Solved: Re: Default route propogation in BGP and VRF

awickers · ‎04-17-2008

Hi

I have just implemented VRF for a MPLS & Internet service on a shared 3845 platform and I have now lost my default route propagation to my remote sites.

Before implementing VRF the default route propagated fine to the remote routers and I had a route of last resort on all of them. After implementing VRF the default route was still on the 3845 but the route of last resort is no longer present on the remote routers.

It is definitely the VRF config causing the problem because as soon as I remove the vrf forwarding command from the subinterface the route of last resort appears on the remote routers, I have searched for a solution on the forum and Cisco web site without any luck. Although I think it may be something to do with routes leaking between the vrf and the global routing table.

VRF config is

ip vrf DIA

description *** DIA VRF Instance ***

rd 3549:2

route-target export 3549:2

route-target import 3549:2

interface GigabitEthernet0/1

description *** Internet Connection ***

ip vrf forwarding DIA

ip address 208.50.120.33 255.255.255.224

no keepalive

arp timeout 1500

interface Serial2/0.518 point-to-point

description ***** Internet Connection ****

ip vrf forwarding DIA

bandwidth 12000

ip address 207.138.94.182 255.255.255.252

frame-relay interface-dlci 518

Static route are

0.0.0.0 0.0.0.0 10.1.3.253 (internal interface of firewall)

ip route vrf DIA 0.0.0.0 0.0.0.0 207.138.94.181

ip route vrf DIA 208.50.120.32 255.255.255.224 207.138.94.181

BGP config is

router bgp 64610

no synchronization

bgp log-neighbor-changes

network 10.z.z.z mask 255.255.240.0

redistribute static

neighbor x.x.x.x remote-as 6745

neighbor x.x.x.x ebgp-multihop 4

neighbor x.x.x.x version 4

neighbor y.y.y.y remote-as 3549

eighbor y.y.y.y local-as 64875

neighbor y.y.y.y version 4

neighbor y.y.y.y prefix-list DIA-out out

no auto-summary

!

address-family ipv4 vrf DIA

neighbor y.y.y.y remote-as 3549

neighbor y.y.y.y local-as 64875

neighbor y.y.y.y version 4

neighbor y.y.y.y activate

neighbor y.y.y.y prefix-list DIA-out out

no synchronization

network 208.50.120.32 mask 255.255.255.224

exit-address-family

Hope someone can help.

Regards Andrew

cisco_lad2004 · ‎04-18-2008

great !

you have a default route in global pointing at 10.1.3.253 which is connected to GE0/0.

under BGP (IPV4) u redistribute static to our remote sites.

Adding "default-information originate" should propagate a default route to remote sites, regardless of what happens under ur VRF config.

The VRF config as I understand is between u and remote AS for peering.

HTH

Sam

View solution in original post

cisco_lad2004 · ‎04-17-2008

Try redistrubuting static under address family + add default information originate command under address family also

HTH

Sam

awickers · ‎04-17-2008

Sam

Can you clarify please because if I understand you correctly this will redistribute the static route within the VRF? This is exactly the opposite of what I want to do.

The default route needs redistribute out to the MPLS cloud and not the vrf DIA.

Regards Andrew

cisco_lad2004 · ‎04-17-2008

OK, then I misunderstood your requirement.sorry.

do u intend to leak a default route pointing at a VRF withing ur global MPLS cloud ?

awickers · ‎04-17-2008

Sam

No worries I think it's actually my fault the title of this problem should have been default route redistribution into BGP and not the VRF instance and I think my explanation was not very good so lets try again.

Basically I have a BGP peer with my provider for the MPLS cloud running on one subinterface of a DS3 and a BGP peer running on another subinterface as you can see from the configs.

When I do not have the VRF forwarding on the interfaces the default route 0.0.0.0 0.0.0.0 10.1.3.253 is redistributed via the BGP peer in to the MPLS cloud and out to my remote sites and they end up with a route of last resort.

When I do have the VRF forwarding configured on the 2 internet related interfaces Gi0/1 & S2/0.518 the default route is no longer distributed via BGP to my remote sites and the route of last resort is no longer set on the remote routers which is the problem, it needs to be.

How do I ensure that the default route continues to be distributed to my remote sites via BGP with the VRF forwarding configured and working.

Regards Andrew

cisco_lad2004 · ‎04-17-2008

are remote sites in a separate VRF or global ?

if they are in separate VRFs u could import and export on route targets between ur Internet VRF and remote sites , but use route map to allow default route only.

ip vrf foo

rd 100:1

export map INTERNET

route-target export 100:1

route-target import 100:1

route-target import 200:1

!

awickers · ‎04-17-2008

Sam

They are all in global.

Regards Andrew

cisco_lad2004 · ‎04-18-2008

from what I can see in the config, u have 4 peering sessions in total.

2 of them in Global, which is ur MPLS and another 2 within address family, ur VPN DIA.

I am suspecting that the route to 10.1.3.253 is no longer in global when you make GE0/1 & S2/0.0518 part of VRF DIA.

can you see an entry for " show IP BGP 10.1.3.253" as well as an entry in global ip route(when interfaces are part of DIA VPN) ?

Sam

awickers · ‎04-18-2008

Sam

The results of a show IP BGP 10.1.3.253 are as follows

With out VRF forwarding DIA on subinterface s2/0.518

show IP BGP 10.1.3.253

BGP routing table entry for 10.1.0.0/20, version 2

Paths: (1 available, best #1, table Default-IP-Routing-Table)

Advertised to update-groups:

1

Local

0.0.0.0 from 0.0.0.0 (207.138.94.182)

Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best

and with VRF forwarding DIA on subinterface s2/0.518

show IP BGP 10.1.3.253

BGP routing table entry for 10.1.0.0/20, version 2

Paths: (1 available, best #1, table Default-IP-Routing-Table)

Advertised to update-groups:

1

Local

0.0.0.0 from 0.0.0.0 (207.138.94.182)

Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best

Which is really strange as it is the same for both, hope this helps as it is now really confusing me......

Regards Andrew

cisco_lad2004 · ‎04-18-2008

Andrew

you have a local route for 10.1.3.253 as u are advertising this prefix via BGP ( network 10.z.z.z mask 255.255.240.0).

so lets move on to find out what happens to the actual default route.

how about (in both cases please)

sh ip bgp 0.0.0.0

sh ip route 10.1.3.253

Sam

awickers · ‎04-18-2008

Sam

without VRF active

sh ip bgp 0.0.0.0

BGP routing table entry for 0.0.0.0/0, version 409

Paths: (1 available, best #1, table Default-IP-Routing-Table, RIB-failure(17))

Advertised to update-groups:

1

64875 3549

207.138.94.181 from 207.138.94.181 (67.17.81.143)

Origin IGP, localpref 100, valid, external, best

sh ip bgp 10.1.3.253

BGP routing table entry for 10.1.0.0/20, version 2

Paths: (1 available, best #1, table Default-IP-Routing-Table)

Advertised to update-groups:

1

Local

0.0.0.0 from 0.0.0.0 (207.138.94.182)

Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best

with VRF active

sh ip bgp 0.0.0.0

BGP routing table entry for 0.0.0.0/0, version 410

Paths: (1 available, no best path)

Flag: 0x820

Not advertised to any peer

64875 3549

207.138.94.181 (inaccessible) from 207.138.94.181 (67.17.81.143)

Origin IGP, localpref 100, valid, external

sh ip bgp 10.1.3.253

BGP routing table entry for 10.1.0.0/20, version 2

Paths: (1 available, best #1, table Default-IP-Routing-Table)

Advertised to update-groups:

1

Local

0.0.0.0 from 0.0.0.0 (207.138.94.182)

Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best

Regards Andrew

awickers · ‎04-18-2008

Sam

I have one more thing to add. I have just found the following issue, when I do a

show ip bgp rib without the VRF forwarding installed I get the following

Network Next Hop RIB-failure RIB-NH Matches

0.0.0.0 207.138.94.181 Higher admin distance n/a

64.215.11.32/30 64.215.11.33 Higher admin distance n/a

But with the VRF forwarding installed I get

Network Next Hop RIB-failure RIB-NH Matches

64.215.11.32/30 64.215.11.33 Higher admin distance n/a

From this I think it is implying the network route 0.0.0.0 207.138.94.181 is not being installed in the routing table when the VRF forwarding is not installed. Due to the static default route on the route having a higher administrative distance, BUT when the vrf forwarding is installed the same network is installed in the routing table which again implies it now has a higher administrative value that the statically defined default route on the router. So can I fix this by manipulating the static default routs administrative value or am I barking up the wrong tree.

Regards Andrew

cisco_lad2004 · ‎04-18-2008

Andrew,

with VRF active

sh ip bgp 0.0.0.0

BGP routing table entry for 0.0.0.0/0, version 410

Paths: (1 available, no best path)

Flag: 0x820

Not advertised to any peer <<================ this is were it stops it from propagating to ur sites.

64875 3549

207.138.94.181 (inaccessible) from 207.138.94.181 (67.17.81.143)

Not having the ip route output, my guess is that ur default route points to a next hop that is moved from Global to VRF DIA, and therefore not advertised.

27.138.94.181 is teh other end of S2/0.518 and therefore cannot be expected to be seen in global.

Try adding a static route in global that points to S2/0.518 instead of an ip address only.

effectively, u have to leak ur VRF next hop to global.

HTH

Sam

awickers · ‎04-18-2008

Sam

the show ip route without vrf is as follows

Gateway of last resort is 10.1.3.253 to network 0.0.0.0

******

Then lots more routes then this one

S* 0.0.0.0/0 [10/0] via 10.1.3.253

the show ip route with VRF is exactly the same

but when I do a show ip route VRF DIA without VRF active I get

sh ip route vrf DIA

Routing Table: DIA

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

208.50.120.0/27 is subnetted, 1 subnets

C 208.50.120.32 is directly connected, GigabitEthernet0/1

and with vrf active I get

Routing Table: DIA

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 207.138.94.181 to network 0.0.0.0

208.50.120.0/27 is subnetted, 1 subnets

C 208.50.120.32 is directly connected, GigabitEthernet0/1

207.138.94.0/30 is subnetted, 1 subnets

C 207.138.94.180 is directly connected, Serial2/0.518

B* 0.0.0.0/0 [20/0] via 207.138.94.181, 00:00:11

Which I think proves what you are saying but I want a static route with in global to always point to 10.1.3.252 the insdie interface of our firewall not to s2/0.518

Thanks Andrew

awickers · ‎04-18-2008

Sam

The last sentance above should read

Which I think proves what you are saying but I want a static route within global to always point to the insdie interface of our firewall 10.1.3.253 not to s2/0.518

Regards Andrew