Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
350
Views
0
Helpful
3
Replies

L3 VPN potential controlplane loop. Not able to locate fault

minaketan_19
Level 1
Level 1

‎06-20-2016 01:37 AM - edited ‎03-05-2019 04:16 AM

Hi Guys, 

I have a potential layer-3 loop in my control plane while implementing a particular design. which is approved by my design team. I will the try to explain this in detail. If someone can explain what is happening here, it will be a great help.

1) I have a network, Where L3-VPN is configured and it works perfectly. very old network and there is no flaws in it.

2) My design team gave me a design to implement another service. Which looks like below:

ip vrf  RED
import map FILTER
route-target export 100:500,route-target import 100:500,route-target import 100:100

ip vrf  GREEN
route-target export 100:100,route-target import 100:500,route-target import 100:100

As per the design what i understood is routes are being exchanged between two VRF's by using multiple route-targets. But again i have one statement "import map FILTER"
under vrf RED, which is having a prefix list and a community filter. Which basically looks like below:

route-map FILTER
match ip prefix XYZ
match extcommunity
ip extcommunity-filter 30 permit route-target 100:100

The above configurations are on a huawei router. So syntax are little different. But i want to know the logic. This setup works fine in normal scenario. But when
i take out the prefix list, all the subnet from GREEN flood into RED. Even after reapplying the prefix list, those routes continue to be in RED VRF?

Can someone expalin whether its a correct design?

Labels:
0 Helpful
3 Replies 3

Francesco Molino
VIP Alumni
VIP Alumni

‎06-20-2016 09:48 AM

Hi

The goal of import-map is to filter unwanted routes or to avoid having conflict routes that can cause a loop.

The normal behaviour is when you set the import-map it is taken under consideration on the next bgp update. It means that even you're applying right now it will have effect at the next bgp update based on your timer or default timer value. 

Thanks 

PS: Please don't forget to rate and mark as correct answer if this solved your issue 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

minaketan_19
Level 1
Level 1
In response to Francesco Molino

‎06-24-2016 12:21 AM

Hi,

whether its really required to keep both. i.e common route target and import statement in both vrfs?

 Also need to know if i am importing routes which are having route-target same as the routes which are already exchanged via bgp route-targets, whether it will form any control plane loop?

thanks in advance

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to minaketan_19

‎06-24-2016 08:13 AM

Hi

route-target import/export are required in your example to allow 1 vrf to import subnets from another subnet. And route-map needed to filter those subnets (which one You really want to see on the other vrf).

You can also filter something through bgp.

then you will need both to avoid any loops if some subnets are common on both vrfs.

thanks.

PS: please don't forget to rate and mark as correct answer if this solved your issue 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents