Re: VRF Route Leaking Not working as expected

mediaos718 · ‎02-12-2021

I am running 2 VRF's between a CE and PE

*VRF's name: DATA and SECURITY

*In the PE - I do route leaking (Importing the routes in each VRF).

*In the CE, I expected the DATA routes in the SECURITY table and I expected the SECURITY routed in the DATA table

*I do not have any route maps.

*In the PE, I see the advertised touter to the neighbors (or to the CE).

*In the CE, i do not see the received-routes.

See attached for the show commands.

Please help.

MHM Cisco World · ‎02-12-2021

No attachment, re attach again

mediaos718 · ‎02-12-2021

Georg Pauwen · ‎02-13-2021

Hello,

it is difficult to see what you are missing without seeing the full configs. Do you have 'address-family ipv4' configured under the vrf definitions?

ip vrf DATA
rd 20:20
route-target export 20:20
route-target import 20:20
route-target import 10:10

--> address-family ipv4
!
ip vrf PHONE
rd 30:30
route-target export 30:30
route-target import 30:30
!
ip vrf SECURITY
rd 10:10
route-target export 10:10
route-target import 10:10
route-target import 20:20

--> address-family ipv4
!

mediaos718 · ‎02-13-2021

I attached the configs (PE and CE)

paul driver · ‎02-13-2021

Hello
You dont seem to be sending/receiving any extended communities
Can you post:
sh vrf detail
sh bgp vpnv4 unicast vrf DATA
sh bgp vpnv4 unicast vrf SECURITY

PE rtrs
router bgp
address-family vpnv4
neighbor x.x.x.x send-community both

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎02-13-2021

send-community by default,
but can I ask why both not just extended ?

MHM Cisco World · ‎02-13-2021

are you face any error/log message
bgp couldn't find router-id in CE or PE?

paul driver · ‎02-13-2021

Hello @MHM Cisco World

FYI send-community both enables both standard and extended

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎02-13-2021

Yes I know but I ask why we need here standard ?

paul driver · ‎02-13-2021

Hello @MHM Cisco World
Unless the OP post the details of the PE vrf we wont know what they are sending, but if the extended community's are not set set then that's a good possibility why the routes are not get advertised.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎02-13-2021

CE-PE
there is one link or multi link ? i.e. one link for each vrf ?

CE-PE vrf data
config the link connect with

ip vrf forwarding data

CE-PE vrf voice

config the link connect with
ip vrf forwarding voice

PE
router bgp x
!
address-family ipv4 vrf data
neighbor CE remote Y
!
address-family ipv4 vrf voice
neighbor CE remote Y

CE
router bgp Y
!
address-family ipv4 vrf data
neighbor
!
address-family ipv4 vrf voice
neighbor

NOW I think the issue here is using only one link?

paul driver · ‎02-13-2021

Hello

After you've posted the running configs, you don't seem to be showing any configuration for any AF vpns regards an mpls superbackbone (pe-p-pe) rtrs

Can you confirm how youve set this topology is up, post a diagram

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

mediaos718 · ‎02-13-2021

Paul, I realize I did not include all the info (I thought the snipet that I provided would be enough). I attached a new diagram which explains what I am trying to do.

I am running cisco DNA in the main site.
R1, R2, R3, and R3 will be the transit.
Now, I have to bring the remote sites into DNAC.
As per the diagram, R7 will be the DNA border for SITE-1 – As a result, DNAC will create multiple VRF’s in R7.
I will create a EBGP peering between R7 and R3 for each VN or VRF.

The issue that I am trying to solve:

If the transit (iBGP peering) is down, I would need to use the backup link to get to the main site.

The backup link will be connected in VRF DATA. (R3 and R7 are in the same Data Center) I would like to do a route leak in the DATA and SECURITY VRF’s in R3 so that the SECURITY VRF is able to use the backup link.

I did the route leak in R3 but I do not see the DATA VRF routes in the SECURITY VRF in R7.
I do see the DATA VRF routes in the SERUTITY VRF table in R7. And I can see that the routes are been advertised to R7 VRF neighbor.

MHM Cisco World · ‎02-13-2021

this backup link is direct connect ?