!
address-family ipv4 vrf LEVEL3
neighbor 20.20.20.2 remote-as 65002
neighbor 20.20.20.2 activate
exit-address-family
!
ip prefix-list GRT seq 5 permit 192.168.1.0/24
!
route-map GRT_TO_VRF permit 10
match ip address prefix-list GRT

bhaskar038 · ‎08-06-2018

Georg,

Thanks for the response. Tried the exact config. But, did not work. Please refer my config and let me know if I'm missing any

Could you please explain the reason behind configuring BGP neighborship in both ipv4 and vpn address families?

Georg Pauwen · ‎08-06-2018

Hello,

try the exact config below:

ip vrf Level-3
description Level-3 VRF
rd 300:10
import ipv4 unicast map Global-to-VRF
!
ip vrf Windstream
description Windstream VRF
rd 200:10
import ipv4 unicast map Global-to-VRF
!
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip vrf forwarding Windstream
ip address 192.168.100.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet2/0
ip vrf forwarding Level-3
ip address 192.168.200.2 255.255.255.0
duplex auto
speed auto
!
router bgp 100
no synchronization
bgp log-neighbor-changes
no auto-summary
!
address-family ipv4 vrf Windstream
redistribute connected route-map Global-to-VRF
neighbor 192.168.100.1 remote-as 200
neighbor 192.168.100.1 activate
no synchronization
exit-address-family
!
address-family ipv4 vrf Level-3
redistribute connected route-map Global-to-VRF
neighbor 192.168.200.1 remote-as 300
neighbor 192.168.200.1 activate
no synchronization
exit-address-family
!
ip prefix-list GRT seq 5 permit 1.1.1.0/24
!
route-map Global-to-VRF permit 10
match ip address prefix-list GRT

bhaskar038 · ‎08-07-2018

Thanks Georg for the config. I pasted the exact config. But still the route is not in routing table of ASR as shown below.

ASR#sh ip route vrf Windstream

Routing Table: Windstream

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets

B 10.10.10.0 [20/0] via 192.168.100.1, 00:05:53

B 192.168.1.0/24 [20/0] via 192.168.100.1, 00:05:53

C 192.168.100.0/24 is directly connected, FastEthernet0/1

ASR#

hostname ASR

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 5

no ip icmp rate-limit unreachable

ip cef

!

ip vrf Level-3

description Level-3 VRF

rd 300:10

import ipv4 unicast map Global-to-VRF

!

ip vrf Windstream

description Windstream VRF

rd 200:10

import ipv4 unicast map Global-to-VRF

!

no ip domain lookup

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

ip tcp synwait-time 5

!

interface FastEthernet0/0

ip address 1.1.1.2 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip vrf forwarding Windstream

ip address 192.168.100.2 255.255.255.0

duplex auto

speed auto

!

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

interface FastEthernet2/0

ip vrf forwarding Level-3

ip address 192.168.200.2 255.255.255.0

duplex auto

speed auto

!

router bgp 100

no synchronization

bgp log-neighbor-changes

no auto-summary

!

address-family ipv4 vrf Windstream

redistribute connected route-map Global-to-VRF

neighbor 192.168.100.1 remote-as 200

neighbor 192.168.100.1 activate

no synchronization

exit-address-family

!

address-family ipv4 vrf Level-3

redistribute connected route-map Global-to-VRF

neighbor 192.168.200.1 remote-as 300

neighbor 192.168.200.1 activate

no synchronization

exit-address-family

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip prefix-list GRT seq 5 permit 1.1.1.0/24

no cdp log mismatch duplex

!

route-map Global-to-VRF permit 10

match ip address prefix-list GRT

!

Georg Pauwen · ‎08-07-2018

Try and clear the routing table of the vrfs:

clear ip route vrf Windstream *

clear ip route vrf Level-3 *

What is the output of 'show ip route' (the global routing table) ?

bhaskar038 · ‎08-07-2018

Georg,

I tried clearing the route table for both VRFs. But, still nothing.

ASR#sh ip route vrf Windstream

Routing Table: Windstream

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets

B 10.10.10.0 [20/0] via 192.168.100.1, 00:00:12

B 192.168.1.0/24 [20/0] via 192.168.100.1, 00:00:12

C 192.168.100.0/24 is directly connected, FastEthernet0/1

ASR#

ASR#sh ip rou

ASR#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, FastEthernet0/0

Georg Pauwen · ‎08-07-2018

Odd. I am doing this in GNS3 with 15.6 IOS routers. It could be platform/IOS related...what is the output of 'show version' ?