VRF route leaking between VRFs : BGP import export - 'best route is 0.0.0.0'?

_|brt.drml|_ · ‎08-25-2020

The results of my 'sh ip bgp vpnv4 all'

BGP table version is 5, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 45:1 (default for vrf PN2)
*> 212.45.254.0/30 0.0.0.0 0 32768 ?
* 213.45.1.0/30 0.0.0.0 0 32768 ?
*> 0.0.0.0 0 32768 ?
Route Distinguisher: 100:1 (default for vrf CAR-G3)
*> 212.45.254.0/30 0.0.0.0 0 32768 ?
* 213.45.1.0/30 0.0.0.0 0 32768 ?
*> 0.0.0.0 0 32768 ?

I would expected that he selects the known and leaked routes?

Situation: On a router I have two VRF (CAR-G3 and PN2).

Via the PN2 a tunnel arrives and that tunnel is inside that VRF.

It serves to receive a secondary tunnel. But then the router needs to connect to VRF CAR-G3. Therefore i did route leaking on that router with route export and import. I can see that the routes are known on both in the BGP session.

The BGP session is:

router bgp 1
bgp router-id interface Loopback0
bgp log-neighbor-changes
!
address-family ipv4 vrf CAR-G3
redistribute connected
exit-address-family
!
address-family ipv4 vrf PN2

redistribute connected
exit-address-family

------

I think: that it is possible via ip prefix list capturing the routes and adding a BGP local preference to them via a route-map that is then linked in the vrf's exports.

----

So any help thought or directions is well received.

Thank you

Bart

Giuseppe Larosa · ‎08-25-2020

Hello @_|brt.drml|_ ,

in the show ip bgp and shw ip bgp v a

when there are multiple paths to a prefix the prefix is reported only the first time

so the following:

>> Route Distinguisher: 45:1 (default for vrf PN2)
*> 212.45.254.0/30 0.0.0.0 0 32768 ?
* 213.45.1.0/30 0.0.0.0 0 32768 ?
*> 0.0.0.0 0 32768 ?

this means there are two paths to 213.45.1.0/30 and both of them are locally generated next-hop = =.0.0.0.0 means locally generated and also the weight 32768 means locally generated.

It is not clear why the second path is preferred as we cannot see all the BGP attributes.

You can check this using

show ip bgp vpnv4 all 213.45.1.0/30

Likely an imported route is not preferred over a route learned via redisribute connected.

Hope to help

Giuseppe

_|brt.drml|_ · ‎08-26-2020

Hi Giuseppe, thank you for your time.

If I have a look at all details of the learned route, the elected one is indeed the 'local learned' route.

The issue with that is that it is not installed in the other VRF.

What did I do on the router:

I have two physical interfaces that provide each a network. I've put each in a VRF (say VRF A and VRF B)

Network vrf A: 212.45.254.0/30 : GRE TUNNEL INTERFACE

Network vrf B: 213.45.1.0/30 : Physical G0/3 interface.

I found that I can solve this by just adding both to the same VRF. But I hoped to add extra security by logically separating them.

I followed the Cisco Guidelines by exporting and importing the vrf to each other.

Then created a simple 'router Bgp 1' where I distribute the routes 'redistribute static' on each vrf.

I notice that each vrf has knowledge about the routes but only the interface IP. I think it does not send to the 'network'.