Solved: Re: NEXUS 9K Route Leaking VRF <> Default VRF (GRT) - Help needed please

Cormac Champion · ‎01-17-2018

Hi all,

I believe I'm possibly 95% correct and I'm just missing something small. As the title says, I'm looking to leak routes between a VRF and the Default. The config I have now is as follows below. I'm obviously wrong on the vrf context config or the BGP config.

Any assistance would be greatly appreciated.

ip prefix-list EXPORT-TO-GRT seq 10 permit 10.10.10.0/24
ip prefix-list EXPORT-TO-GRT seq 20 permit 10.10.20.0/24
ip prefix-list EXPORT-TO-GRT seq 30 permit 10.10.30.0/24
ip prefix-list IMPORT-FROM-GRT seq 10 permit 10.20.0.0/16

!

route-map EXPORT-MAP-TO-GRT permit 10
match ip address prefix-list EXPORT-TO-GRT
route-map IMPORT-MAP-FROM-GRT permit 10
match ip address prefix-list IMPORT-FROM-GRT

!

vrf context ABC
rd 1:1
address-family ipv4 unicast
route-target import 100:1
route-target export 100:1
export map EXPORT-MAP-TO-GRT
import map IMPORT-MAP-FROM-GRT

!

router bgp 100
address-family ipv4 unicast
redistribute direct route-map IMPORT-MAP-FROM-GRT
vrf DCC
address-family ipv4 unicast
redistribute direct route-map EXPORT-MAP-TO-GRT
!

Peter Paluch · ‎01-17-2018

Hello,

So we see an improvement but not a full resolution. Hmmm...

Your import from the global RIB into the VRF currently matches exactly on 10.20.0.0/16 network, not any of its subnets. Do you truly have the exact 10.20.0.0/16 network in your global RIB? If not, and if you expect to leak subnets of the 10.20.0.0/16 space instead, then your prefix-list has to be changed as follows:

ip prefix-list IMPORT-FROM-GRT seq 10 permit 10.20.0.0/16 le 32

In addition, for the routes to be leaked from the global RIB into the VRF, they need to be first imported in the BGP RIB. Can you confirm that you can see 10.20.0.0/16 (or its subnets) in the show ip bgp command output? If not, the redistribution would be the next focus.

Best regards,
Peter

View solution in original post

Peter Paluch · ‎01-17-2018

Hello,

Replace the import map and export map commands in the VRF with import vrf default map and export vrf default map commands. The commands you are using now are not intended to perform route leaking but rather to give you finer control over routes that are being imported to or exported from the VRF based on route targets. Admittedly, the syntax is so similar that it is confusing to keep them apart :)

Best regards,
Peter

Cormac Champion · ‎01-17-2018

Many thanks for that.

I've now got the default learning routes from the VRF, but the VRF isn't learning anything from the default.

I can only assume that I've missed something else :-(

Peter Paluch · ‎01-17-2018

Hello,

So we see an improvement but not a full resolution. Hmmm...

Your import from the global RIB into the VRF currently matches exactly on 10.20.0.0/16 network, not any of its subnets. Do you truly have the exact 10.20.0.0/16 network in your global RIB? If not, and if you expect to leak subnets of the 10.20.0.0/16 space instead, then your prefix-list has to be changed as follows:

ip prefix-list IMPORT-FROM-GRT seq 10 permit 10.20.0.0/16 le 32

In addition, for the routes to be leaked from the global RIB into the VRF, they need to be first imported in the BGP RIB. Can you confirm that you can see 10.20.0.0/16 (or its subnets) in the show ip bgp command output? If not, the redistribution would be the next focus.

Best regards,
Peter

Cormac Champion · ‎01-17-2018

Thank you ever so much for taking the time and trouble to respond. That's working perfectly now and I can ping perfectly from the default vrf to interfaces in the ABC vrf.

There were plenty of articles covering either IOS vrf's or Nexus Inter-VRF route leaking, and one article on using Import Map which is only on the N7K, but I never found anything covering the N9K's and the default vrf to a vrf.

Peter Paluch · ‎01-17-2018

Hi,

You are very much welcome! I am glad to hear that things are working now.

Best regards,
Peter

Cormac Champion · ‎02-02-2018

Hi again,

I need some further assistance on this.

How can I learn the 0.0.0.0/0 route from the Default VRF ? The following should work - yes ?

ip prefix-list IMPORT-FROM-GRT seq 10 permit 0.0.0.0/0

I have a 0.0.0.0 route (static) in EIGRP

In addition, do I need to do anything special or additional to the route leaking config to allow it to be applied on both switches in the Domain rather than on just one of the switches ? BGP External Routes are learned into my Default VRF on the switch where the route leaking is configured so do I then just need to redistribute these routes into my EIGRP ?

Thanks in advance

James.Kelly · ‎11-07-2018

I am having an issue where I am trying to export a route in the default vrf from another vrf.

The import default is present within the address family for the vrf but the export default isn't.

For instance:

system-01(config-vrf-af-ipv4)# import ?
map Route-map based VRF import
vrf Virtual Router Context
system-01(config-vrf-af-ipv4)# import

system-01(config-vrf-af-ipv4)# export ?
map Route-map based VRF export
system-01(config-vrf-af-ipv4)# export

I am currently running software version n7000-s2-kickstart.6.2.16.bin.

Is this the problem, do I need to upgrade to 6.2.20 or beyond to get this command?

Cheers

bravewarrrior2021 · ‎08-05-2021

I have the same issue, two Nexus at each data center and need to leak routes between a VRF and the GT, would you please post all the relevant configurations?

jcajuste · ‎01-15-2022

can i please see a copy of your configuration?