cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10367
Views
0
Helpful
1
Replies

Route Leaking between two VRF on the same router (Cisco IOS)

AndreaQuerci
Level 1
Level 1

Hi guys,

it's my first time with the route leaking feature and I tried to configure it on my LAB via EVE-NG, but unfortunately it didn't work. I attached a screenshot about my LAB.

my little enterprise network has been subdivided in three different vrfs (10_OFFICE_NET, 20_IT_NET, 11_MNGNT_NET) and on the core routers I configured another vrf called CORE. all of then must be in communication and to reach this goal I configured the core routers (for now just the CSW01) following an hub and spoke logic, the CORE vrf must be the hub vrf and the other ones must be the spokes.

I want to give you an example about I want to do. if the PC01 wants to reach internet (it's behind the ASA firewall) it must be reach the core routers via OSPF and from there the flow must be route-leaked via BGP from the source vrf (10_OFFICE_NET) to the CORE vrf, and finally reach the destination.

following you can see the CSW01 cofniguration:

CSW01#show run
Building configuration...

Current configuration : 4208 bytes
!
! Last configuration change at 22:14:42 EET Sat Oct 26 2019
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname CSW01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone EET 2 0
!
!
!
!
!
!
ip vrf 10_OFFICE_NET
rd 65000:10
route-target export 65000:10
route-target import 65000:254
!
ip vrf 11_MNGNT_NET
rd 65000:11
route-target export 65000:11
route-target import 6500:254
!
ip vrf 20_IT_NET
rd 65000:20
route-target export 65000:20
route-target import 6500:254
!
ip vrf CORE
rd 65000:254
route-target export 6500:254
route-target import 6500:10
route-target import 6500:20
route-target import 6500:11
!
!
!
no ip domain-lookup
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback10
ip vrf forwarding 10_OFFICE_NET
ip address 172.31.10.3 255.255.255.255
!
interface Loopback11
ip vrf forwarding 11_MNGNT_NET
ip address 172.31.11.3 255.255.255.255
!
interface Loopback20
ip vrf forwarding 20_IT_NET
ip address 172.31.20.3 255.255.255.255
!
interface Loopback254
ip vrf forwarding CORE
ip address 172.31.254.3 255.255.255.255
!
interface Ethernet0/0
!
interface Ethernet0/1
switchport access vlan 90
switchport mode access
!
interface Ethernet0/2
!
interface Ethernet0/3
no switchport
no ip address
!
interface Ethernet0/3.10
encapsulation dot1Q 10
ip vrf forwarding 10_OFFICE_NET
ip address 172.16.10.18 255.255.255.252
ip ospf network point-to-point
!
interface Ethernet0/3.11
encapsulation dot1Q 11
ip vrf forwarding 11_MNGNT_NET
ip address 172.16.11.18 255.255.255.252
ip ospf network point-to-point
!
interface Ethernet0/3.20
encapsulation dot1Q 20
ip vrf forwarding 20_IT_NET
ip address 172.16.20.18 255.255.255.252
ip ospf network point-to-point
!
interface Ethernet1/0
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet1/1
no switchport
no ip address
!
interface Ethernet1/1.10
encapsulation dot1Q 10
ip vrf forwarding 10_OFFICE_NET
ip address 172.16.10.2 255.255.255.252
ip ospf network point-to-point
!
interface Ethernet1/1.11
encapsulation dot1Q 11
ip vrf forwarding 11_MNGNT_NET
ip address 172.16.11.2 255.255.255.252
ip ospf network point-to-point
!
interface Ethernet1/1.20
encapsulation dot1Q 20
ip vrf forwarding 20_IT_NET
ip address 172.16.20.2 255.255.255.252
ip ospf network point-to-point
!
interface Ethernet1/2
no switchport
no ip address
!
interface Ethernet1/3
!
interface Vlan10
ip vrf forwarding 10_OFFICE_NET
ip address 172.16.10.21 255.255.255.252
!
interface Vlan11
ip vrf forwarding 11_MNGNT_NET
ip address 172.16.11.21 255.255.255.252
!
interface Vlan20
ip vrf forwarding 20_IT_NET
ip address 172.16.20.21 255.255.255.252
!
interface Vlan90
ip vrf forwarding CORE
ip address 172.16.90.1 255.255.255.240
vrrp 90 ip 172.16.90.3
vrrp 90 priority 200
!
router ospf 10 vrf 10_OFFICE_NET
router-id 172.31.10.3
redistribute bgp 65000 subnets
network 172.16.0.0 0.0.255.255 area 0
!
router ospf 20 vrf 20_IT_NET
router-id 172.31.20.3
redistribute bgp 65000 subnets
network 172.16.0.0 0.0.255.255 area 0
!
router ospf 11 vrf 11_MNGNT_NET
router-id 172.31.11.3
redistribute bgp 65000 subnets
network 172.16.0.0 0.0.255.255 area 0
!
router bgp 65000
bgp log-neighbor-changes
!
address-family ipv4 vrf 10_OFFICE_NET
bgp router-id 172.31.10.1
redistribute ospf 10
exit-address-family
!
address-family ipv4 vrf 11_MNGNT_NET
bgp router-id 172.31.11.1
redistribute ospf 11
exit-address-family
!
address-family ipv4 vrf 20_IT_NET
bgp router-id 172.31.20.1
redistribute ospf 20
exit-address-family
!
address-family ipv4 vrf CORE
bgp router-id 172.31.254.1
redistribute connected
redistribute static
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route vrf CORE 0.0.0.0 0.0.0.0 172.16.90.13
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
privilege level 15
logging synchronous
no login
transport input telnet
!
!
end


the redistribution from OSPF to BGP (10_OFFICE_NET, 20_IT_NET, 11_MNGNT_NET vrfs) and from the static routing to BGP (CORE vrf) works, but the route leaking it doesn't work, and of course also the redistribution between the BGP to OSPF.

someone can help me to troubleshoot the problem?


p.s.:
I studied the route leaking feature (vrf lite) from this CCIE blog:
https://ccieblog.co.uk/mpls/inter-vrf-routing

1 Reply 1

Hello,

 

at first glance, I don't see any export maps under VRFs. Typically, you would need to configure a route map with a matching access list for the routes you want to leak (and set the route target community, which the is used as the target for the route import). So, as an example, let's say you want to import the routes matched in the route map VRF_10_TO_VRF_11 from VRF_10 into VRF11, you would needto configure something like this:

 

route-map VRF_10_TO_VRF_11 permit 10

match ip address 1

set extcommunity rt 4:4 additive

!

ip vrf 10_OFFICE_NET
rd 65000:10
route-target export 65000:10
route-target import 65000:254

export map VRF_10_TO_VRF_11

!

ip vrf 11_MNGNT_NET
rd 65000:11
route-target export 65000:11
route-target import 6500:254

route-target import 4:4

Review Cisco Networking for a $25 gift card