Cisco BGP Dynamic Route Leaking feature Interaction with Juniper

sbhogale · ‎03-11-2013

Introduction
Topology
Test Scenarios
1) Import from default-vrf
i) Matching prefix
ii) Matching Community attribute
iii) Matching as-path; prefix
iv) Matching as-path;prefix and community
2) Export to default-vrf
i) Matching prefix
ii) Matching community attribute
iii) Matching as-path; prefix
iv) Matching as-path; prefix;community
3) Common prefixes imported to multiple vrf's
Traffic Scenarios
4 a) CISCO vrf ----> Junos global
b) Junos Global ----> Cisco vrf
5 a) Cisco global ----> Junos vrf
b) Junos vrf ----> Cisco global
6 a) CISCO vrf -----> Junos vrf
b) Junos vrf ----> Cisco vrf
References
Related Information

Introduction

Virtual Routing and Forwarding (VRF) tables are logically isolated entities that enable multiple VPN’s to share a common core such as Internet while keeping private networks traffic segregated from the Internet traffic.In some cases, we will need to allow global prefixes to be installed in vrf table and vice-versa. Currently this can be done by adding a static route, etc.Customers want a way to dynamically leak routes between global and vrf table. This is accomplished through the new feature BGP Dynamic Route-leaking that provides a flexibility of leaking multiple prefixes using route-policy for import and export.

Dynamic Route leaking feature is introduced to import routes from global/default vrf to non-default vrf and vice-versa.

Topology

Basic Configuration CLI

To import from default-VRF to non-default-VRF import, the following configuration is needed:

vrf <VRF_NAME>

address-family <ADDRESS_FAMILY>

import from default-vrf route-policy <POLICY_NAME>

To import from non-default-VRF to default VRF, the following configuration is needed:

vrf <VRF_NAME>

address-family <ADDRESS_FAMILY>

export to default-vrf route-policy <POLICY_NAME>

Policy is mandatory in both the cases.

Test Scenarios

1) Import from default-vrf

i) Matching prefix

Configuration on Cisco router

route-policy dyna-route-leak-8-x

if destination in (8.0.0.0/24) then

pass

endif

end-policy

vrf vrf1

address-family ipv4 unicast

import from default-vrf route-policy dyna-route-leak-8-x

import route-target

1:1

!

Existing Global entry for the route:

RP/0/RSP0/CPU0:vc#sh bgp 8.0.0.0/24

Wed Jan 16 10:48:52.515 PST

BGP routing table entry for 8.0.0.0/24

Versions:

Process bRIB/RIB SendTblVer

Speaker 272161 272161

Last Modified: Jan 16 10:38:15.025 for 00:10:37

Paths: (1 available, best #1)

Not advertised to any peer

Path #1: Received by speaker 0

Not advertised to any peer

65008

192.200.1.2 (metric 2) from 6.6.6.6 (6.6.6.6)

Origin incomplete, localpref 100, valid, internal, best, group- best, import-candidate

Received Path ID 0, Local Path ID 1, version 272161

RP/0/RSP0/CPU0:vc#

Show command to see imported route in vrf1

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf1 8.0.0.0/24

Wed Jan 16 10:49:10.665 PST

BGP routing table entry for 8.0.0.0/24, Route Distinguisher: 3.3.3.3:0

Versions:

Process bRIB/RIB SendTblVer

Speaker 258011 258011

Last Modified: Jan 16 10:38:15.025 for 00:10:55

Paths: (1 available, best #1)

Advertised to CE update-groups (with more than one peer):

0.2

Path #1: Received by speaker 0

Advertised to CE update-groups (with more than one peer):

0.2

65008

192.200.1.2 (metric 2) from 6.6.6.6 (6.6.6.6)

Origin incomplete, localpref 100, valid, internal, best, group-best,

import-candidate, imported- This tag gets added for the imported route

Received Path ID 0, Local Path ID 1, version 258011

Source VRF: default, Source Route Distinguisher: 0:0

RP/0/RSP0/CPU0:vc#

RP/0/RSP0/CPU0:vc#sh cef vrf vrf1 8.0.0.0/24

Wed Jan 16 10:50:08.130 PST

8.0.0.0/24, version 110154, internal 0x14000001 (ptr 0x75714894) [1], 0x0 (0x0), 0x0 (0x0)

Updated Jan 16 10:38:15.502

Prefix Len 24, traffic index 0, precedence n/a, priority 3

via 192.200.1.2, 7 dependencies, recursive [flags 0x6010]

path-idx 0 [0x72d9f6e0 0x0]

next hop VRF - 'default', table - 0xe0000000---- next hop would still point to the default vrf for a route imported in vrf table

next hop 192.200.1.2 via 192.200.1.0/24

RP/0/RSP0/CPU0:vc#

ii) Matching Community attribute

Configuration on Cisco router

route-policy dyna-route-leak-comm-9-x

if community matches-every (65008:9) then

pass

endif

end-policy

vrf vrf2

address-family ipv4 unicast

import from default-vrf route-policy dyna-route-leak-comm-9-x

import route-target

1:2

Global Entry for route:

RP/0/RSP0/CPU0:vc#sh bgp 9.0.0.0/24

Fri Jan 4 16:27:10.080 PST

BGP routing table entry for 9.0.0.0/24

…..

………

Not advertised to any peer

65008

1.1.1.1 (metric 9) from 1.1.1.1 (1.1.1.1)

Origin IGP, localpref 100, valid, internal, best, group-best, import-candidate

Received Path ID 0, Local Path ID 1, version 739583

Community: 65008:9

Show command to see imported route in vrf2

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf2 9.0.0.0

Wed Jan 16 11:07:39.941 PST

BGP routing table entry for 9.0.0.0/24, Route Distinguisher: 1:2

.....

....

192.200.1.2 (metric 2) from 6.6.6.6 (6.6.6.6)

Origin incomplete, localpref 100, valid, internal, best, group-best,

import-candidate, imported

......

iii) Matching as-path; prefix

Configuration on Cisco router

route-policy dyna-route-leak-aspath-prefix-10-x

if as-path originates-from '65008' and destination in (10.0.0.0/24) then

pass

endif

end-policy

!

vrf vrf3

address-family ipv4 unicast

import from default-vrf route-policy dyna-route-leak-aspath-prefix-10-x

import route-target

1:3

Global entry for the route:

RP/0/RSP0/CPU0:vc#sh bgp 10.0.0.0/24

Wed Jan 16 11:13:46.446 PST

BGP routing table entry for 10.0.0.0/24

……

…….

Show command to see imported route in vrf3

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf3 10.0.0.0/24

Wed Jan 16 11:14:10.537 PST

BGP routing table entry for 10.0.0.0/24, Route Distinguisher: 1:3

…..

Origin incomplete, localpref 100, valid, internal, best, group-best,

import-candidate, imported

…….

RP/0/RSP0/CPU0:vc#sh cef vrf vrf3 10.0.0.0

Wed Jan 16 11:14:21.743 PST

10.0.0.0/24, version 58508, internal 0x14000001 (ptr 0x75b37d34) [1], 0x0 (0x0), 0x0 (0x0)

…….

next hop VRF - 'default', table - 0xe0000000

next hop 192.200.1.2 via 192.200.1.0/24

RP/0/RSP0/CPU0:vc#

iv) Matching as-path;prefix and community

Configuration on Cisco router

route-policy dyna-route-leak-aspath-prefix-comm-11-x

if as-path originates-from '65008' and destination in (11.0.0.0/24) and community matches-every (65008:11) then

pass

endif

end-policy

vrf vrf4

address-family ipv4 unicast

import from default-vrf route-policy dyna-route-leak-aspath-prefix-comm-11-x

import route-target

1:4

Global entry for the route:

RP/0/RSP0/CPU0:vc#sh bgp 11.0.0.0/24

Wed Jan 16 11:20:59.420 PST

BGP routing table entry for 11.0.0.0/24

…..

Show command to see imported route in vrf4

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf4 11.0.0.0

Wed Jan 16 11:22:48.438 PST

BGP routing table entry for 11.0.0.0/24, Route Distinguisher: 1:4

……

Origin incomplete, localpref 100, valid, internal, best, group-best,

import-candidate, imported

……..

RP/0/RSP0/CPU0:vc#sh cef vrf vrf4 11.0.0.0

Wed Jan 16 11:23:27.457 PST

11.0.0.0/24, version 39030, internal 0x14000001 (ptr 0x75b37da4) [1], 0x0 (0x0), 0x0 (0x0)

Updated Jan 16 11:22:50.079

.......

next hop VRF - 'default', table - 0xe0000000

next hop 192.200.1.2 via 192.200.1.0/24

RP/0/RSP0/CPU0:vc#

2) Export to default-vrf

i) Matching prefix

Cisco configuration on the router

route-policy dyna-route-leak-26-x

if destination in (26.0.0.0/30) then

pass

endif

end-policy

vrf vrf1

address-family ipv4 unicast

export to default-vrf route-policy dyna-route-leak-26-x

export route-target

1:1

VRF entry for the route:

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf1 26.0.0.0

Wed Jan 16 11:34:20.369 PST

BGP routing table entry for 26.0.0.0/30, Route Distinguisher: 3.3.3.3:0

…….

……

Show command to see exported route in the global table

RP/0/RSP0/CPU0:vc#sh bgp 26.0.0.0

Wed Jan 16 11:34:46.949 PST

BGP routing table entry for 26.0.0.0/30

……..

…….

Advertised to update-groups (with more than one peer):

0.7 0.8

65002

192.172.1.2 from 192.172.1.2 (192.172.1.2)

Origin incomplete, localpref 100, valid, external, best, group-best, import-candidate, imported -••à This tag gets added for the imported route

Received Path ID 0, Local Path ID 1, version 372157

Extended community: RT:1:1

Origin-AS validity: not-found

Source VRF: vrf1, Source Route Distinguisher: 3.3.3.3:0

RP/0/RSP0/CPU0:vc#sh cef 26.0.0.0

Wed Jan 16 11:34:54.832 PST

26.0.0.0/30, version 2038985, internal 0x14004001 (ptr 0x759afa7c) [1], 0x0 (0x72fee3d8), 0x400 (0x74714080)

………

next hop VRF - 'vrf1', table - 0xe0000042••à next hop would still point to the vrf table for a route imported in global table

……….

ii) Matching community attribute

Cisco Configuration on the router

route-policy dyna-route-leak-comm-27-x

if community matches-every (65004:27) then

pass

endif

end-policy

!

vrf vrf2

address-family ipv4 unicast

export to default-vrf route-policy dyna-route-leak-comm-27-x

export route-target

1:2

!

VRF Entry for route:

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf2 27.0.0.0

Wed Jan 16 11:42:48.873 PST

BGP routing table entry for 27.0.0.0/30, Route Distinguisher: 1:2

……

Show command to see exported route in the global table

RP/0/RSP0/CPU0:vc#sh bgp 27.0.0.0

Wed Jan 16 11:44:26.564 PST

BGP routing table entry for 27.0.0.0/30

……

……..

192.172.2.2 from 192.172.2.2 (192.172.2.2)

Origin EGP, localpref 100, valid, external, best, group-best, import-candidate, imported

………

RP/0/RSP0/CPU0:vc#sh cef 27.0.0.0

Wed Jan 16 11:44:33.638 PST

27.0.0.0/30, version 2038990, internal 0x14004001 (ptr 0x759afbc0) [1], 0x0 (0x72fee360), 0x400 (0x74b8c278)

………

next hop VRF - 'vrf2', table - 0xe0000043

…….

iii) Matching as-path; prefix

Cisco configuration on the router

route-policy dyna-route-leak-aspath-prefix-28-x

if as-path originates-from '65006' and destination in (28.0.0.0/30) then

pass

endif

end-policy

vrf vrf3

address-family ipv4 unicast

export to default-vrf route-policy dyna-route-leak-aspath-prefix-28-x

export route-target

1:3

Vrf entry for the route:

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf3 28.0.0.0

Wed Jan 16 11:47:04.085 PST

BGP routing table entry for 28.0.0.0/30, Route Distinguisher: 1:3

………

……

Show command to see exported route in the global table

RP/0/RSP0/CPU0:vc#sh bgp 28.0.0.0

Wed Jan 16 11:48:31.484 PST

BGP routing table entry for 28.0.0.0/30

……..

Origin incomplete, localpref 100, valid, external, best, group-best, import-candidate, imported

……

RP/0/RSP0/CPU0:vc#sh cef 28.0.0.0

Wed Jan 16 11:47:53.249 PST

28.0.0.0/30, version 2059119, internal 0x14000001 (ptr 0x759af9a4) [1], 0x0 (0x72fee400), 0x400 (0x754ea778)

……..

………

next hop VRF - 'vrf3', table - 0xe0000044

……

iv) Matching as-path; prefix;community

Cisco configuration on the router

route-policy dyna-route-leak-aspath-prefix-comm-29-x

if as-path originates-from '65008' and destination in (29.0.0.0/30) and

community matches-every (65008:29) then

pass

endif

end-policy

vrf vrf4

address-family ipv4 unicast

export to default-vrf route-policy dyna-route-leak-aspath-prefix-comm-29-x

export route-target

1:4

Vrf entry for the route:

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf4 29.0.0.0

Wed Jan 16 11:54:34.259 PST

BGP routing table entry for 29.0.0.0/30, Route Distinguisher: 1:4

……

……….

Show command to see exported route in the global table

RP/0/RSP0/CPU0:vc#sh bgp 29.0.0.0

Wed Jan 16 11:54:51.833 PST

BGP routing table entry for 29.0.0.0/30

……..

Origin incomplete, localpref 100, valid, external, best, group-best,

import-candidate, imported

……

RP/0/RSP0/CPU0:vc#sh cef 29.0.0.0

Wed Jan 16 11:54:56.327 PST

29.0.0.0/30, version 2059125, internal 0x14004001 (ptr 0x72d4c304) [1], 0x0 (0x75554448), 0x400 (0x754fa470)

……..

next hop VRF - 'vrf4', table - 0xe0000045

…….

3) Common prefixes imported to multiple vrf's

Cisco Configuration on the router

route-policy dyna-route-leak-8-x

if destination in (12.0.0.0/24) then

pass

endif

end-policy

vrf vrf1

address-family ipv4 unicast

import from default-vrf route-policy dyna-route-leak-8-x

Similarly this route-policy can be imported under multiple vrf to import this prefix.

Global entry for the route

RP/0/RSP0/CPU0:vc#sh bgp 12.0.0.0/24

Wed Jan 16 12:05:11.712 PST

BGP routing table entry for 12.0.0.0/24

…….

……….

Show command to see route imported in multiple vrf’s

VRF1:

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf1 12.0.0.0/24

Wed Jan 16 12:05:30.630 PST

BGP routing table entry for 12.0.0.0/24, Route Distinguisher: 3.3.3.3:0

VRF2:

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf2 12.0.0.0/24

Wed Jan 16 12:07:08.524 PST

BGP routing table entry for 12.0.0.0/24, Route Distinguisher: 1:2

VRF3:

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf3 12.0.0.0/24

Wed Jan 16 12:07:12.441 PST

BGP routing table entry for 12.0.0.0/24, Route Distinguisher: 1:3

VRF4:

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf4 12.0.0.0/24

Wed Jan 16 12:07:17.185 PST

BGP routing table entry for 12.0.0.0/24, Route Distinguisher: 1:4

Vrf entry in all the vrf’s:

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf1 12.0.0.0/24

Wed Jan 16 12:05:30.630 PST

BGP routing table entry for 12.0.0.0/24, Route Distinguisher: 3.3.3.3:0

…….

……….

Origin incomplete, localpref 100, valid, internal, best, group-best, import-candidate, imported

……….

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf2 12.0.0.0/24

Wed Jan 16 12:07:08.524 PST

BGP routing table entry for 12.0.0.0/24, Route Distinguisher: 1:2

……

………

Origin incomplete, localpref 100, valid, internal, best, group-best, import-candidate, imported

……

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf3 12.0.0.0/24

Wed Jan 16 12:07:12.441 PST

BGP routing table entry for 12.0.0.0/24, Route Distinguisher: 1:3

……..

Origin incomplete, localpref 100, valid, internal, best, group-best, import-candidate, imported

……

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf4 12.0.0.0/24

Wed Jan 16 12:07:17.185 PST

BGP routing table entry for 12.0.0.0/24, Route Distinguisher: 1:4

…….

……

Origin incomplete, localpref 100, valid, internal, best, group-best, import-candidate, imported

….......

Traffic Scenarios

4 a) CISCO vrf ----> Junos global

Traffic direction: Cisco ----> Junos

27.0.0.0(vrf2) ----> 9.0.0.0

Dynamic route-leaking based on Community on Cisco ASR9K:

-Import from default-vrf

Cisco configuration on the router

route-policy dyna-route-leak-comm-9-x

if community matches-every (65008:9) then

pass

endif

end-policy

vrf vrf2

address-family ipv4 unicast

import from default-vrf route-policy dyna-route-leak-comm-9-x

Global entry for 9.0.0.0 on Cisco ASR9K:

RP/0/RSP0/CPU0:vc#sh bgp 9.0.0.0

Wed Feb 13 00:33:04.007 PST

BGP routing table entry for 9.0.0.0/24

……

…….

Route as seen in CISCO vrf table after route-leaking

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf2 9.0.0.0

Wed Feb 13 00:33:56.913 PST

BGP routing table entry for 9.0.0.0/24, Route Distinguisher: 1:2

…….

……….

Origin incomplete, localpref 100, valid, internal, best, group-best, import-

candidate, imported

……..

Cef entry for the route:

RP/0/RSP0/CPU0:vc#sh cef vrf vrf2 9.0.0.0

Wed Feb 13 00:37:02.628 PST

9.0.0.0/24, version 150018, internal 0x14000001 (ptr 0x74e1ef84) [1], 0x0 (0x0), 0x0 (0x0)

……

next hop VRF - 'default', table - 0xe0000000

……..

b) Junos Global ----> Cisco vrf

Traffic direction : Junos --> Cisco

9.0.0.0 --> 27.0.0.0(vrf2)

Dynamic route-leaking based on Community on Cisco ASR9K:

-Export to default vrf:

Cisco configuration on the router

route-policy dyna-route-leak-comm-27-x

if community matches-every (65004:27) then

pass

endif

end-policy

!

vrf vrf2

address-family ipv4 unicast

export to default-vrf route-policy dyna-route-leak-comm-27-x

Vrf entry for the route:

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf2 27.0.0.0

Wed Feb 13 00:20:02.109 PST

BGP routing table entry for 27.0.0.0/30, Route Distinguisher: 1:2

……

Route as seen in CISCO Global table after route-leaking

RP/0/RSP0/CPU0:vc#sh bgp 27.0.0.0

Wed Feb 13 00:23:13.598 PST

BGP routing table entry for 27.0.0.0/30

……

Origin EGP, localpref 100, valid, external, best, group-best, import-candidate, imported

…….

CEF entry for the route:

RP/0/RSP0/CPU0:vc#sh cef 27.0.0.0

Wed Feb 13 00:22:19.199 PST

27.0.0.0/30, version 357462, internal 0x14000001 (ptr 0x71cedfe0) [1], 0x0 (0x73a9a798), 0x400 (0x74690070)

……

next hop VRF - 'vrf2', table - 0xe0000012

……..

5 a) Cisco global ----> Junos vrf

Traffic direction: cisco -----> junos

16.0.0.0---- 15.0.0.0(vrf1)

Route-leaking on Juniper ----- vrf to global:

Juniper configuration on the node

root@MX960# show routing-instances vrf1

instance-type vrf;

interface xe-5/1/0.101;

route-distinguisher 1:1;

vrf-import vrf1-import;

vrf-export vrf1-export{

routing-options {

auto-export;

}

protocols {

bgp {

family inet {

unicast;

}

group ROUTE-LEAK {

type external;

family inet {

unicast {

rib-group vrf1-to-global;

}

neighbor 192.7.1.2 {

peer-as 65002;

}

Route as seen in Juniper Global table after route-leaking

root@MX960# run show route 15.0.0.0

inet.0: 70048 destinations, 70054 routes (70048 active, 0 holddown, 0 hidden)

@ = Routing Use Only, # = Forwarding Use Only

+ = Active Route, - = Last Active, * = Both

15.0.0.0/24 *[BGP/170] 00:14:03, localpref 100

AS path: 65002 ?

> to 192.7.1.2 via xe-5/1/0.101

vrf1.inet.0: 20038 destinations, 20038 routes (20038 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

15.0.0.0/24 *[BGP/170] 18:34:44, localpref 100

AS path: 65002 ?

> to 192.7.1.2 via xe-5/1/0.101

b) Junos vrf ----> Cisco global

Traffic direction: Junos ----->CISCO

15.0.0.0(vrf1)---- 16.0.0.0

Route-leaking on Juniper global--- to----vrf:

Juniper configuration on the node

root@MX960# show protocols bgp group ROUTE-LEAK-internal

type internal;

family inet {

unicast {

rib-group global-to-vrf1;

}

local-as 65000;

neighbor 3.3.3.3 {

local-address 6.6.6.6

peer-as 65000;

}

Route as seen in Juniper vrf table after route-leaking

root@MX960# run show route 16.0.0.0

inet.0: 70048 destinations, 70054 routes (70048 active, 0 holddown, 0 hidden)

@ = Routing Use Only, # = Forwarding Use Only

+ = Active Route, - = Last Active, * = Both

16.0.0.0/24 *[BGP/170] 00:58:02, localpref 100, from 3.3.3.3

AS path: 65010 ?

> to 12.1.1.2 via xe-5/2/0.0

vrf1.inet.0: 20038 destinations, 20038 routes (20038 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

16.0.0.0/24 *[BGP/170] 00:05:43, localpref 100, from 3.3.3.3

AS path: 65010 ?

> to 12.1.1.2 via xe-5/2/0.0

6 a) CISCO vrf -----> Junos vrf

Traffic direction:

CISCO (26.0.0.0) VRF1------- JUNOS (15.0.0.0) VRF1

Dynamic route-leaking configuration on CISCO ASR9K

route-policy dyna-route-leak-15-x

if destination in (15.0.0.0/24) then

pass

endif

end-policy

vrf vrf1

address-family ipv4 unicast

import from default-vrf route-policy dyna-route-leak-15

Route as seen in CISCO vrf table after route-leaking

RP/0/RSP0/CPU0:vc#sh bgp vrf vrf1 15.0.0.0

Thu Feb 7 10:44:05.506 PST

BGP routing table entry for 15.0.0.0/24, Route Distinguisher: 1:1

…….

Not advertised to any peer

65002

6.6.6.6 (metric 1) from 6.6.6.6 (6.6.6.6)

Origin incomplete, localpref 100, valid, internal, best, group-best, import-candidate, imported

Received Path ID 0, Local Path ID 1, version 128819

Extended community: RT:1:1

Source VRF: default, Source Route Distinguisher: 0:0

b) Junos vrf ----> Cisco vrf

Traffic direction:

JUNOS (15.0.0.0) VRF1------- CISCO (26.0.0.0) VRF1

Header 1

route-policy dyna-route-leak-26-x

if destination in (26.0.0.0/30) then

pass

endif

end-policy

!

vrf vrf1

address-family ipv4 unicast

export to default-vrf route-policy dyna-route-leak-26-x

Route as seen in Juniper vrf table after route-leaking

root@MX960# run show route 26.0.0.0

inet.0: 60028 destinations, 60034 routes (60028 active, 0 holddown, 0 hidden)

@ = Routing Use Only, # = Forwarding Use Only

+ = Active Route, - = Last Active, * = Both

26.0.0.0/30 *[BGP/170] 00:00:03, localpref 100, from 3.3.3.3

AS path: 65002 ?

> to 12.1.1.2 via xe-5/2/0.0

vrf1.inet.0: 10018 destinations, 10018 routes (10018 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

26.0.0.0/30 *[BGP/170] 00:00:03, localpref 100, from 3.3.3.3

AS path: 65002 ?

> to 12.1.1.2 via xe-5/2/0.0

References

N/A

Related Information

Sheetal Bhogale

Software Engineer, ASR9K SIT Team

william jackson · ‎07-16-2013

Great document thanks.

Am I right in saying that this will only work for BGP routes? I cannot use RPL to import/export IGP routes?

Also is this from 4.3.1 onwards?

thanks

xthuijs · ‎07-16-2013

thanks for the comment will!

in fact for this feature you are using RPL to import the routes from the default routing table into the vrf.

it doesnt matter to the rpl where the routes in teh global table are from (ospf, static, isis etc)

the RPL is applied to the attach point of the vrf.

typically in an mpls-vpn scenario you have some igp or bgp running between PE and CE and BGP running as your core protocol.

The routes in the global are generally coming from an IGP like ospf or isis.

So I think the answer to your question is yes, but maybe I am misunderstanding what you're asking?

regards

xander

william jackson · ‎07-16-2013

I have a 4.3.1 with all relevant SMUs box in the lab. Config was wiped.

I have the following commands:

vrf Tester address-family ipv4 unicast

import from default-vrf route-policy tester-policy

!

prefix-set tester

192.168.87.0/24

!

route-policy tester-policy

if destination in tester then

pass

end-if

end-policy

router static

address-family ipv4 unicast

192.168.87.0/24 null0

!

commits ok.

I the do a sh route

and I see the static route

when I do a :

sh route vrf Tester

I get no matching routes?

am I missing something else that I need?

xthuijs · ‎07-16-2013

do you see it in the bgp table?

show bgp vrf VRFNAME <prefix>

I am thinking that the nexthop is inaccessible (null0) so that is why you probably dont see it in the routing table of the vrf, it may show in the bgp table, but gets rib denied based on that NH.

if I am off, try to set a route with a true next hop, and redefine your route policy to do a blind pass all just to exclude rpl from being an issue here.

config wipe: yeah... when editing route policies or prefix-sets they use a different parser and you will need to reconfigure them from scratch. check the article on asr9000 route policy language for some tips using edit <polify-name> vim to use the VI editor to edit the RPL.

cheers

xander

william jackson · ‎07-17-2013

no im not having any luck, Ill open a TAC case.

also:

is there an equivilent of the junos next-table command on ios-xr:

example:

inside a vrf:

vrf testcustomer

router static address-family ipv4 unicast

0.0.0.0/0 next-table default-vrf

so that if the route isnt found in the vrf table then will jump through to the default-vrf to look for routing info?

xthuijs · ‎07-17-2013

Hi Will, shame, yeah might be best to open a tac case, solving cases like this via this forum isn't the easiest, a lot of outputs are required to drill down to it, or sit together with a screen share.

As for your other question, yes that is possible, you can define a static route pointing to a different vrf (or global) for that matter.

That is done unde the router static, address-family ipv4, vrf X, route context.

regards

xander

Kim Fai Lai · ‎07-25-2013

Hi William,

You can check if you have proper RD and RT in your configuration. it would be similar to this:

vrf Tester address-family ipv4 unicast

import from default-vrf route-policy tester-policy

import route-target

1:1

!

router bgp XXX

vrf Tester

rd 1:1

Regards,

Philip

Michalis Milaitis · ‎09-30-2013

Hello Alexander,

Thank you for the great article.

My problem is that I want to have a central PE to export customers routes from vrf to global routing table.

How can I export MP-BGP learned routes to vrf-default?

The MP-BGP routes have next-hop to vrf default so they aren't exported to global table.

Regards,

Michael

How can I export a MP-BGP learned route to vrf-default?

The route has next-hop to vrf default so it isn't exported to global table.

The aim is to have a central PE to export customers routes from vrf to global routing table. How can I export a MP-BGP learned route to vrf-default?

The route has next-hop to vrf default so it isn't exported to global table.

The aim is to have a central PE to export customers routes from vrf to global routing table. How can I export a MP-BGP learned route to vrf-default?

The route has next-hop to vrf default so it isn't exported to global table.

The aim is to have a central PE to export customers routes from vrf to global routing table.

xthuijs · ‎09-30-2013

Hi Michael,

can you use vrf aware ABF for that?

to get the traffic from the global into the vrf (that is how it is normally done)

regards

xander

Michalis Milaitis · ‎10-01-2013

The problem is that I want to advertise customer routes from the vrf to the global bgp table. I want to do this dynamically.

I think that ABF doesn't work for mpls tagged traffic.

The PE is the gateway for a central VPN-INTERNET service which all the MPLS-VPN customers use for internet access.

On the same box, we want to import a default route from the global to the VRF and also export customer imported public routes from this VRF back to global. The global to vrf import works as expected, but we are facing issues with the vrf to global. Locally generated routes withing the VRF are exported to global with no problem, but RT imported routes are not. We assume that this is because MP-BGP routes have a next hop at default-vrf.

As I understand I can't use "dynamic vrf route leaking" for MP-BGP learned routes fοr vrf-to-global export, am I correct?

xthuijs · ‎10-01-2013

Hi Michalis, you should be able to do that also, but vrf to global works a bit differently then vrf to vrf.

here is a config example:

vrf definition vpn1

address-family ipv4

export ipv4 unicast|multicast [<1-2147483647>] map <route-map-name>

exit-address-family

address-family ipv6

export ipv6 unicast|multicast [<1-2147483647>] map <route-map-name>

exit-address-family

Note: the prefix-limit by default is 1000 for both VRF<->global

vrf definition vpn3

rd 3:3

!

address-family ipv4

export ipv4 unicast map vrf-to-global

route-target export 3:3

route-target import 3:3

route-target import 100:1

route-target import 100:2

exit-address-family

can you give that a try?

regards

xander

Michalis Milaitis · ‎10-01-2013

Hi Alexander, thank you for the answers.

vrf TEST_VPN_Internet

address-family ipv4 unicast

export to default-vrf route-policy EXPORT_TO_DEFAULT

When I use the above configuration only the local originated routes exported to vrf-default. Just one connected looback. The MP-BGP learned routes weren't exported.

vrf TEST_VPN_Internet

address-family ipv4 unicast

export route-policy EXPORT_TO_DEFAULT

When I use the above configuration none route exported to vrf-default.

Regards,

Michael

xthuijs · ‎10-02-2013

What does the rpl look like Michael?

Also show us te show bgp vpnv4 vrf <name> outputs to see if the rpl maps have been applied to the vrf properly.

thanks

xander

Michalis Milaitis · ‎10-04-2013

Hi Alexander,

I replied to you with private message with details about the RPL.

I had the bellow answer from the TAC :

"As of today, we do not support the leaking of the imported routes (VPN) to be exported to the global table as ip routes. Hence, only local routes in VRF can be exported to GRT. To export vpnv4 prefixes, please, export them on their "home" remote PE."

Do you know whether this feature will be supported in the future?

Regards,

Michael

xthuijs · ‎10-04-2013

hi michael,

thanks I just picked up your message with the config details.

I am a bit surprised about that because what is the use of the export capability of local routes only, which means that you have to propagate local vrf routes all the way through your IGP. One may want to import the vrf routes only on that PE and limit the distribution (via RPL) into the IGP domain.

Ok I have the detail and thanks also for the additional show outputs, that really helps, let me run with this and I'll report back if there is any (good?!?!?) news

cheers

xander