Solved: Route Leak not working

hesham-elsayed · ‎01-19-2025

Hi all

i have created a lab from 2 VTEPS and 1 SPINE , 2 VRFS company 1 and company 2 , i wanted to route leak 10.20.0.0/24 from Company 2 to Company 1 , i did the import on the VRF of the Company 2 on LEAF2 and i was able to see 10.20.0.0/24 shows in ip route table of Company 1 ..

but on LEAF1 although i can see the 10.20.0.0/24 subnet was learned from LEAF2 with community of 65000:1040 ( 1040 , i try to import 65000:1040 to Company 2 VRF but i don't see 10.20.0.0/24 in Company 2 ip route table

I don't know if i was able to explain this correctly , i have attached the show run of LEAF1 and LEAF 2

--------------------------------------------------------------------------------------------------

LEAF-2# show ip route vrf Company1
IP Route Table for VRF "Company1"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

6.6.6.0/24, ubest/mbest: 1/0
*via 1.1.1.1%default, [200/0], 14:07:21, bgp-65000, internal, tag 65001, seg
id: 1030 tunnelid: 0x1010101 encap: VXLAN

10.1.1.0/24, ubest/mbest: 1/0, attached
*via 10.1.1.254, Vlan10, [0/0], 14:27:59, direct
10.1.1.254/32, ubest/mbest: 1/0, attached
*via 10.1.1.254, Vlan10, [0/0], 14:27:59, local
10.15.0.0/24, ubest/mbest: 1/0, attached
*via 10.15.0.254, Vlan50, [0/0], 14:27:59, direct
10.15.0.254/32, ubest/mbest: 1/0, attached
*via 10.15.0.254, Vlan50, [0/0], 14:27:59, local
10.18.0.0/24, ubest/mbest: 1/0
*via 1.1.1.1%default, [200/0], 14:07:21, bgp-65000, internal, tag 65001, seg
id: 1030 tunnelid: 0x1010101 encap: VXLAN

10.20.0.0/24, ubest/mbest: 1/0, attached
*via 10.20.0.1%MWANI, Vlan70, [20/0], 13:55:47, bgp-65000, external, tag 650
00
194.18.19.0/24, ubest/mbest: 1/0
*via 1.1.1.1%default, [200/0], 14:07:21, bgp-65000, internal, tag 65001, seg
id: 1030 tunnelid: 0x1010101 encap: VXLAN

-----------------------------------------------------------------------------------------------------------

LEAF-2# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 44, Local Router ID is 2.2.2.2
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - b
est2

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65000:1030
*>i[5]:[0]:[0]:[24]:[6.6.6.0]/224
1.1.1.1 0 100 0 65001 ?
*>i[5]:[0]:[0]:[24]:[10.18.0.0]/224
1.1.1.1 0 100 0 65001 ?
*>i[5]:[0]:[0]:[24]:[194.18.19.0]/224
1.1.1.1 0 100 0 65001 ?

Route Distinguisher: 2.2.2.2:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[0050.7966.6803]:[0]:[0.0.0.0]/216
2.2.2.2 100 32768 i

Route Distinguisher: 65000:1030 (L3VNI 1030)
*>i[5]:[0]:[0]:[24]:[6.6.6.0]/224
1.1.1.1 0 100 0 65001 ?
*>l[5]:[0]:[0]:[24]:[10.15.0.0]/224
2.2.2.2 0 100 32768 ?
*>i[5]:[0]:[0]:[24]:[10.18.0.0]/224
1.1.1.1 0 100 0 65001 ?
*>i[5]:[0]:[0]:[24]:[194.18.19.0]/224
1.1.1.1 0 100 0 65001 ?

Route Distinguisher: 65000:1040 (L3VNI 1040)
*>l[5]:[0]:[0]:[24]:[10.20.0.0]/224
2.2.2.2 0 100 32768 ? ( the route is learned , but it never show up on Company1 route table after import )

hesham-elsayed · ‎01-19-2025

Found the solution , route-target import required the EVPN command at the end , route-target only concerned ipv4 unicast routes

vrf context Company1
vni 1040
rd 65000:1040
address-family ipv4 unicast
route-target import 65000:1030
route-target import 65000:1030 evpn

View solution in original post

MHM Cisco World · ‎01-19-2025

Hi Hesham

Since you use same AS you need allowas-in 1 in bgp config

Try add it and check

Goodluck

MHM

hesham-elsayed · ‎01-19-2025

Hello MHM

Route leaks from VRF1 to VRF2 on leaf 2 works fine for subnets that on leaf 2 , Routes learned from a neighbor leaf for VRF1 are added without any issues to VRF1 in the second leaf , but never show up in VRF2

allowas in , i dont have a neighbor to add add it under , its a route leak from VRF1 to VRF2 , its leaking fine except for the routes that were learned from another bgp leaf

MHM Cisco World · ‎01-19-2025

How you dont have Neighbor?

You have two leaf neighbor with spine' am I correct?

MHM

hesham-elsayed · ‎01-19-2025

Yes with a spine , The route though is received on LEAF2 from LEAF 1 , and it added correctly to the correct vrf based on the rd

*>l[5]:[0]:[0]:[24]:[10.21.0.0]/224
1.1.1.1 0 100 32768 ?

but it never leaks to the other vrf , i am also suggesting its a ibgp - to - ibgp - which is then kinda redistributed to the second vrf ( route leak ) and here where the router say it a split horizon issue , but i dont know where to stop it from behaving this way

i tried to deploy allowas in under both leafs towards the spine , but that didnt help

hesham-elsayed · ‎01-19-2025

Found the solution , route-target import required the EVPN command at the end , route-target only concerned ipv4 unicast routes

vrf context Company1
vni 1040
rd 65000:1040
address-family ipv4 unicast
route-target import 65000:1030
route-target import 65000:1030 evpn

MHM Cisco World · ‎01-19-2025

Excellent friend

Glad issue solve

Can I ask do you still apply allowas-in ?

MHM

hesham-elsayed · ‎01-19-2025

this was enough without allowas in ,

route-target import 65000:1030 evpn

Thanks for your help