09-04-2009 12:04 PM - edited 03-04-2019 05:57 AM
All,
I have a situation that I'm needing help with. I have a two vrf's (CustA and CustB). I'm importing each others routes into it's own vrf (CustA into CustB's table, etc.).
I don't want CustB to have all of CustA's routes and vice versa. I created a route-map and tried creating an export map under CustB's vrf, and it works, but it keeps CustA from getting all of its routes.
What I have is below:
ip vrf CUSTA
rd 200:100
import map PERMIT30
route-target both 200:100
route-target import 300:100
ip vrf CUSTB
rd 300:100
route-target both 300:100
route-target import 200:100
access-list 100 permit ip 30.30.30.0 0.0.0.255 any
route-map PERMIT30 5
match ip address 100
If I leave the above alone, my routing table on CUSTA only contains its connected and the 30.30.30.0 subnet. If I add a catch-all permit clause in the policy-map, CUSTA gets all routes from CUSTB which is what I don't want.
Thanks!
John
09-04-2009 12:27 PM
You probably want to read up on some of the other options for the "match" statement. Access-lists are a blunt instrument best used for safeguards. There are plenty of other criteria to match on, but you'll want to get into the router and see which match criteria pop up in the online help and will apply to a "VRF import route-map" , because support for each kind for various different usages can vary by platform and software chain, and route-maps are notorious for not telling you which criteria are supported for your intentions until you actually have them all built and try to apply them :-)
09-05-2009 05:31 PM
Hi John,
Usually, you use filtering based on route-target:
You create an export-map for each VRF which will add a specific route-target to match which routes should be exchange between VRF A and B. The routes which don't match the export will just have the VRF local route-target set with the route-target export command:
p vrf CUSTA
rd 200:100
export map To-CUSTB
route-target import 200:100
route-target import 300:101
ip vrf CUSTB
rd 300:100
export map To-CUSTA
route-target import 300:100
route-target import 200:101
!
route-map To-CUSTB 5
match ip address 100
set extcommunity rt 200:100 200:101
!
route-map To-CUSTB 100
set extcommunity rt 200:100
!
route-map To-CUSTA 5
match ip address 101
set extcommunity rt 300:100 300:101
!
route-map To-CUSTA 100
set extcommunity rt 300:100
!
Inside the route-map, you can match on other criteria like BGP community for example
With import-map, in your case you need to use a deny statement to match which prefixes you don't want. The we are sure the permit all at the end will match all the routes you want.
In any case try to base your macth criteria on community as it's more flexible and scalable.
HTH
Laurent.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide