cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
989
Views
10
Helpful
12
Replies
Highlighted
Beginner

Cisco Cat9K Route leaking between VRF and GRT

Hi, i am trying to configure route leaking between  VRF and GRT in Cat 9k. On my Cat 9k i have the following configuration:

 

VRF Conf:

Switch_LAB#sh vrf
  Name                             Default RD            Protocols   Interfaces
  LAB                              <not set>             ipv4        Vl120

Switch_LAB#sh run int vlan 120
Building configuration...

Current configuration : 91 bytes
!
interface Vlan120
 vrf forwarding LAB
 ip address 10.120.0.254 255.255.255.0
end

My routes are configured as follows:

Switch_LAB_#sh run | i route

ip route 0.0.0.0 0.0.0.0 10.1.0.1
ip route 10.120.0.0 255.255.255.0 Vlan120 10.120.0.254 name LAB
ip route vrf LAB 0.0.0.0 0.0.0.0 Vlan1 10.1.0.1 global

According to the documentation i have been reading, route leak should be possible with static routes but for some reason i am unable to ping Int Vlan 1 which is on the GRT from the VRF LAB. Any ideas why is not working???

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi
thanks for that , i see this doc too i think the explanations are a bit clearer , i think you should try use a physical interface here rather than a logical one
maybe try option 2 the way its setup in this doc and see if it allows it then

https://ipwithease.com/route-leaking-between-vrf-and-global-routing-table/

View solution in original post

12 REPLIES 12
Highlighted
Collaborator
Collaborator

i am sure you are using "vrf" in ping .. sometime people forget :)

my bad .. you are unable to ping vlan1 from vrf .. right?

Highlighted

Hi omc79,

 

Thanks for replying. Im unable to ping from vlan1 and from the VRF.

 

BTW i am using the "vrf" in the ping.

 

Cheers

Highlighted

Hi
could you post the doc you are reading from i was trying to find it to check this please
Highlighted

Hi Mark

 

doc: Configure Route Leaking Between Global and VRF Routing Table without Next-Hop

 

This doc is a quick guide on how to configure route leaking without Next-Hop, however in the Doc introduction it state that route leaking can be achieved by configuring static routes and of course by providing a next-hop for those routes.

 

Thanks

Highlighted

Hi
thanks for that , i see this doc too i think the explanations are a bit clearer , i think you should try use a physical interface here rather than a logical one
maybe try option 2 the way its setup in this doc and see if it allows it then

https://ipwithease.com/route-leaking-between-vrf-and-global-routing-table/

View solution in original post

Highlighted

Using your config .. I can ping from vrf to local vlan 1 in global table.

 

IOU4(config)#do ping  10.1.0.2  so vl 120
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.0.2, timeout is 2 seconds:
Packet sent with a source address of 10.120.0.254 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/8 ms

IOU4(config)#do sh run int vlan 1
Building configuration...

Current configuration : 58 bytes
!
interface Vlan1
 ip address 10.1.0.2 255.255.255.0
end

But I cannot ping the next hop - 10.1.0.1

 

IOU4(config)#do ping  10.1.0.1  so vl 120  
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.120.0.254 

*Jun  5 06:48:59.465: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.120.0.254 Vlan120...
*Jun  5 06:49:05.480: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.120.0.254 Vlan120..
Success rate is 0 percent (0/5)

Can ping from global table to vrf - without using the vrf keyword. 

IOU4(config)#do ping 10.120.0.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.120.0.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/8 ms

IOU4(config)#do sh ip route | b Ga
Gateway of last resort is 10.1.0.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.1.0.1
      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C        10.1.0.0/24 is directly connected, Vlan1
L        10.1.0.2/32 is directly connected, Vlan1
S        10.120.0.0/24 [1/0] via 10.120.0.254, Vlan120
IOU4(config)#
Highlighted
Collaborator
Collaborator

I tired with physical interface .. didnt get the below message .. but still cannot ping next hop with vrf source. Local ping works fine.

*Jun  5 06:48:59.465: %ADJ-3-RESOLVE_REQ: Adj resolve request: Failed to resolve 10.120.0.254 Vlan120...
IOU4(config)#do sh run int e0/1
Building configuration...

Current configuration : 106 bytes
!
interface Ethernet0/1
 no switchport
 ip vrf forwarding LAB
 ip address 10.120.0.254 255.255.255.0
end

IOU4(config)#do ping 10.1.0.2 so e0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.0.2, timeout is 2 seconds:
Packet sent with a source address of 10.120.0.254 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/8 ms
IOU4(config)#do ping 10.1.0.1 so e0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.120.0.254 
.....
Success rate is 0 percent (0/5)
Highlighted

Hi omc79

 

Can you post the route table?

 

Thanks

Highlighted

Hi omc79

 

Are you using a L3 or a L2 image?

 

in my demo i need to do route leak using logical interfaces

 

Cheers

 

Highlighted

Hello Goncalo,

I think you should try to use option 3 of the document provided by Mark.

In this option 3 you will use two GRE tunnels to create a "virtual cable" to connect the VRF and the GRT.

One GRE Tunnel is in GRT and the other GRE Tunnel is associated in the VRF. GRE tunnels use loopback addresses in GRT as source and destination addresses.

The two tunnels provide a shared subnet to perform routing and forwarding between GRT and the VRF.

 

Hope to help

Giuseppe

 

Highlighted

Hi Guiseppe,

 

The 3 option looks rather interesting. i will give it a try.

 

Thanks

Highlighted

Hi omc79

 

I dont know how IOU images process traffic, but in real gear you have to use the "vrf" when ping from a VRF.

 

Switch_LAB#ping 10.1.0.2 sour vlan 120
% Invalid source interface - Interface vrf does not match the vrf used for ping

Cheers