Hi Julio,

Thank you for responding.

I am aware of that command in IOS but it doesn't appear to be an available command in NX-OS.

I've noticed that the 'total reject count for policy = 1':

NX-5672-02(config-route-map)# show ip eigrp route-map statistics redistribute bgp 15401 vrf NV
IP-EIGRP Route-map Traffic Statistics for AS 31 VRF NV
C: No. of comparisions, M: No. of matches

route-map DEFAULT_ROUTE permit 10
match ip address prefix-list DEFAULT_ROUTE C: 1 M: 1

Total accept count for policy: 0
Total reject count for policy: 1
IP-EIGRP Route-map Traffic Statistics for AS 1 VRF NV
C: No. of comparisions, M: No. of matches

route-map DEFAULT_ROUTE permit 10
match ip address prefix-list DEFAULT_ROUTE C: 1 M: 1

Total accept count for policy: 0
Total reject count for policy: 1

This makes me wonder if it's the route-map that's the problem not the necessary commands to control the redistribution from BGP to EIGRP....

Any advice/suggestions?

Thanks for your response.

I'm not sure if this is the exact reason why it's not available, but we have VRF LITE in use not VRF MPLS and much like the previous post, there does not appear to be a command available under the VRF context to configure a route distinguisher.

Here's the output of commands available within the VRF context:

NX-5672-02(config)# vrf context NV
NX-5672-02(config-vrf)#
NX-5672-02(config-vrf)# address-family ipv4 unicast
NX-5672-02(config-vrf-af-ipv4)#
NX-5672-02(config-vrf-af-ipv4)# ?
  export VRF export
  import VRF import
  maximum Set a limit
  no Negate a command or set its defaults
  route-target Specify Target VPN Extended Communities
  end Go to exec mode
  exit Exit from command interpreter
  pop Pop mode from stack or restore from name
  push Push current mode to stack or save it under name
  where Shows the cli context you are in

Upstream the iBGP router (which is also the eBGP router which receives the default route from the ISP) has a RD configured in the same INTERNET VRF.  Config is as follows:

ip vrf INTERNET
rd 1:1
route-target export 1:1
route-target import 1:1

From the Nexus switch, it looks like this RD is carried from that upstream router and is 'usable' on the Nexus:

NX-5672-02(config-vrf)# show ip bgp all 0.0.0.0/0 vrf INTERNET
BGP routing table information for VRF INTERNET, address family IPv4 Unicast
BGP routing table entry for 0.0.0.0/0, version 1112
Paths: (2 available, best #1)
Flags: (0x804001a) on xmit-list, is in urib, is best urib route, exported

Advertised path-id 1
Path type: internal, path is valid, is best path
AS-Path: 8220 , path sourced external to AS
172.16.5.1 (metric 0) from 172.16.5.2 (1.1.1.1)
Origin IGP, MED 0, localpref 120, weight 0
Extcommunity:
RT:1:1
Originator: 10.122.113.27 Cluster list: 1.1.1.1

Path type: internal, path is valid, received only
AS-Path: 8220 , path sourced external to AS
172.16.5.1 (metric 0) from 172.16.5.2 (1.1.1.1)
Origin IGP, MED 0, localpref 120, weight 0
Originator: 10.122.113.27 Cluster list: 1.1.1.1

Path-id 1 advertised to peers:
172.16.5.3

Regarding the route-type in the route-map, I happened to find an article online discussing that so I added it to the existing route-map but to no avail.  The default route was still not visible in the EIGRP topology table (for EIGRP AS 1) and therefore wasn't appearing in the NV VRF routing table.

The route-map statistics command was also saying there was no matches for the route-type.

Updated route-map:

route-map DEFAULT_ROUTE, permit, sequence 10
Match clauses:
ip address prefix-lists: DEFAULT_ROUTE
route-type: internal

Route-map statistics:

NX-5672-02(config-route-map)# show ip eigrp route-map statistics redistribute bgp 15401 vrf NV
IP-EIGRP Route-map Traffic Statistics for AS 31 VRF NV
C: No. of comparisions, M: No. of matches

route-map DEFAULT_ROUTE permit 10
match ip address prefix-list DEFAULT_ROUTE C: 1 M: 1
match route-type internal C: 0 M: 0

Total accept count for policy: 0
Total reject count for policy: 1
IP-EIGRP Route-map Traffic Statistics for AS 1 VRF NV
C: No. of comparisions, M: No. of matches

route-map DEFAULT_ROUTE permit 10
match ip address prefix-list DEFAULT_ROUTE C: 1 M: 1
match route-type internal C: 0 M: 0

Total accept count for policy: 0
Total reject count for policy: 1

I'm not sure if I needed to clear the BGP session though to kick it into life....maybe that's why it didn't work....

I have this working in a similar environment but with Nexus 9k switches and the RD was required under the VRF context before I could leak the routes between VRFs. Note that the Route Target community value is not the same as the RD.

Can you check if you have the RD configuration option directly under the VRF context and not under address-family ipv4 unicast.

NXOS(config)# vrf context test
NXOS(config-vrf)# ?
  address-family  Configure address family
  description     Description of the VRF
  ip              Configure IP features
  ipv6            Configure IPv6 features
  no              Negate a command or set its defaults
  rd              VPN Route Distinguisher
  shutdown        Shutdown current VRF
  vni             Virtual Network Identifier
  end             Go to exec mode
  exit            Exit from command interpreter
  pop             Pop mode from stack or restore from name
  push            Push current mode to stack or save it under name
  where           Shows the cli context you are in

Ah yes, well spotted.  My eyes saw RD and not RT.

Unfortunately I don't have the RD command available:

NX-5672-02(config)# vrf context NV
NX-5672-02(config-vrf)# ?
  address-family Configure address family
  description Description of the VRF
  ip Configure IP features
  ipv6 Configure IPv6 features
  no Negate a command or set its defaults
  shutdown Shutdown current VRF
  vni Virtual Network Identifier
  end Go to exec mode
  exit Exit from command interpreter
  pop Pop mode from stack or restore from name
  push Push current mode to stack or save it under name
  where Shows the cli context you are in

Ok maybe the RD is not a requirement for the Nexus 5627. I can see in the below link that route-leaking on the Nexus 5672 is supported.

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5600/sw/unicast/7x/unicast_n5600_config/l3_virtual.html

Do you see the BGP default route in the BGP table under the INTERNET VRF and also in the NV VRF routing table?

In the INTERNET VRF yes:

NX-5672-02# show ip bgp all neighbors 172.16.5.2 received-routes vrf INTERNET

Peer 172.16.5.2 routes for address family IPv4 Unicast:
BGP table version is 1113, local router ID is 2.2.2.2
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup

Network Next Hop Metric LocPrf Weight Path
* i0.0.0.0/0 172.16.5.1 0 120 0 8220 i

And it therefore appears in the VRF INTERNET routing table:

NX-5672-02# show ip route vrf INTERNET
IP Route Table for VRF "INTERNET"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

0.0.0.0/0, ubest/mbest: 1/0
*via 172.16.5.1, [150/0], 18:36:25, bgp-15401, internal, tag 8220,

The NV VRF though is only used by EIGRP not BGP.  The topology table for EIGRP just shows a static route which I have put in temporarily until this issue is resolved:

NX-5672-02# show ip eigrp topology 0.0.0.0/0 vrf NV

IP-EIGRP (AS 1): Topology entry for 0.0.0.0/0
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 256256
Routing Descriptor Blocks:
0.0.0.0, from Rstatic, Send flag is 0x0
Composite metric is (256256/0), Route is External
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 10 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
Internal tag is 0
External data:
Originating router is 10.122.31.122 (this system)
AS number of route is 0
External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000)
10.122.31.253 (Vlan31), from 10.122.31.253, Send flag is 0x0
Composite metric is (256512/256256), Route is External
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 20 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
Internal tag is 0
External data:
Originating router is 10.122.31.110
AS number of route is 0
External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000)

Ok. Are you able to remove the static route from the NV VRF routing table for testing?

I'll look to do that.

I would have expected though, to be able to use the EIGRP topology table to verify if the default route is being advertised into EIGRP / the NV VRF.

Ok. I suspect that the route leaking is working correctly as everything looks correct but the presence of the static route in the NV VRF that you are redistributing into EIGRP is hiding it due to its lower AD.  Remember that a route must exist in the VRF's RIB before it can be redistributed into EIGRP.

When you get a moment, can you try removing the static default route in the NV VRF and check the RIB 'show ip route VRF NV' for the presence of the BGP 15401 default route? If it is there then you should be able to redistribute it into EIGRP using the route-map matching the route-type internal.

Ok will do.

To clarify (as I seem to have applied lots of different config to try make this work) what exact commands do you think need to be there to leak between VRF's?

I'll remove those that should have no bearing on this...

Your original config looks ok. I dont think that there is any need for the import and export maps under the VRF contexts so these can be removed.

Also when you get a minute can you post the output of the following

show ip bgp vrf INTERNET

show ip bgp vrf NV

I'll be removing the static routes tonight so I'll provide an update later.

NX-5672-02# show ip bgp vrf INTERNET
BGP routing table information for VRF INTERNET, address family IPv4 Unicast
BGP table version is 1113, local router ID is 2.2.2.2
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup

Network Next Hop Metric LocPrf Weight Path
*>i0.0.0.0/0 172.16.5.1 0 120 0 8220 i
*>l195.111.182.0/26 0.0.0.0 110 32768 i
* i 172.16.5.2 120 0 i

NX-5672-02# show ip bgp vrf NV
BGP routing table information for VRF NV, address family IPv4 Unicast
BGP table version is 1100, local router ID is 10.122.31.122
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup

Network Next Hop Metric LocPrf Weight Path
*>i0.0.0.0/0 172.16.5.1 0 120 0 8220 i
*>l195.111.182.0/26 0.0.0.0 110 32768 i

I guess that confirms the VRF leaking is working(?)

I understand your point about the static route and it's AD but I'm confused why the (BGP) default route wouldn't be shown in the EIGRP topology table even if its not favoured over the redistributed static route......?