Route Filtering ignoring the 0.0.0.0 route

Cormac Champion · ‎06-20-2018

I'm sure this is a simple issue but I just cannot see the problem.

I have a Nexus 9K switch with 2 x VRF's (Default and ABC). I am leaking the routes from VRF Default into VRF ABC via IMPORT-FROM-GRT and vise-versa via EXPORT-TO-GRT and works perfectly for all routes EXCEPT the 0.0.0.0 route

NEXUS9K01# sh ip route 0.0.0.0
IP Route Table for VRF "default"

0.0.0.0/0, ubest/mbest: 1/0
*via 10.3.0.9, Vlan5, [170/3072], 5w6d, eigrp-1111, external, tag 5466

NEXUS9K01# sh ip route 0.0.0.0 vrf ABC
IP Route Table for VRF "ABC"

Route not found

NEXUS9K01# sh ip route 10.2.34.0
IP Route Table for VRF "default"

10.2.34.0/24, ubest/mbest: 1/0
*via 10.3.0.9, Vlan5, [170/3072], 5w6d, eigrp-1111, external, tag 5466

NEXUS9K01# sh ip route 10.2.34.0 vrf ABC
IP Route Table for VRF "ABC"

10.2.34.0/24, ubest/mbest: 1/0
*via 10.3.0.9%default, Vlan5, [20/3072], 5w6d, bgp-100, external, tag 100

The ACL and config is as follows

NEXUS9K01# sh runn
ip prefix-list IMPORT-FROM-GRT seq 10 permit 0.0.0.0/0
ip prefix-list IMPORT-FROM-GRT seq 20 permit 10.0.0.0/8 le 24

ip prefix-list IMPORT-FROM-GRT seq 30 permit 172.16.0.0/12 le 24
ip prefix-list IMPORT-FROM-GRT seq 40 permit 192.168.0.0/16 le 24

!

ip prefix-list EXPORT-TO-GRT seq 10 permit 10.9.8.0/8 le 24

!

route-map IMPORT-MAP-FROM-GRT permit 10
match ip address prefix-list IMPORT-FROM-GRT

route-map EXPORT-MAP-FROM-GRT permit 10
match ip address prefix-list EXPORT-FROM-GRT!

!

vrf context ABC
rd 1:1
address-family ipv4 unicast
    route-target import 100:1
    route-target export 100:1
    import vrf default map IMPORT-MAP-FROM-GRT
    export vrf default map EXPORT-MAP-TO-GRT

!

router bgp 100
address-family ipv4 unicast
    redistribute direct route-map IMPORT-MAP-FROM-GRT
    redistribute eigrp 1111 route-map IMPORT-MAP-FROM-GRT
vrf ABC
    address-family ipv4 unicast
      redistribute direct route-map EXPORT-MAP-TO-GRT
      redistribute eigrp 1111 route-map EXPORT-MAP-TO-GRT

!

Georg Pauwen · ‎06-20-2018

Hello,

is 0.0.0.0/0 in the BGP table (show ip bgp) ?

Cormac Champion · ‎06-20-2018

This does not contain a 0.0.0.0 route. It contains many (all) of the 10.0.0.0 /24, 172.16.0.0 and 192.168.0.0 routes.

NEXUS9K01# sh ip bgp
BGP routing table information for VRF default, address family IPv4 Unicast
BGP table version is 102173, Local Router ID is 10.73.6.2
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup

Network Next Hop Metric LocPrf Weight Path

*>r10.2.34.0/24 0.0.0.0 3072 100 32768 ?

Harold Ritter · ‎06-20-2018

The default route, or any other route for that matter, will not be leaked if it is not present in the BGP table.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Cormac Champion · ‎06-28-2018

Sorry for the delay in following up.

The route is in the Default vrf. In order to leak the route into the ABC vrf, it must go through BGP via the ACL. It's not in BGP and that is the issue - why not ? All of the other routes have been passed but for some reason, the 0.0.0.0 route has not been.

Harold Ritter · ‎06-28-2018

Hi Cormac,

Routes have to be in BGP table in order to be leaked. The only example you have provided is for route 10.2.34.0/24 and it is in the BGP table. Please check the other routes as they should all be in the BGP table.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Cormac Champion · ‎06-29-2018

Thanks Harold

Here is a greater selection of output. This is exactly as-is down to the first of the 10.0.0.0 routes

NEXUS9K01# sh ip route
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

0.0.0.0/0, ubest/mbest: 1/0
*via 10.3.0.9, Vlan5, [170/3072], 7w1d, eigrp-1111, external, tag 5466
1.0.0.0/8, ubest/mbest: 1/0
*via 10.3.0.9, Vlan5, [170/3072], 7w1d, eigrp-1111, external, tag 5466
1.200.16.0/24, ubest/mbest: 1/0
*via 10.3.0.9, Vlan5, [170/3072], 1w0d, eigrp-1111, external, tag 5466
1.253.253.0/24, ubest/mbest: 1/0
*via 10.3.0.9, Vlan5, [170/3072], 7w1d, eigrp-1111, external, tag 5466
1.254.253.0/24, ubest/mbest: 1/0
*via 10.3.0.9, Vlan5, [170/3072], 7w1d, eigrp-1111, external, tag 5466
1.255.4.0/24, ubest/mbest: 2/0
*via 10.53.1.6, Vlan31, [170/29440], 4w2d, eigrp-1111, external, tag 21
*via 10.53.1.7, Vlan31, [170/29440], 4w2d, eigrp-1111, external, tag 21
2.9.95.0/24, ubest/mbest: 1/0
*via 10.3.0.9, Vlan5, [170/3072], 7w1d, eigrp-1111, external, tag 5466
10.0.1.0/24, ubest/mbest: 1/0
*via 10.3.0.9, Vlan5, [170/3072], 7w1d, eigrp-1111, external, tag 5466

NEXUS9K01# sh runn | include IMPORT-FROM-GRT
ip prefix-list IMPORT-FROM-GRT seq 10 permit 0.0.0.0/0
ip prefix-list IMPORT-FROM-GRT seq 20 permit 10.0.0.0/8 le 24
ip prefix-list IMPORT-FROM-GRT seq 30 permit 172.16.0.0/12 le 24
ip prefix-list IMPORT-FROM-GRT seq 40 permit 192.168.0.0/16 le 24
ip prefix-list IMPORT-FROM-GRT seq 50 permit 1.0.0.0/8 le 24
ip prefix-list IMPORT-FROM-GRT seq 60 permit 2.0.1.0/24
ip prefix-list IMPORT-FROM-GRT seq 70 permit 2.3.47.0/24
ip prefix-list IMPORT-FROM-GRT seq 80 permit 2.4.11.0/24
ip prefix-list IMPORT-FROM-GRT seq 90 permit 2.5.47.0/24
ip prefix-list IMPORT-FROM-GRT seq 100 permit 2.9.95.0/24
ip prefix-list IMPORT-FROM-GRT seq 110 permit 2.255.255.0/24

NEXUS9K01# sh ip bgp
BGP routing table information for VRF default, address family IPv4 Unicast
BGP table version is 105015, Local Router ID is 10.73.6.2
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup

Network Next Hop Metric LocPrf Weight Path
*>r1.0.0.0/8 0.0.0.0 3072 100 32768 ?
*>r1.200.16.0/24 0.0.0.0 3072 100 32768 ?
*>r1.253.253.0/24 0.0.0.0 3072 100 32768 ?
*>r1.254.253.0/24 0.0.0.0 3072 100 32768 ?
*>r1.255.4.0/24 0.0.0.0 29440 100 32768 ?
*>r2.9.95.0/24 0.0.0.0 3072 100 32768 ?
*>r10.0.1.0/24 0.0.0.0 3072 100 32768 ?

NEXUS9K01# sh ip route vrf ABC
IP Route Table for VRF "ABC"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

1.0.0.0/8, ubest/mbest: 1/0
*via 10.3.0.9%default, Vlan5, [20/3072], 7w1d, bgp-100, external, tag 100
1.200.16.0/24, ubest/mbest: 1/0
*via 10.3.0.9%default, Vlan5, [20/3072], 1w0d, bgp-100, external, tag 100
1.253.253.0/24, ubest/mbest: 1/0
*via 10.3.0.9%default, Vlan5, [20/3072], 7w1d, bgp-100, external, tag 100
1.254.253.0/24, ubest/mbest: 1/0
*via 10.3.0.9%default, Vlan5, [20/3072], 7w1d, bgp-100, external, tag 100
1.255.4.0/24, ubest/mbest: 1/0, attached
*via 1.255.4.7, Vlan255, [0/0], 19w4d, direct
1.255.4.7/32, ubest/mbest: 1/0, attached
*via 1.255.4.7, Vlan255, [0/0], 19w4d, local
1.255.4.11/32, ubest/mbest: 1/0, attached
*via 1.255.4.11, Vlan255, [0/0], 19w4d, hsrp
2.9.95.0/24, ubest/mbest: 1/0
*via 10.3.0.9%default, Vlan5, [20/3072], 7w1d, bgp-100, external, tag 100
10.0.1.0/24, ubest/mbest: 1/0
*via 10.3.0.9%default, Vlan5, [20/3072], 7w1d, bgp-100, external, tag 100

Cormac Champion · ‎07-03-2018

** Bump **