Re: VRF-Lite Route Leaking with BGP

mkashifashraf · ‎02-11-2020

Dears,

I've configured VRF-Lite on RY with BGP Route leaking.

BGP AS number on RX, RY & RZ are same.

I'm trying to advertised routes of RZ to RX.

RY have multiple VRF:

VRF A: towards RZ

VRF B: towards LAN (Firewall)

VRF C: towards RX

Route leak between VRF A to VRF C is fine,

My requirement is VRF A routes should pass first VRF B (Route leak is done and RZ routes are available in VRF B)

then VRF B advertised routes to VRF A (Route leak is done and VRF C has routes of VRF B except RZ).

This requirement is due to involvement of Firewall that all traffic should pass firewall and apply NAT.

Waiting for the support.

Thanks

paul driver · ‎02-12-2020

Hello
As long as the redistribution is being done then ultizing some import/export maps between the vrf instances may be applicable.

Example:
ip prefix-list rtrA-export permit a.a.a.a/a
ip prefix-list rtrb-import permit b.b.b.b/b

route-map export
match ip address prefix-list rtrA-export

route-map import
match ip address prefix-list rtrb-import

ip vrf A
export ipv4 unicast map export
import ipv4 unicast map import

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

mkashifashraf · ‎02-12-2020

Hi Paul,

Thanks for your suggestions,

VRF leakage between VRFs are fine routes are available, as per requirements.

but my requirement is that VRF A route 10.1.1.1 should be available in VRF B to apply firewall policies and do natting, then it has to be available with natted IP in VRF C.

I can see VRF B routes in VRF C except VRF A routes, if I remove direct VRF leak between A & C.

Although VRF A routes available in VRF B, then why it's not carry all routing table in VRF C including VRF A.

Updated topology attached.