Solved: Re: Route Leaking Between Global Routing Table and VRF issue

cdicesare · ‎01-11-2011

Hello,

I make a lab on GNS3 for training about route leaking between the global routing table and the VRF cust2.

The topology is simple. There are 3 routers :

-R1 represents the Internet router. He have some loopback interfaces in the IP range 212.x.x.x

-R2 implements two VRF (with cust2 VRF)

-R3 and R4 are simple routers running OSPF. Each one is on different VRF. In our case R4 is in cust2 VRF.

-A peering BGP is performed between R1 and R2.

In R2 all BGP routes exists in the routing table.

My goal is to import all BGP routes which exist in the global routing table of R2 to the VRF cust2 of R2.

I was inspired by this document http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fs_bgivt.html

Here the configuration of R2

ip cef
ip vrf cust1
rd 1000:1
!
ip vrf cust2
rd 1000:2
import ipv4 unicast map bgp2vrf-cust2
!
interface Ethernet0/0
ip vrf forwarding cust1
ip address 192.168.3.1 255.255.255.0
half-duplex
!
interface Ethernet0/1
ip vrf forwarding cust2
ip address 192.168.2.1 255.255.255.0
half-duplex
!
interface Ethernet0/2
ip address 192.168.1.1 255.255.255.0
half-duplex
!

router ospf 1 vrf cust1
log-adjacency-changes
network 192.168.3.0 0.0.0.255 area 1
default-information originate always
!
router ospf 2 vrf cust2
log-adjacency-changes
redistribute bgp 199 subnets
network 192.168.2.0 0.0.0.255 area 2
default-information originate always
!
router bgp 199
bgp log-neighbor-changes
neighbor 192.168.1.2 remote-as 200
!
address-family ipv4
neighbor 192.168.1.2 activate
no auto-summary
no synchronization
network 192.168.1.0
exit-address-family
!
address-family ipv4 vrf cust2
no synchronization
exit-address-family
!

ip route 0.0.0.0 0.0.0.0 192.168.1.2
ip route 192.168.3.0 255.255.255.0 Ethernet0/0
ip route vrf cust1 0.0.0.0 0.0.0.0 192.168.1.2 global
!
ip prefix-list bgp2vrf-cust2 seq 5 permit 212.0.0.0/8
ip prefix-list bgp2vrf-cust2 seq 100 permit 0.0.0.0/0 le 32
!
route-map bgp2vrf-cust2 permit 10
match ip address prefix-list bgp2vrf-cust2
!

Here some show commands

R2#show ip bgp
BGP table version is 11, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 192.168.1.0      0.0.0.0                  0         32768 i
*                   192.168.1.2              0             0 200 i
r> 192.168.1.1/32   192.168.1.2              0             0 200 ?
*> 212.1.1.0        192.168.1.2              0             0 200 ?
*> 212.1.2.0        192.168.1.2              0             0 200 ?
*> 212.1.3.0        192.168.1.2              0             0 200 ?
*> 212.1.4.0        192.168.1.2              0             0 200 ?
*> 212.1.5.0        192.168.1.2              0             0 200 ?

R2#
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.2 to network 0.0.0.0

B    212.1.1.0/24 [20/0] via 192.168.1.2, 00:24:27
B    212.1.3.0/24 [20/0] via 192.168.1.2, 00:24:27
B    212.1.2.0/24 [20/0] via 192.168.1.2, 00:24:27
B    212.1.5.0/24 [20/0] via 192.168.1.2, 00:24:27
B    212.1.4.0/24 [20/0] via 192.168.1.2, 00:24:27
C    192.168.1.0/24 is directly connected, Ethernet0/2
S    192.168.3.0/24 is directly connected, Ethernet0/0
S*   0.0.0.0/0 [1/0] via 192.168.1.2

R2#show ip vrf cust2
Name Default RD Interfaces
cust2 1000:2 Et0/1

R2#show ip route vrf cust2

Routing Table: cust2
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.2.0/24 is directly connected, Ethernet0/1

R2#show ip prefix-list detail
Prefix-list with the last deletion/insertion: bgp2vrf-cust2
ip prefix-list bgp2vrf-cust2:
   count: 2, range entries: 1, sequences: 5 - 100, refcount: 3
   seq 5 permit 212.0.0.0/8 (hit count: 0, refcount: 1)
   seq 100 permit 0.0.0.0/0 le 32 (hit count: 0, refcount: 1)

R2#show route-map
route-map bgp2vrf-cust2, permit, sequence 10
Match clauses:
ip address prefix-lists: bgp2vrf-cust2
Set clauses:
Policy routing matches: 0 packets, 0 bytes

R2#show ip vrf detail
VRF cust1; default RD 1000:1; default VPNID <not set>
Interfaces:
Et0/0
Connected addresses are not in global routing table
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
VRF label distribution protocol: not configured
VRF cust2; default RD 1000:2; default VPNID <not set>
Interfaces:
Et0/1
Connected addresses are not in global routing table
No Export VPN route-target communities
No Import VPN route-target communities
Import route-map for ipv4 unicast: bgp2vrf-cust2 (prefix limit: 1000)
No export route-map
VRF label distribution protocol: not configured

Do you have an idea of the problem ? I want just import the global BGP route on the VRF cust2, the import doesn't work.

Thank you by advance for your help.

Regards

Cédric

Peter Paluch · ‎01-11-2011

Hi Cedric,

You do not have to close the discussion - you may leave it as is.

However, your solution puzzles me... I've been doing some experiments to verify the behavior of route leaking from the global routing table into a VRF to chcek what is wrong on your configuration, as I didn't see anything suspicious. I certainly did not configure the route distinguisher to use the same ASN as the BGP process, and yet in my configuration, the route leaking was working properly.

Will the route leaking stop working again if you return the original route distinguisher with the different ASN to your cust2 VRF?

Best regards,

Peter

View solution in original post

cdicesare · ‎01-11-2011

I have found the error.

The RD in VRF cust2 was bad because it doesn't correspond with the BGP ASN.

ip vrf cust2
rd 199:2
import ipv4 unicast map bgp2vrf-cust2

How can I close this discussion ?

Peter Paluch · ‎01-11-2011

Hi Cedric,

You do not have to close the discussion - you may leave it as is.

However, your solution puzzles me... I've been doing some experiments to verify the behavior of route leaking from the global routing table into a VRF to chcek what is wrong on your configuration, as I didn't see anything suspicious. I certainly did not configure the route distinguisher to use the same ASN as the BGP process, and yet in my configuration, the route leaking was working properly.

Will the route leaking stop working again if you return the original route distinguisher with the different ASN to your cust2 VRF?

Best regards,

Peter

cdicesare · ‎01-11-2011

I launched again my lab and tryed to re test with

ip vrf cust2
rd 1000:2
import ipv4 unicast map bgp2vrf-cust2

and it's works !! I don't know why it didn't work at a moment...

R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.2.1 to network 0.0.0.0

O E2 212.1.1.0/24 [110/1] via 192.168.2.1, 00:04:16, Ethernet0/0
O E2 212.1.3.0/24 [110/1] via 192.168.2.1, 00:04:16, Ethernet0/0
O E2 212.1.2.0/24 [110/1] via 192.168.2.1, 00:04:16, Ethernet0/0
O E2 212.1.5.0/24 [110/1] via 192.168.2.1, 00:04:16, Ethernet0/0
O E2 212.1.4.0/24 [110/1] via 192.168.2.1, 00:04:16, Ethernet0/0
O E2 192.168.1.0/24 [110/1] via 192.168.2.1, 00:04:16, Ethernet0/0
C 192.168.2.0/24 is directly connected, Ethernet0/0
O*E2 0.0.0.0/0 [110/1] via 192.168.2.1, 00:04:16, Ethernet0/0

Thank you for your help

Peter Paluch · ‎01-11-2011

Hi Cedric,

It may be a glitch in the IOS you are using, or perhaps the import map is evaluated only when the routing table is modified, so perhaps a change to the routing table was all that was needed to actually make the route leaking to 'kick-in'.

Nevertheless, I am happy that you got it running.

Best regards,

Peter

cdicesare · ‎01-13-2011

Hi Peter,

Thank you for your reply. I think your are right. In more, I make the lab on a virtual environnement (GNS3/dynamips), perhaps it may be due to a slowness of my PC.

Regards

Thank your for your help.

Cédric