Solved: vrf router controll

paratrooper · ‎04-09-2019

hi friens

i have a question

there is s imple topology

PE1 <------->P<------->PE2

on both PEs i configured vrf vrf_a

let us use PE2 as an exapl

PE2(config-vrf)#do show ip rou vrf vrf_a

Gateway of last resort is not set

33.0.0.0/32 is subnetted, 1 subnets
C 33.33.33.33 is directly connected, Loopback100 //// local interfaces bind into VRF
44.0.0.0/32 is subnetted, 1 subnets
C 44.44.44.44 is directly connected, Loopback200 //// local interfaces bind into VRF
100.0.0.0/32 is subnetted, 1 subnets
B 100.100.100.100 [200/0] via 1.1.1.1, 00:00:05 //// Learned preficses from PE1 over BGP
200.200.200.0/32 is subnetted, 1 subnets
B 200.200.200.200 [200/0] via 1.1.1.1, 00:00:05 //// Learned preficses from PE1 over BGP

Let say i want import only 100.100.100.100/32 prefix into vrf table and export only 33.33.33.33/32 prefix to the peer PE1

for import i did the folowing :

ip prefix-list imp seq 5 permit 100.100.100.100/32

route-map imp permit 10
match ip address prefix-list imp

ip vrf vrf_a
rd 100:1
import map imp

route-target export 100:1
route-target import 100:1

PE2(config-vrf)#do clear ip bgp *

PE2(config-vrf)#do show ip route vrf vrf_a

33.0.0.0/32 is subnetted, 1 subnets
C 33.33.33.33 is directly connected, Loopback100
44.0.0.0/32 is subnetted, 1 subnets
C 44.44.44.44 is directly connected, Loopback200
100.0.0.0/32 is subnetted, 1 subnets
B 100.100.100.100 [200/0] via 1.1.1.1, 00:00:02

As you can see import policy is working well only 100.100.100.100/32 is imported into vrf table

Now it turns to export route filtering

PE2#show ip bgp vpnv4 all neighbors 1.1.1.1 advertised-routes

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf vrf_a)
*> 33.33.33.33/32 0.0.0.0 0 32768 ?
*> 44.44.44.44/32 0.0.0.0 0 32768 ?

ip prefix-list exp seq 5 permit 33.33.33.33/32

route-map exp permit 10
match ip address prefix-list exp

ip vrf vrf_a
rd 100:1
import map imp
export map exp
route-target export 100:1
route-target import 100:1

PE2#clear ip bgp *

PE2#show ip bgp vpnv4 all neighbors 1.1.1.1 advertised-routes

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf vrf_a)
*> 33.33.33.33/32 0.0.0.0 0 32768 ?
*> 44.44.44.44/32 0.0.0.0 0 32768 ?

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

As you can see prefix *> 44.44.44.44/32 was not filtered out and is still advertised to PE1 peer

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

PE1(config)#do show ip route vrf vrf_a

Gateway of last resort is not set

33.0.0.0/32 is subnetted, 1 subnets
B 33.33.33.33 [200/0] via 3.3.3.3, 00:01:40
44.0.0.0/32 is subnetted, 1 subnets
B 44.44.44.44 [200/0] via 3.3.3.3, 00:01:40
100.0.0.0/32 is subnetted, 1 subnets
C 100.100.100.100 is directly connected, Loopback100
200.200.200.0/32 is subnetted, 1 subnets
C 200.200.200.200 is directly connected, Loopback200

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

ON PE1 prefix 44.44.44.44/32 is installed into vrf

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

The question is what is wrong, i i did wrong ?

Why in the config which i applied import policy is working well while export policy doesn't work at all ?

Thanks

Georg Pauwen · ‎04-09-2019

Hello,

remove the export route target from the vrf and add an additive community as below. If that doesn't work, post the full configs of both your PE routers:

ip vrf vrf_a
rd 100:1
import map imp
export map exp
--> no route-target export 100:1
route-target import 100:1

!
ip prefix-list exp seq 5 permit 33.33.33.33/32

!

route-map exp permit 10
match ip address prefix-list exp
set extcommunity rt 100:1 additive

View solution in original post

Hector Gustavo Serrano Gutierrez · ‎04-10-2019

Hi paratrooper,

The logic is that if you don't want to advertise 44.44.44.44 to any remote PE, you can:

a) Filter the route with a route-map as a parameter of the redistribute statement under router bgp configuration section to control which routes are redistributed into BGP VPNv4. This when you are using any IGP (EIGRP, OSPF, etc) as the PE-CE protocol.

b) You can filter the route outbound the CE or inbound the PE under route bgp with a route-map when eBGP is the PE-CE protocol.

You cannot filter routes outbound to other PEs using export map under the VRF but only set Route-Targets to specific networks using this command.

These Route-Targets included as Extended Communities in the BGP advertisement is what controls on which VRF routes are imported at the remote PE.

If you have route-target export 100:1, you are setting this Route-Target to all the routes advertised into BGP VPNv4.

In conclusion, with the last configuration you applied, you are still advertising 44.44.44.44 into BGP VPNv4 but with no Route-Target.

You can use approach a) or b) outlined above to filter this route or simple do not advertise it in BGP.

HTH.

View solution in original post

Hector Gustavo Serrano Gutierrez · ‎04-09-2019

Hi paratrooper,

You will be able to set specific Route-Targets to specific routes advertised via BGP VPNv4 with the help of the export map command. The command does not filter routes outbound but set Route Targets.

What you describe is an expected behavior.

HTH.

Georg Pauwen · ‎04-09-2019

Hello,

remove the export route target from the vrf and add an additive community as below. If that doesn't work, post the full configs of both your PE routers:

ip vrf vrf_a
rd 100:1
import map imp
export map exp
--> no route-target export 100:1
route-target import 100:1

!
ip prefix-list exp seq 5 permit 33.33.33.33/32

!

route-map exp permit 10
match ip address prefix-list exp
set extcommunity rt 100:1 additive

Hector Gustavo Serrano Gutierrez · ‎04-09-2019

Agree with @Georg Pauwen his configuration example should accomplish this.

Having removed route-target export 100:1 under ip vrf vrf_a, now not all but only the routes identified by export map exp and route-map exp are advertised with RT 100:1 thanks to set extcommunity rt 100:1 additive.

Since PE1 still import sRT 100:1 in vrf_A, you'll see the route installed in that vrf.

To clarify, export map does not filter routes outbound but selectively sets Route-Targets to routes advertised into BGP VPNv4.

When having route-target export 100:1 in the configuration, this RT is set to all the routes.

HTH.

paratrooper · ‎04-10-2019

hello thank you
yes it works
i have few questions
after i did the config you reccomended i filetered out 44.44.44.44/32 means it was not imported into the vrf on PE1 that is ok
i checked on PE2

PE2(config)#do show ip bgp vpnv4 all neighbors 1.1.1.1 advertised-routes
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf vrf_a)
*> 33.33.33.33/32 0.0.0.0 0 32768 ?
*> 44.44.44.44/32 0.0.0.0 0 32768 ?
means that both of the prefixes advertised to PE1
PE2#show ip bgp vpnv4 all 33.33.33.33
BGP routing table entry for 100:1:33.33.33.33/32, version 5
Paths: (1 available, best #1, table vrf_a)
Advertised to update-groups:
7
Refresh Epoch 1
Local
0.0.0.0 from 0.0.0.0 (3.3.3.3)
Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:100:1 ////////////////////////////////////here i can see that ext comm is inclooded
mpls labels in/out 23/nolabel(vrf_a)

PE2#show ip bgp vpnv4 all 44.44.44.44
BGP routing table entry for 100:1:44.44.44.44/32, version 6
Paths: (1 available, best #1, table vrf_a)
Advertised to update-groups:
7
Refresh Epoch 1
Local
0.0.0.0 from 0.0.0.0 (3.3.3.3)
Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced, best
mpls labels in/out 24/nolabel(vrf_a) /////////////////////////// and here i can see that ext comm doesn't exist

so the question is why prefix 44.44.44.44 is advertised to BGP the PE1 even after i removed export-target from vrf ?

paratrooper · ‎04-10-2019

thank you for your reply yes it works could you please also check my comments i dont undertand the logic why both of the prefixes are advertised into BGP and PE1 subsequently even after i deleted export-target from vrf

thanks

Hector Gustavo Serrano Gutierrez · ‎04-10-2019