This is a 3750X with ip services.
I spend already some time researching and still nothing.
This is my issue:
I have this route that exists in the routing table learned via BGP but is not redistributed into OSPF!!!
VAN-DMZ-SW#show ip route vrf c1 172.18.254.0
Routing Table: c1
Routing entry for 172.18.254.0/28
Known via "bgp 65055", distance 20, metric 0
Tag 65058, type external
Redistributing via ospf 2
Last update from 172.18.14.129 00:07:47 ago
Routing Descriptor Blocks:
* 172.18.14.129, from 172.18.14.129, 00:07:47 ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 65058
MPLS label: none
VAN-DMZ-SW#show ip bgp vpnv4 vrf c1 172.18.254.0
BGP routing table entry for 172.18.0.253:2:172.18.254.0/28, version 17158
Paths: (1 available, best #1, table c1)
Not advertised to any peer
172.18.14.129 from 172.18.14.129 (10.85.2.2)
Origin IGP, metric 0, localpref 100, valid, external, best
This is the OSPF process config:
router ospf 2 vrf c1
redistribute bgp 65055 metric-type 1 subnets tag 201
network 172.18.0.16 0.0.0.7 area 0
network 172.18.0.253 0.0.0.0 area 0
distribute-list OSPF-Routes-for-VRF-C1 in
The OSPF database does not include it. The only entry came from another device in the network. The route I want is obviously not being passed to other devices which are OSPF neighbours of this one.
VAN-DMZ-SW#show ip ospf 2 database | i 172.18.254.0
172.18.254.0 172.18.0.254 918 0x80000B9A 0x0035FD 3489725984
My local ospf process is only originating a route based on a loopback interface.
VAN-DMZ-SW#show ip ospf 2 database | i 172.18.0.253
OSPF Router with ID (172.18.0.253) (Process ID 2)
172.18.0.253 172.18.0.253 1033 0x8000002D 0x009F87 2
Hello, as Kenneth mentioned.
The OSPF Support for Multi-VRF on CE Routers feature provides the capability of suppressing provider edge (PE) checks that are needed to prevent loops when the PE is performing a mutual redistribution of packets between the OSPF and BGP protocols. When VPN routing and forward (VRF) is used on a router that is not a PE (that is, one that is not running BGP), the checks can be turned off to allow for correct population of the VRF routing table with routes to IP prefixes.
capability vrf-lite enables VRF-Lite on the Multi-VRF CE router running OSPF.
With Multi-VRF CE, the CE router acts as a PE router and performs the checks for down bits and domain tags.
try to add it in the CEs OSPF
router ospf 2 vrf c1
Hope this helps
Sent from Cisco Technical Support iPhone App
Thanks everybody for your help.
No, vrf-lite did not fix this issue. In fact, I have the same configuration at a different place and works great. There is something related to this particular BGP entry or neighbour.
router bgp 65055
no bgp default ipv4-unicast
address-family ipv4 vrf c1
aggregate-address 220.127.116.11 255.255.255.224 summary-only
redistribute ospf 2 vrf c1 match internal external 1
neighbor 172.18.14.129 remote-as 65058
neighbor 172.18.14.129 version 4
neighbor 172.18.14.129 activate
neighbor 172.18.14.129 send-community
neighbor 172.18.14.129 route-map C1-VAN-IN in
neighbor 172.18.14.129 route-map C1-OUT out
It seems that there may be some confusion, at least for me :-)
Is thist setup for VRF Lite or MP-BGP, such as for use with L3VPN MPLS?
In your setup do you have a CE,PE,P routers such as below:
vrfs on the PEs and MP BGP between the PE's and the P router?
If so, the you will need to activate the address-family vpnv4 and send both communtities on those routers.
Maybe its not allowed because you redistribute ospf into bgp, and try to setup to redistribute bgp into ospf.
That would mean that the paths would be redistributing between ospf and bgp till infinity.
I am not sure if you are allowed to do that.
Try stopping redistribution of OSPF into BGP and see if BGP will start redistribute into OSPF.
It works now.
Probably a Cisco bug
I destroyed everything: ospf, bgp, interfaces and even the vrf. After creating these again, all magically works.
I'm using ver 12.2(58)SE2 in case somebody has the same issue.
Really appreciated your help.
This was not an MPLS environment. I just use vrfs for security. This is a L3 switch working with my FW and interconnecting many 3rd parties; each with a separate vrf.