Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
560
Views
0
Helpful
4
Replies

CSR1000V Leaking Routes between Global Routing Table and Service VPN

Taiga2022
Level 1
Level 1

‎05-21-2022 08:12 PM

Hi all,

 

I'm testing a lab and met a deadlock about this issue.

I am using CSR1000v routers as an vEdge for my SDWAN Topology.

I already established the Service VPNs and they are working fine.

I wanted to try to make the Internet traffic under each service VPNs not backhaul and go directly to the Internet just from their own Edge. 

I searched on Google but still no luck so far.

How can I leak the Internet Route from the Global Routing Table to the Service VPN and vice versa?

Thank you in advance for your help.

 

Sincerely,

Labels:
0 Helpful
4 Replies 4

Deepak Kumar
VIP Alumni
VIP Alumni

‎05-21-2022 11:19 PM

Hello,

I didn't checked in latest version but as per my knowledge  Direct internet breakout (which is supported through local-tloc function on vEdges but not available in cEdges) for traffic types including SaaS traffic that breaks-out/directly goes to the internet

 

For this you can configure a static default route pointing to the VPN 0, it will be something similar to route leak from vrf to global on regular IOS. This can be achieved also from the Service VPN template. 

 

 

ip nat route vrf 11 0.0.0.0 0.0.0.0 global
!
cEdge#show ip route vrf 11

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Taiga2022
Level 1
Level 1
In response to Deepak Kumar

‎05-22-2022 06:39 PM

I tried the command but the static route is not installed in the VRF routing Table.

I'm using IOSXE 16.11.

Is the feature only for 17 version above?

0 Helpful

Kanan Huseynli
VIP
VIP

‎05-22-2022 04:07 PM

Hi,

route leaking between global and VRF is available, but you also have simple way which is via NAT DIA route.

 

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/routing/ios-xe-17/routing-book-xe/m-routing-leaking-for-service-sharing.html

 

Just configure route to 0.0.0.0/0 in service VRF with next-hop as VPN and NAT enable.

Since, underlay is interface you should have NAT configuration under VPN0 interface and whenever 0.0.0.0/0 exists though NAT enabled interface in global table, it will be available in service VRF too (as nat route).

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

Taiga2022
Level 1
Level 1
In response to Kanan Huseynli

‎05-22-2022 07:11 PM

I tried to leak a static route using :

ip nat route vrf X X.X.X.X X.X.X.X global

 

The route installed and showed up as NAT DIA but the next hop become null 0.

So obviously the routes went inside black hole. 

Is there any way to fix that?

I configured "ip nat outside" on WAN interface.

Configured VRF static route to global.

Is there other things I need to do?

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card