Solved: Hi Paolo,

pablitomassa82 · ‎03-16-2016

Hi Everybody,

i'm working on a big scenario about MPLS VPN and this is a piece of it:

R2 and R3 are eBGP peers
R3 advert a default-route to R2 and R2 advert to R3 the 11.11.11.0 network
R2 interface (10.0.0.1) is assigned to a INTERNET VRF with RD 100:3 and RT export 100:3. On R2 there is another VRF called A that is not attached to any interface, that is configured with RT import 100:3.
I'd like to import the default-route also on R1 but it doesn't works becouse, i think, the next-hop of the default-route is R3 and R1 it has no idea how to reach it. I've tried to set, on R2, neighbor 1.1.1.1 next-hop-self in the address family vpnv4 but it seems doesn't work .

R2 config:

--- bgp section---

router bgp 100
no synchronization
bgp log-neighbor-changes
redistribute static
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
neighbor 1.1.1.1 next-hop-self
exit-address-family
!
address-family ipv4 vrf INTERNET
neighbor 10.0.255.254 remote-as 600
neighbor 10.0.255.254 update-source FastEthernet0/0
neighbor 10.0.255.254 activate
no synchronization
network 11.11.11.0 mask 255.255.255.0
exit-address-family

!
address-family ipv4 vrf A
redistribute connected
no synchronization
exit-address-family

-- vrf section --

ip vrf A
rd 100:1
route-target export 100:1
route-target import 100:1
route-target import 100:3
ip vrf INTERNET
rd 100:3
route-target export 100:3
ip vrf forwarding INTERNET
ip vrf forwarding A

R3:

router bgp 600
no synchronization
bgp log-neighbor-changes
network 0.0.0.0
neighbor 10.0.0.1 remote-as 100
no auto-summary

R1

-- bgp section --

router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community both
exit-address-family
!
address-family ipv4 vrf A
redistribute connected
no synchronization
exit-address-family

-- vrf section --

ip vrf A
rd 100:1
route-target export 100:1
route-target import 100:1
ip vrf B
rd 100:2
route-target export 100:2
route-target import 100:2
ip vrf forwarding A
ip vrf forwarding B
address-family ipv4 vrf B
redistribute connected
no synchronization
address-family ipv4 vrf A
redistribute connected
no synchronization

any ideas? :) Thanks Paolo

Amit Goyal · ‎03-17-2016

Hi Paolo,

On PE1 I see route-target import is 100:1 but on ISP1 I don't see route-target 100:1 attached to default route. This is the reason you are not seeing this route on PE1.

You can try applying command "route-target import 100:3" under vrf A on PE1 and check the results.

HTH

-Amit

View solution in original post

Amit Goyal · ‎03-17-2016

Hi Paolo,

I just reproduced this in my local LAB. Basically you are leaking default route from vrf INTERNET to vrf A on ISP device. This is not an originated route from vrf A and that's why community 100:1 is not getting attached to it. vrf A on ISP is just consuming default route coming from INTERNET but will not further advertise it.

So, you will have to import community 100:3 as well in vrf A on PE1.

HTH

-Amit

View solution in original post

Amit Goyal · ‎03-16-2016

Hi Paolo,

Please take the output of below command and check if the default route is available in vrf INTERNET on R2.

show ip bgp VPNv4 vrf INTERNET 0.0.0.0

show ip bgp VPNv4 vrf A 0.0.0.0

above output will tell, what are the route-target has been attached to default route.

Try adding atl east one interface (can be any loopback with an ip address) in vrf A on R1

On top of it check if all BGP sessions up and learning routes.

HTH

-Amit

pablitomassa82 · ‎03-16-2016

Hi, in my scenario R2 is ISP1 and R1 is PE1

Amit Goyal · ‎03-17-2016

Hi Paolo,

On PE1 I see route-target import is 100:1 but on ISP1 I don't see route-target 100:1 attached to default route. This is the reason you are not seeing this route on PE1.

You can try applying command "route-target import 100:3" under vrf A on PE1 and check the results.

HTH

-Amit

pablitomassa82 · ‎03-17-2016

Thanks a lot!

This however make me little confused:

i was thinking that when you export the routes from a vrf table i.e A the routes take the RD of that vrf A table and also the RT community configured for vrf A, instead the community of origin (i.e rt of table INTERNET)......this it seems logical becouse if i import a tons of routes from different vrf table i should configure rt import 100:3, 100:4: 101:5 ecc ecc instead only 100:1

i need to review the theory :)

thanks

Amit Goyal · ‎03-17-2016

Hi Paolo,

Yes, your understanding is correct. But for some reason route in vrf A has not community 100:1 attached to it. I might need to test this in my LAB and get you the answer :)

HTH

-Amit

Amit Goyal · ‎03-17-2016

Hi Paolo,

I just reproduced this in my local LAB. Basically you are leaking default route from vrf INTERNET to vrf A on ISP device. This is not an originated route from vrf A and that's why community 100:1 is not getting attached to it. vrf A on ISP is just consuming default route coming from INTERNET but will not further advertise it.

So, you will have to import community 100:3 as well in vrf A on PE1.

HTH

-Amit

pablitomassa82 · ‎03-17-2016

Thanks a lot now i understand :)

One solution is to modify the RT parameter of the default-route with a route-map and set it to 100:1

Redistribute default-route problem