02-18-2021 07:28 AM
Hi All,
I'm trying to emulate as best as possible SD Access under Eve-NG using CSR routers as the Border node and Fusion Router and a combination of CSRs and L2 IOL switches to emulate Fabric nodes. The CSR's don't work with subinterfaces so I have had to use Bridge Domain Interfaces as a work around to run VRFs. There are two VRT's IT and OT. For the OT VRF I can route leak the shared services network, however I have also created a 'legacy OT network' that I would like to route leak as well into the OT VRF. The problem is this: I have used prefix-lists and then import these prefix-lists into the OT VRF. If the prefix list refers to a directly connected network segment on the fusion router, the route leaking will work and the routes are advertised using mBGP to the border router. If the Prefix-list refers to prefix that it not directly connected, the routes are not advertised. I have put static routes on the fusion router pointing to the next hop OT router for the legacy OT networks in question, but this does not work. Attached is the topology in Eve-NG for reference. Any suggestions would be most welcome. Many Thanks Andrew
Solved! Go to Solution.
02-19-2021 06:46 AM
Hi,
Adding the BGP network statements as you suggested did the trick.
Silly mistake.
Thank you for your help. Very much appreciated.
02-18-2021 11:16 AM
From the Fusion router can you please upload a show run, show ip route (for any relevant vrf) and show bgp vpnv4 uni all.
Also, please provide at least 1 subnet which is not leaked from globalrib/shared services vrf to OT vrf.
Regards
02-18-2021 12:29 PM
Hi, attached is the output you requested.
As an example of a connected route that is being leaked correctly into the OT VRF, this is the shared services network (172.16.254.0/24).
As you can see from the config I have tried the same approach for the OT networks (172.16.50.0/24 and 172.16.60.0/24). These networks are behind the OT router that is directly connected to the Fusion Router. What is interesting is that I can leak the subnet 10.1.2.0/30 that connects the Fusion Router with the OT router as this is directly connected.
Thank you for looking at this.
Thanks
Andrew
02-18-2021 01:40 PM
vrf definition OT
rd 1:4101
!
address-family ipv4
import ipv4 unicast map IMPORT_OT
Based on this, you are trying to import routes from the global routing table into vrf OT, matching these:
ip prefix-list LEGACY_OT seq 5 permit 172.16.50.0/24
ip prefix-list LEGACY_OT seq 10 permit 172.16.60.0/24
ip prefix-list LEGACY_OT seq 15 permit 10.1.2.0/30
While the only one which was leaked was:
B 10.1.2.0/30 is directly connected, 02:09:59, GigabitEthernet3
Which is leaked because it is added into the BGP on the add ipv4 /GRIB family:
address-family ipv4
network 0.0.0.0
redistribute connected -----------------------***********
Try adding 172.16.50.0 and 172.16.60.0 on the BGP process for add ipv4 / GRIB family with either network statements or redistribution in case you use any IGP.
Regards
02-19-2021 06:46 AM
Hi,
Adding the BGP network statements as you suggested did the trick.
Silly mistake.
Thank you for your help. Very much appreciated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide