Solved: Redistributing routes learned from an external BGP peer into VRF

Benjamin_Smith · ‎11-02-2020

For reference, here's a picture of my network.

This is my first experience using MPLS and VRF's so be kind,
What we have is the two PE routers R1 and R6 connected to 'branches' that are in their own VRF on R1 and R6 called Client_A, they can talk to each other successfully which is what we want. Our main issue is we're trying to connect to a third branch configured on another network. We have our whole network configured in BGP 65111 and the other team has theirs in BGP 200.

We've had them push all of their routes into our OSPF and they're there in R3's global routing table and R3 can ping them successfully, our issue is getting the branches to ping the other 'branch' in their networks 'server' 209.165.212.35,

We've hit a wall trying to redistribute the routes learned from BGP into our VRF table.

As per the rules, this is nothing in production, just in a lab environment.

At the moment I'm mainly working on getting it working between Router 3 and Router 1 so I can reproduce this to R5 and R6.

R1:
!
hostname ISP-R3
!
vrf definition Client_A
rd 100:14
route-target export 1:1
route-target import 100:101
route-target import 100:102
!
address-family ipv4
route-target export 1:1
route-target import 100:101
route-target import 100:102
exit-address-family
!
address-family ipv6
route-target export 1:1
route-target import 100:101
route-target import 100:102
exit-address-family
!
ipv6 unicast-routing
!
mpls label protocol ldp
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Loopback10
vrf forwarding Client_A
ip address 99.99.99.99 255.255.255.255
!
interface GigabitEthernet0/0/0
description Connection to MLS1
ip address 10.1.1.37 255.255.255.252
negotiation auto
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:35AA:8::1/64
mpls ip
ospfv3 1 ipv6 area 0
ospfv3 1 ipv4 area 0
!
interface GigabitEthernet0/0/1
description Connection to MLS2
ip address 10.1.1.41 255.255.255.252
negotiation auto
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:35AA:9::1/64
mpls ip
ospfv3 1 ipv6 area 0
ospfv3 1 ipv4 area 0
!
interface Serial0/1/0
description connection to R5
ip address 10.1.1.25 255.255.255.252
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:35AA:7::1/64
mpls ip
ospfv3 1 ipv6 area 0
ospfv3 1 ipv4 area 0
!
interface Serial0/1/1
description Connection to R1
ip address 10.1.1.6 255.255.255.252
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:35AA:3::2/64
mpls ip
ospfv3 1 ipv6 area 0
ospfv3 1 ipv4 area 0
!
interface Serial0/2/0
description Connection to ISP B
ip address 209.165.200.5 255.255.255.252
mpls ip
clock rate 125000
!
router ospfv3 1
!
address-family ipv4 unicast
router-id 3.3.3.3
exit-address-family
!
address-family ipv6 unicast
router-id 3.3.3.3
exit-address-family
!
address-family ipv4 unicast vrf ISP-B
redistribute bgp 65111
router-id 123.123.123.123
exit-address-family
!
router ospf 1
router-id 3.3.3.3
redistribute bgp 65111 subnets
network 3.3.3.3 0.0.0.0 area 0
network 10.1.1.4 0.0.0.3 area 0
network 10.1.1.24 0.0.0.3 area 0
network 10.1.1.36 0.0.0.3 area 0
network 10.1.1.40 0.0.0.3 area 0
mpls ldp autoconfig
!
router bgp 65111
bgp router-id 3.3.3.3
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.1 remote-as 65111
neighbor 1.1.1.1 update-source Loopback0
neighbor 6.6.6.6 remote-as 65111
neighbor 6.6.6.6 update-source Loopback0
neighbor 209.165.200.6 remote-as 200
!
address-family ipv4
neighbor 209.165.200.6 activate
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
exit-address-family
!
address-family ipv4 vrf Client_A
redistribute connected
redistribute static
neighbor 209.165.200.6 remote-as 200
neighbor 209.165.200.6 activate
exit-address-family
!
ip route 20.20.20.20 255.255.255.255 209.165.200.6
ip route vrf Client_A 0.0.0.0 0.0.0.0 Serial0/2/0
ip route vrf Client_A 25.50.212.35 255.255.255.255 Serial0/2/0
ip route vrf Client_A 209.165.200.4 255.255.255.252 Serial0/2/0
ip route vrf Client_A 209.165.200.6 255.255.255.255 Serial0/2/0
!
!
mpls ldp router-id Loopback0
!

R1:
!
hostname ISP-R1
!
vrf definition Client_A
rd 100:11
route-target export 100:101
route-target import 100:102
route-target import 100:103
route-target import 1:1
!
address-family ipv4
route-target export 100:101
route-target import 100:102
route-target import 100:103
route-target import 1:1
exit-address-family
!
address-family ipv6
route-target export 100:101
route-target import 100:102
route-target import 1:1
exit-address-family
!
ipv6 unicast-routing
!
mpls label protocol ldp
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0
description Connection to MLS1
ip address 10.1.1.9 255.255.255.252
ip ospf 1 area 0
negotiation auto
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:35AA:3::1/64
ospfv3 1 ipv4 area 0
ospfv3 1 ipv6 area 0
!
interface GigabitEthernet0/0/1
description Connection to Branch 1
vrf forwarding Client_A
ip address 209.165.200.1 255.255.255.252
negotiation auto
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:FFB1::1/126
ospfv3 1 ipv6 area 0
ospfv3 1 ipv4 area 0
!
interface Serial0/1/0
description Connection to R2
ip address 10.1.1.1 255.255.255.252
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:35AA:1::1/64
ospfv3 1 ipv6 area 0
ospfv3 1 ipv4 area 0
!
interface Serial0/1/1
description Connection to R3
ip address 10.1.1.5 255.255.255.252
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:35AA:2::1/64
ospfv3 1 ipv4 area 0
ospfv3 1 ipv6 area 0
!
router eigrp Client_A
!
address-family ipv4 unicast vrf Client_A autonomous-system 1
!
topology base
redistribute bgp 65111 metric 1000 10 255 1 1500
exit-af-topology
network 0.0.0.0
exit-address-family
!
address-family ipv6 unicast vrf Client_A autonomous-system 1
!
topology base
exit-af-topology
exit-address-family
!
router ospfv3 1
!
address-family ipv4 unicast
router-id 1.1.1.1
exit-address-family
!
address-family ipv6 unicast
redistribute static
router-id 1.1.1.1
exit-address-family
!
address-family ipv4 unicast vrf Client_A
exit-address-family
!
address-family ipv6 unicast vrf Client_A
exit-address-family
!
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 10.1.1.4 0.0.0.3 area 0
network 10.1.1.8 0.0.0.3 area 0
mpls ldp autoconfig
!
router bgp 65111
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 65111
neighbor 3.3.3.3 update-source Loopback0
neighbor 5.5.5.5 remote-as 65111
neighbor 5.5.5.5 update-source Loopback0
neighbor 6.6.6.6 remote-as 65111
neighbor 6.6.6.6 update-source Loopback0
neighbor 2001:DB8:FEED:2::1 remote-as 65111
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
exit-address-family
!
address-family ipv6
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-label
exit-address-family
!
address-family vpnv6
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
neighbor 2001:DB8:FEED:2::1 activate
neighbor 2001:DB8:FEED:2::1 send-community extended
exit-address-family
!
address-family ipv4 vrf Client_A
redistribute eigrp 1
exit-address-family
!
address-family ipv6 vrf Client_A
exit-address-family
!
logging origin-id hostname
logging host 10.1.1.90
!

Giuseppe Larosa · ‎11-02-2020

Hello @Benjamin_Smith ,

your interface to ISP-B on R3 belongs to GRT and not to VRF

interface Serial0/2/0
description Connection to ISP B
ip address 209.165.200.5 255.255.255.252
mpls ip
clock rate 125000

later you attempt to define an eBGP session in VRF Client_A with 209.165.200.6 but this should not work until you put the above interface in the same VRF.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎11-02-2020

Hello @Benjamin_Smith ,

your interface to ISP-B on R3 belongs to GRT and not to VRF

interface Serial0/2/0
description Connection to ISP B
ip address 209.165.200.5 255.255.255.252
mpls ip
clock rate 125000

later you attempt to define an eBGP session in VRF Client_A with 209.165.200.6 but this should not work until you put the above interface in the same VRF.

Hope to help

Giuseppe

Benjamin_Smith · ‎11-02-2020

So the interface pointing towards the external ISP should be 'vrf forwarding Client_A' ? we thought in the sense of an ISP simulation which is what we're semi trying to achieve, if an ISP had a connection to another ISP they would need to have multiple VRF's forwarding out.. wait I think I just answered my question, they would use sub interfaces and push vrf forwarding out that interface?

Giuseppe Larosa · ‎11-02-2020

Hello @Benjamin_Smith ,

>> So the interface pointing towards the external ISP should be 'vrf forwarding Client_A' ?

Yes

>> I think I just answered my question, they would use sub interfaces and push vrf forwarding out that interface?

if your goal is inter AS MPLS VPN the use of back to back VRF mapped subinterfaces is the first option called option A

it is the simplest one but less scalable. There also other options called B, C, and AB. The idea is to use MP eBGP VPNv4 sessions.

see the following document

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_ias_and_csc/configuration/15-mt/mp-ias-and-csc-15-mt-book/mp-vpn-connect-asbr.html

Hope to help

Giuseppe