Route leaking between 2 VRFs using OSPF

alexb931 · ‎06-19-2019

hi all,

I'm wondering if its possible to route leak between 2 OSPF Instances running on different VRFs without using the GRT.

I've not found much around asides from route leaking using a VRF and the global routing. A workaround would be from an OSPF VRF to a BGP VRF if possible.

Thank you,

Thank you

paul driver · ‎06-19-2019

Hello

Are you using l3VPN or VRF Lite , if the latter you have two options:

import-maps with route-targets
static routing

Can you confirm if this will be between two vrf instances or just the one instance into the global rib.

Please post the rtr configurations if applicable

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

alexb931 · ‎06-19-2019

Hi Paul,

This would be VRF Lite. I've tried to do a static route with the next hop being the same device but an interface inside the opposite VRF. You'll see some afwful Route target config in there aswell where i was trying to guess my way through it (Didn't work!). If static routes are simpler that would be my preference as I'm only trying to leak 1 route each way.

172.23.77.25 is a host route learned from OSPF on an adjacent device inside TP

LEG-CORE-BAS# show run
Building configuration...

Current configuration : 2667 bytes
!
! Last configuration change at 22:09:33 UTC Wed Jun 19 2019
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname LEG-CORE-BAS
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ip cef
!
ip vrf INNER
rd 64605:1
import ipv4 unicast map TP-INNER
route-target export 61000:1
route-target import 61000:1
route-target import 33:33
!
ip vrf THIRDPARTY
rd 61000:1
export map TP-INNER
export ipv4 unicast map TP-INNER
route-target export 61000:1
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip vrf forwarding THIRDPARTY
ip address 172.23.77.1 255.255.255.255
!
interface Loopback4
ip vrf forwarding INNER
ip address 10.39.0.1 255.255.0.0
!
interface Tunnel1
ip vrf forwarding THIRDPARTY
no ip address
!
interface FastEthernet0/0
ip vrf forwarding THIRDPARTY
ip address 172.23.77.10 255.255.255.248
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
duplex full
!
interface Ethernet2/0
ip vrf forwarding INNER
ip address 10.174.64.5 255.255.255.254
duplex full
!
interface Ethernet2/1
no ip address
shutdown
duplex full
!
interface Ethernet2/2
no ip address
shutdown
duplex full
!
interface Ethernet2/3
no ip address
shutdown
duplex full
!
interface Ethernet2/4
no ip address
shutdown
duplex full
!
interface Ethernet2/5
no ip address
shutdown
duplex full
!
interface Ethernet2/6
no ip address
shutdown
duplex full
!
interface Ethernet2/7
no ip address
shutdown
duplex full
!
router ospf 1 vrf THIRDPARTY
network 172.23.77.1 0.0.0.0 area 0
network 172.23.77.9 0.0.0.0 area 0
network 172.23.77.8 0.0.0.7 area 0
network 172.23.77.17 0.0.0.0 area 0
!
router ospf 2 vrf INNER
network 10.39.0.0 0.0.255.255 area 0
!
router bgp 64605
bgp router-id 10.174.64.5
bgp log-neighbor-changes
!
address-family ipv4 vrf INNER
network 10.39.0.0 mask 255.255.0.0
network 10.174.64.5
network 10.174.64.5 mask 255.255.255.255
network 172.23.77.1 mask 255.255.255.255
neighbor 10.174.64.4 remote-as 39173
neighbor 10.174.64.4 activate
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 172.23.77.25 255.255.255.255 172.23.77.10
ip route vrf INNER 172.23.77.25 255.255.255.255 172.23.77.10
!
access-list 1 permit 172.23.77.25
access-list 50 permit 0.0.0.0
access-list 50 permit 172.23.77.25
access-list 50 permit any
!
route-map TP-INNER permit 10
match ip address 1
set extcommunity rt 33:33 additive
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end

LEG-CORE-BAS#