Route leaking GRT/VRF - Local prefixes on PE ok, but remote GRT(Leaked) PE prefixes fail?

johnelliot6 · ‎12-03-2017

Hi,

Just testing route leaking between GRT+VRF using import+export ipv4 unicast - From a PE, I am able to ping prefixes in the VRF and in GRT, but prefixes learned from another PE(Also doing route leaking) are
unreachable (Prefixes that are part of the VRF (i.e not leaked prefixes) I can reach from eaither PE).

EG.

Ping VRF prefix from PE01 -> PE02:

#ping vrf TEST_PEERING 111.222.66.253
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.222.66.253, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms

Ping GRT prefix (Loopback of PE02) from PE01 -> PE02 fails:

#ping vrf TEST_PEERING 111.222.76.130
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.222.76.130, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Ping GRT prefix (Loopback of local PE) success:

#ping vrf TEST_PEERING 111.222.76.201
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.222.76.201, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

*Note - We do use RR's - I dont know if this is causing the issue, or if its potentially the RIB failure(In BGP) of the PE Loopback due to OSPF carrying those addresses)

# Check route info of vrf prefix from PE01 -> PE02

sh ip route vrf TEST_PEERING 111.222.66.252

Routing Table: TEST_PEERING
Routing entry for 111.222.66.252/30
Known via "bgp XXXX", distance 200, metric 0, type internal
Last update from 111.222.76.130 10:55:07 ago
Routing Descriptor Blocks:
* 111.222.76.130 (default), from 111.222.76.204, 10:55:07 ago
Route metric is 0, traffic share count is 1
AS Hops 0
MPLS label: 75
MPLS Flags: MPLS Required, NSF

#sh ip bgp vpnv4 vrf TEST_PEERING 111.222.66.252
BGP routing table entry for 111.222.76.201:4000:111.222.66.252/30, version 3841875
BGP Bestpath: compare-routerid
Paths: (1 available, best #1, table TEST_PEERING)
Additional-path-install
Not advertised to any peer
Refresh Epoch 81
Local, imported path from 111.222.76.130:4000:111.222.66.252/30 (global)
111.222.76.130 (metric 5) (via default) from 111.222.76.204 (111.222.76.204)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Community: XXXX:4000
Extended Community: RT:XXXX:4000
Originator: 111.222.76.130, Cluster list: 0.0.0.2
mpls labels in/out nolabel/75
rx pathid: 0, tx pathid: 0x0

GRT prefix on Local PE:

#sh ip bgp vpnv4 vrf TEST_PEERING 111.222.76.201
BGP routing table entry for 111.222.76.201:4000:111.222.76.201/32, version 3775105
BGP Bestpath: compare-routerid
Paths: (1 available, best #1, table TEST_PEERING)
Additional-path-install
Not advertised to any peer
Refresh Epoch 1
Local, imported path from 111.222.76.201/32 (global)
0.0.0.0 (via default) from 0.0.0.0 (111.222.76.201)
Origin incomplete, metric 0, localpref 100, weight 32768, valid, external, no-import, no-import, best
Community: XXXX:1000 XXXX:1301 XXXX:14000
rx pathid: 0, tx pathid: 0x0

#sh ip route vrf TEST_PEERING 111.222.76.130

Routing Table: TEST_PEERING
Routing entry for 111.222.76.130/32
Known via "bgp XXXX", distance 200, metric 0, type internal
Last update from 111.222.76.130 11:02:45 ago
Routing Descriptor Blocks:
* 111.222.76.130 (default), from 111.222.76.204, 11:02:45 ago
Route metric is 0, traffic share count is 1
AS Hops 0
MPLS label: none
MPLS Flags: NSF

#sh ip bgp 111.222.76.130
BGP routing table entry for 111.222.76.130/32, version 27830848
BGP Bestpath: compare-routerid
Paths: (4 available, best #2, table default, RIB-failure(17))
Additional-path-install
Not advertised to any peer
Refresh Epoch 5
Local, (received & used)
111.222.76.130 (metric 5) from 111.222.76.205 (111.222.76.205)
Origin incomplete, metric 0, localpref 100, valid, internal, af-export(1)
Community: XXXX:1000 XXXX:1301 XXXX:15000
Originator: 111.222.76.130, Cluster list: 0.0.0.2
rx pathid: 0, tx pathid: 0
Refresh Epoch 4
Local, (received & used)
111.222.76.130 (metric 5) from 111.222.76.204 (111.222.76.204)
Origin incomplete, metric 0, localpref 100, valid, internal, af-export(1), best
Community: XXXX:1000 XXXX:1301 XXXX:15000
Originator: 111.222.76.130, Cluster list: 0.0.0.2
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 4
Local, (received & used)
111.222.76.130 (metric 5) from 111.222.76.212 (111.222.76.212)
Origin incomplete, metric 0, localpref 100, valid, internal, af-export(1)
Community: XXXX:1000 XXXX:1301 XXXX:15000
Originator: 111.222.76.130, Cluster list: 0.0.0.1
rx pathid: 0, tx pathid: 0
Refresh Epoch 2
Local, (received & used)
111.222.76.130 (metric 5) from 111.222.76.213 (111.222.76.213)
Origin incomplete, metric 0, localpref 100, valid, internal, af-export(1)
Community: XXXX:1000 XXXX:1301 XXXX:15000
Originator: 111.222.76.130, Cluster list: 0.0.0.1
rx pathid: 0, tx pathid: 0

## Is the "no-import" the cause(And caused by RIB failure?)

#sh ip bgp vpnv4 vrf TEST_PEERING 111.222.76.130
BGP routing table entry for 111.222.76.201:4000:111.222.76.130/32, version 3843463
BGP Bestpath: compare-routerid
Paths: (4 available, best #2, table TEST_PEERING)
Additional-path-install
Not advertised to any peer
Refresh Epoch 5
Local, (received & used), imported path from 111.222.76.130/32 (global)
111.222.76.130 (metric 5) (via default) from 111.222.76.205 (111.222.76.205)
Origin incomplete, metric 0, localpref 100, valid, internal, no-import, no-import
Community: XXXX:1000 XXXX:1301 XXXX:15000
Originator: 111.222.76.130, Cluster list: 0.0.0.2
rx pathid: 0, tx pathid: 0
Refresh Epoch 4
Local, (received & used), imported path from 111.222.76.130/32 (global)
111.222.76.130 (metric 5) (via default) from 111.222.76.204 (111.222.76.204)
Origin incomplete, metric 0, localpref 100, valid, internal, no-import, no-import, best
Community: XXXX:1000 XXXX:1301 XXXX:15000
Originator: 111.222.76.130, Cluster list: 0.0.0.2
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 2
Local, (received & used), imported path from 111.222.76.130/32 (global)
111.222.76.130 (metric 5) (via default) from 111.222.76.213 (111.222.76.213)
Origin incomplete, metric 0, localpref 100, valid, internal, no-import, no-import
Community: XXXX:1000 XXXX:1301 XXXX:15000
Originator: 111.222.76.130, Cluster list: 0.0.0.1
rx pathid: 0, tx pathid: 0
Refresh Epoch 4
Local, (received & used), imported path from 111.222.76.130/32 (global)
111.222.76.130 (metric 5) (via default) from 111.222.76.212 (111.222.76.212)
Origin incomplete, metric 0, localpref 100, valid, internal, no-import, no-import
Community: XXXX:1000 XXXX:1301 XXXX:15000
Originator: 111.222.76.130, Cluster list: 0.0.0.1
rx pathid: 0, tx pathid: 0

VRF config:

vrf definition TEST_PEERING
rd 111.222.76.201:4000
!
address-family ipv4
import ipv4 unicast 10000 map RP_TEST_PREFIXES_GRT
export ipv4 unicast 10000 map RP_TEST_PEERING_PARTNERS_PREFIXES_VRF
route-target export XXXX:4000
route-target import XXXX:4000
maximum routes 25000 80 reinstall 90
exit-address-family

router bgp XXXX
!
address-family ipv4 vrf TEST_PEERING
redistribute connected route-map RP_TAG_PEERING_PARTNERS_PREFIXES_VRF
redistribute static route-map RP_TAG_PEERING_PARTNERS_PREFIXES_VRF
neighbor PEERING_B_PEERING_NDC_B1_LOCA peer-group
neighbor PEERING_B_PEERING_NDC_B1_LOCA remote-as YYYYY
neighbor PEERING_B_PEERING_NDC_B1_LOCA description eBGP to PEERING_B for PEERING 11515 (YYYYY)
neighbor PEERING_B_PEERING_NDC_B1_LOCA ttl-security hops 254
neighbor PEERING_B_PEERING_NDC_B1_LOCA update-source GigabitEthernet0/1/0.35
neighbor PEERING_B_PEERING_NDC_B1_LOCA route-map RP_PEERING_B_PEERING_LOCA_NDC_IN in
neighbor PEERING_B_PEERING_NDC_B1_LOCA route-map RP_PEERING_B_PEERING_LOCA_NDC_OUT out
neighbor 333.44.70.1 peer-group PEERING_B_PEERING_NDC_B1_LOCA
neighbor 333.44.70.1 activate
neighbor 333.44.70.2 peer-group PEERING_B_PEERING_NDC_B1_LOCA
neighbor 333.44.70.2 activate
exit-address-family

#sh run | section route-map RP_TEST_PREFIXES_GRT
route-map RP_TEST_PREFIXES_GRT permit 10
match community CL_GRT_TEST_PREFIXES

#sh run | section route-map RP_TEST_PEERING_PARTNERS_PREFIXES_VRF
route-map RP_TEST_PEERING_PARTNERS_PREFIXES_VRF permit 10
match community CL_TEST_PEERING_PARTNERS_PREFIXES_VRF

#sh run | include CL_GRT_TEST_PREFIXES
ip community-list standard CL_GRT_TEST_PREFIXES permit XXXX:1301

#sh run | include CL_TEST_PEERING_PARTNERS_PREFIXES_VRF
ip community-list standard CL_TEST_PEERING_PARTNERS_PREFIXES_VRF permit XXXX:4000

#sh run | section route-map RP_TAG_PEERING_PARTNERS_PREFIXES_VRF
route-map RP_TAG_PEERING_PARTNERS_PREFIXES_VRF permit 10
set community XXXX:4000

Thanks in advance for any assistance.