route target import export not always working

micfan · ‎09-18-2023

I have an ASR L3 MPLS implementation. Seems like that after a while we can no longer import export between VRF's.

this is working and importing exporting for the past VRF's , but as we expanded and added new VRFs to import into our shared VRF's , routes are not importing or exporting.

Cisco IOS XE Software, Version 16.06.02

vrf definition xxxx(shared)
rd 10.100.100.62:27
route-target export xx11:1127
route-target import xx11:1127
route-target import xx11:1123
route-target import xx11:1122
!
address-family ipv4
exit-address-family
!
vrf definition XXX1(client)
rd 10.100.100.62:22
route-target export xx11:1122
route-target import xx11:1122
route-target import xx11:1127

These two do not import or export to each other.

This client however imports and exports from shared.

vrf definition clientworking
rd 10.100.100.62:23
route-target export xx11:1123
route-target import xx11:1123
route-target import xx11:1127

I have tried to fix this with and without a single route targed for the clients needing to access the shared services.

Thanks for the help !!

Ramblin Tech · ‎09-18-2023

Since you are running XE, this is not the ASR9K, so which platform: ASR 901/902/903/907/920/1000? If 902/903/907, which RSP?

First thought that comes to mind is that you may be running out of TCAM to store IPv4/IPv6/VPNv4/VPNv6 routes. Which SDM template are you using? BGP debugs should tell you whether you are actually importing to and exporting from the VRF. If the imports/exports are actually taking place in the BGP control plane, then this may indicate a failure to write FIB entries to TCAM.

Disclaimer: I am long in CSCO

micfan · ‎09-18-2023

its an ASR 1001x. If i create new VRFs or even just new router-targets it will import . Just using the ones already configured does not work. creating new unique targets for every import export combo has not been a practical solutions

Ramblin Tech · ‎09-18-2023

My ASR XE experience was with the 9xx products, not the 1K line where I am clueless. My impression is that the A1K has significantly more TCAM resources than the A9xx, which are temperature hardened and targeted at specific SP use-cases. TCAM may not be the issue for what you are seeing on the A1K.

I still think you might look at various BGP & VRF debugs to confirm whether the imports and exports are actually happening in the control plane or not.

Disclaimer: I am long in CSCO

micfan · ‎09-18-2023

Any have advice on what show commands or debugs will help

Ramblin Tech · ‎09-18-2023

Just guessing, but maybe try...

debug ip bgp updates

debug ip bgp ipv4 unicast <A.B.C.D neighbor address>

debug ip bgp vpnv4 unicast import

debug ip bgp vpnv4 unicast updates

debug bgp vrf

debug vrf ipv4

Enter "?" after each of the above commands to see what options are available. The debug output to the console/vty might be overwhelming, so you might send output to a file instead.

Disclaimer: I am long in CSCO

Harold Ritter · ‎09-18-2023

Hi @micfan ,

Can you try the following commands to see if they will fix it:

R1#clear ip route vrf XXX1 *

R1#clear bgp vpnv4 uni * soft

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

micfan · ‎09-18-2023

Hello Harold. You helped me with an MPLS issue once in the past !!

I tried those commands already with zero luck. I just ran them again for good measure on a different VRF with the issue.

Thanks as always

Mike

Harold Ritter · ‎09-18-2023

Hi @micfan ,

Can you please provide the "show runn vrf" command output?

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

micfan · ‎09-19-2023

R1#sho run vrf x1(client)
Building configuration...

Current configuration : 1606 bytes
vrf definition xxx(client)
rd x.x.100.62:22
route-target export xx11:1122
route-target import xx11:1122
route-target import xx11:1127
!
address-family ipv4
exit-address-family
!
!
interface Tunnel29
description xxx(client)-LD1-1
vrf forwarding xxx(client)
ip address x.x.0.18 255.255.255.254
ip tcp adjust-mss 1379
tunnel source Loopback101
tunnel mode ipsec ipv4
tunnel destination
tunnel protection ipsec profile ipsec-xxx(client)-ikev2
ip virtual-reassembly
!
interface Tunnel37
description xxx(client)-DALLAS-LD1
vrf forwarding xxx(client)
ip address x.x.0.16 255.255.255.254
ip tcp adjust-mss 1379
tunnel source Loopback101
tunnel mode ipsec ipv4
tunnel destination
tunnel protection ipsec profile ipsec-xxx(client)-dallas
ip virtual-reassembly
!
router bgp 65501
!
address-family ipv4 vrf xxx(client)
redistribute static
neighbor x.x.0.17 remote-as xxx
neighbor x.x.0.17 local-as xxx no-prepend
neighbor x.x.0.17 description xxx(client)-xxx
neighbor x.x.0.17 timers 10 30 30
neighbor x.x.0.17 activate
neighbor x.x.0.17 default-originate
neighbor x.x.0.17 soft-reconfiguration inbound
neighbor x.x.0.17 prefix-list pl-xxx(client)-out out
neighbor x.x.0.19 remote-as 64513
neighbor x.x.0.19 local-as 48412 no-prepend
neighbor x.x.0.19 description xxx(client)-xxx
neighbor x.x.0.19 timers 10 30 30
neighbor x.x.0.19 activate
neighbor x.x.0.19 default-originate
neighbor x.x.0.19 soft-reconfiguration inbound
neighbor x.x.0.19 prefix-list pl-xxx(client)-out out
exit-address-family
!
end

R1#sho run vrf xxx(shared)
Building configuration...

Current configuration : 2177 bytes
vrf definition xxx(shared)
rd 10.100.100.62:27
route-target export xx11:1127
route-target import xx11:1127
route-target import xx11:1123
route-target import xx11:1122
!
address-family ipv4
exit-address-family
!
!
interface TenGigabitEthernet0/0/1
no ip address
!
interface TenGigabitEthernet0/0/1.1101
encapsulation dot1Q 1101
vrf forwarding xxx(shared)
ip address x.x.101.2 255.255.255.252
!
interface Tunnel1305
description xxx(shared)
vrf forwarding xxx(shared)
ip address x.x.128.19 255.255.255.254
tunnel source
tunnel destination
!
interface vasileft1
vrf forwarding xxx(shared)
ip address x.0.0.1 255.255.255.252
no keepalive
!
router bgp xxx
!
address-family ipv4 vrf xxx(shared)
redistribute static
neighbor x.x.101.1 remote-as xx11
neighbor x.x.101.1 local-as 63301 no-prepend
neighbor x.x.101.1 description xxx
neighbor x.x.101.1 activate
neighbor x.x.101.1 allowas-in 1
neighbor x.x.101.1 soft-reconfiguration inbound
neighbor x.x.101.1 prefix-list pl-signaling-out out
exit-address-family
!

end

micfan · ‎09-19-2023

I removed names and public ip/as numbers.

thanks for looking everyone.

Harold Ritter · ‎09-19-2023

Hi @micfan ,

Can you share the "show bgp vpnv4 uni all <prefix/prefix-length> output for one of the prefixes that should be shared between the client and the shared vrf.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

MHM Cisco World · ‎09-19-2023

Point 1Can you check if bgp of new vrf get router ID or not?

Point2

route-target export xx11:1127
route-target import xx11:1127

Shared need to export only xx11:1127 not import export same rt number.

micfan · ‎09-19-2023

we use the import in conjunction with the export so we have reachability to these prefixes via our redundant paths in other DC.

R1#sho bgp vpnv4 uni all x.x.72.32/28
BGP routing table entry for 10.100.100.62:22:x.x.72.32/28, version 42491
Paths: (3 available, best #2, table tours)
Advertised to update-groups:
2478
Refresh Epoch 1
64513, imported path from 10.100.100.63:22:x.x.72.32/28 (global)
10.100.100.63 (metric 210) (via default) from 10.100.100.50 (10.100.100.50)
Origin incomplete, metric 0, localpref 100, valid, internal
Extended Community: RT:65411:1122
Originator: 10.100.100.63, Cluster list: 10.100.100.50
mpls labels in/out 131/50
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
64513
100.116.0.19 (via vrf tours) from 100.116.0.19 (x.x.72.4)
Origin incomplete, localpref 100, valid, external, best
Extended Community: RT:65411:1122
mpls labels in/out 131/nolabel
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 1
64513, (received-only)
100.116.0.19 (via vrf tours) from 100.116.0.19 (x.x.72.4)
Origin incomplete, localpref 100, valid, external
mpls labels in/out 131/nolabel
rx pathid: 0, tx pathid: 0
BGP routing table entry for 10.100.100.63:22:x.x.72.32/28, version 42492
Paths: (2 available, best #2, no table)
Not advertised to any peer
Refresh Epoch 1
64513
10.100.100.63 (metric 210) (via default) from 10.100.100.51 (10.100.100.51)
Origin incomplete, metric 0, localpref 100, valid, internal
Extended Community: RT:65411:1122
Originator: 10.100.100.63, Cluster list: 10.100.100.51
mpls labels in/out nolabel/50
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
64513
10.100.100.63 (metric 210) (via default) from 10.100.100.50 (10.100.100.50)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Extended Community: RT:65411:1122
Originator: 10.100.100.63, Cluster list: 10.100.100.50
mpls labels in/out nolabel/50
rx pathid: 0, tx pathid: 0x0

MHM Cisco World · ‎09-19-2023

Just change rt of import and check