Solved: Route leaking VRF to Global

Shawnw4401 · ‎02-11-2017

Hello,

I am having issues getting my VRF routes to talk to my global route. I can ping from Global to VRF. I have been following this guide: Route Leaking in MPLS/VPN Networks. It works up until the portion where I have to enter my VRF route to global. I keep getting an error: % For VPN or topology routes, must specify a next hop IP address if not a point-to-point interface--and--%Invalid next hop address (it's this router).

For the route, I tried to input:

ip route vrf Computers 192.168.5.0 255.255.255.252 GigabitEthernet 0/0
and
ip route vrf Computers 192.168.5.0 255.255.255.252 192.168.5.2

ip cef
!
ip vrf Computers
rd 25:1
route-target export 25:1
route-target import 71:1
route-target import 25:1
!
ip vrf MGMT
rd 10:1
!
ip vrf Servers
rd 71:1
route-target export 71:1
route-target import 25:1
route-target import 49:1
!
ip vrf Wi-Fi
rd 49:1
route-target export 49:1
route-target import 71:1
!
interface GigabitEthernet0/0
ip address 192.168.5.2 255.255.255.252
duplex full
speed 1000
media-type rj45
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip vrf forwarding MGMT
ip address 192.168.0.1 255.255.255.252
!
interface GigabitEthernet0/1.25
encapsulation dot1Q 25
ip vrf forwarding Computers
ip address 192.168.52.1 255.255.255.248
ip helper-address vrf Servers 192.168.17.19
!
interface GigabitEthernet0/1.49
encapsulation dot1Q 49
ip vrf forwarding Wi-Fi
ip address 192.168.94.33 255.255.255.240
ip helper-address vrf Servers 192.168.17.19
!
interface GigabitEthernet0/1.71
encapsulation dot1Q 71
ip vrf forwarding Servers
ip address 192.168.17.17 255.255.255.248
!
ip route 0.0.0.0 0.0.0.0 192.168.5.1
ip route 192.168.52.0 255.255.255.248 GigabitEthernet0/1.25
ip route 192.168.94.32 255.255.255.240 GigabitEthernet0/1.49

A little lost with what I am doing wrong or what else I need to do. Any insight on this issue would be greatly appreciated. Thanks.

willwetherman · ‎02-12-2017

Actually after inspecting your original configuration further, is the purpose of the route leaking to allow the Computers VRF to use next-hop 192.168.5.1 for networks that are not local to this router such as for internet access? If so, we can remove the import ipv4 unicast map configuration that we have applied above and simply apply the following static routes

ip route 192.168.52.0 255.255.255.248 GigabitEthernet0/1.25
ip route vrf Computers 0.0.0.0 0.0.0.0 GigabitEthernet0/0 192.168.5.1 global

View solution in original post

willwetherman · ‎02-11-2017

Hi,

I have implemented something similar before by using BGP to share routes between VRFs using route-targets and then using an import ipv4 unicast map to import prefixes from the Global VRF.

Example config

router bgp 65000
no bgp default ipv4-unicast
bgp log-neighbor-changes
!
address-family ipv4
no auto-summary
no synchronization
network 192.168.5.0 mask 255.255.255.252
exit-address-family
!
address-family ipv4 vrf Wi-Fi
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf Servers
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf Computers
redistribute connected
no synchronization
exit-address-family

ip prefix-list Gig0/0-NET seq 5 permit 192.168.5.0/30

route-map IMPORT-GLOBAL permit 10
match ip address prefix-list Gig0/0-NET

ip vrf Computers
import ipv4 unicast map IMPORT-GLOBAL

Hope this helps.

Shawnw4401 · ‎02-11-2017

Will,

Thanks for the reply. I tried this example as well. I can see the route being learned via BGP now, but I still cannot reach those IP address.

LAN_Sec_Router(config)#$ Computers ip 192.168.5.1 source 192.168.52.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.52.1
...
Success rate is 0 percent (0/3)

LAN_Sec_Router#show ip route vrf Computers 192.168.5.0

Routing Table: Computers
Routing entry for 192.168.5.0/30, 1 known subnets
Attached (1 connections)
B 192.168.5.0 is directly connected, 00:02:24, GigabitEthernet0/0

LAN_Sec_Router#show ip route vrf Computers

Routing Table: Computers
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.5.0/30 is subnetted, 1 subnets
B 192.168.5.0 is directly connected, 00:02:52, GigabitEthernet0/0
192.168.17.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.17.16/29
is directly connected (Servers), 00:11:47, GigabitEthernet0/1.71
L 192.168.17.17/32 is directly connected, GigabitEthernet0/1.71
192.168.52.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.52.0/29 is directly connected, GigabitEthernet0/1.25
L 192.168.52.1/32 is directly connected, GigabitEthernet0/1.25
192.168.254.0/32 is subnetted, 4 subnets
O 192.168.254.25
[110/2] via 192.168.52.2, 00:10:29, GigabitEthernet0/1.25
C 192.168.254.26 is directly connected, Loopback26
B 192.168.254.71
[20/2] via 192.168.17.18 (Servers), 00:11:02, GigabitEthernet0/1.71
B 192.168.254.72 is directly connected (Servers), 00:11:52, Loopback72

ip vrf Computers
rd 25:1
import ipv4 unicast map IMPORT-GLOBAL
route-target export 25:1
route-target import 71:1
route-target import 25:1

router bgp 25
bgp log-neighbor-changes
no bgp default ipv4-unicast
!
address-family ipv4
network 192.168.5.0 mask 255.255.255.252
exit-address-family
!
address-family ipv4 vrf Computers
redistribute connected
redistribute ospf 25
exit-address-family
!
address-family ipv4 vrf MGMT
redistribute connected
exit-address-family
!
address-family ipv4 vrf Servers
redistribute connected
redistribute ospf 71
exit-address-family
!
address-family ipv4 vrf Wi-Fi
redistribute connected
redistribute ospf 49
exit-address-family

ip prefix-list Gig0/0-NET seq 5 permit 192.168.5.0/30
!
!
!
!
route-map IMPORT-GLOBAL permit 10
match ip address prefix-list Gig0/0-NET

willwetherman · ‎02-12-2017

Hi,

Do you still have the following static route in place in the global routing table?

ip route 192.168.52.0 255.255.255.248 GigabitEthernet0/1.25

Also can you try and ping the routers local Gig0/0 IP address 192.168.5.2 from VRF Computers? If this is successful then there may be a routing issue with the next hop device.

willwetherman · ‎02-12-2017

Actually after inspecting your original configuration further, is the purpose of the route leaking to allow the Computers VRF to use next-hop 192.168.5.1 for networks that are not local to this router such as for internet access? If so, we can remove the import ipv4 unicast map configuration that we have applied above and simply apply the following static routes

ip route 192.168.52.0 255.255.255.248 GigabitEthernet0/1.25
ip route vrf Computers 0.0.0.0 0.0.0.0 GigabitEthernet0/0 192.168.5.1 global

Shawnw4401 · ‎02-12-2017

Will,

Correct, the purpose of the route leaking is to allow the Computers VRF to communicate with the 192.168.5.0/30 network to access the Internet.

I removed the previous ipv4 unicast map configurations and put in the static route: ip route vrf Computers 0.0.0.0 0.0.0.0 GigabitEthernet0/0 192.168.5.1 global. It still did not work. It shows it as a static route in the routing table. I did a debug on ICMP. I received the following message:

*Feb 12 15:07:27.399: ICMP: dst (192.168.5.2) host unreachable rcv from 192.168.5.1

willwetherman · ‎02-12-2017

Can you post the output of 'show ip route'

Also does the router with IP 192.168.5.1 have a route back to 192.168.52.0/29 with a next-hop IP address of 192.168.5.2?

Shawnw4401 · ‎02-12-2017

Will,

Certainly, give me a moment and I'll swap over. Unfortunately, every time I try to make changes and post them on here I have to disconnect from the Internet.

Shawnw4401 · ‎02-12-2017

Will,

Here is the "show ip route" output:

LAN_Sec_Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 192.168.5.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.5.1
192.168.5.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.5.0/30 is directly connected, GigabitEthernet0/0
L 192.168.5.2/32 is directly connected, GigabitEthernet0/0
192.168.52.0/29 is subnetted, 1 subnets
S 192.168.52.0 is directly connected, GigabitEthernet0/1.25
192.168.94.0/28 is subnetted, 1 subnets
S 192.168.94.32 is directly connected, GigabitEthernet0/1.49
LAN_Sec_Router#show ip route vrf Computers

Routing Table: Computers
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 192.168.5.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.5.1, GigabitEthernet0/0
192.168.17.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.17.16/29
is directly connected (Servers), 01:21:10, GigabitEthernet0/1.71
L 192.168.17.17/32 is directly connected, GigabitEthernet0/1.71
192.168.52.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.52.0/29 is directly connected, GigabitEthernet0/1.25
L 192.168.52.1/32 is directly connected, GigabitEthernet0/1.25
192.168.254.0/32 is subnetted, 4 subnets
O 192.168.254.25
[110/2] via 192.168.52.2, 01:19:52, GigabitEthernet0/1.25
C 192.168.254.26 is directly connected, Loopback26
B 192.168.254.71
[20/2] via 192.168.17.18 (Servers), 01:20:25, GigabitEthernet0/1.71
B 192.168.254.72 is directly connected (Servers), 01:21:15, Loopback72

Here's the "show ip route" from the other side:

WAN_Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is *.*.*.* to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via *.*.*.*
10.0.0.0/32 is subnetted, 1 subnets
S 10.54.1.114 [254/0] via *.*.*.*, Vlan24
*.*.*.*/8 is variably subnetted, 2 subnets, 2 masks
C *.*.*.*/23 is directly connected, Vlan24
L *.*.*.*/32 is directly connected, Vlan24
192.168.0.0/32 is subnetted, 1 subnets
C 192.168.0.255 is directly connected, Loopback0
192.168.5.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.5.0/30 is directly connected, GigabitEthernet0/0
L 192.168.5.1/32 is directly connected, GigabitEthernet0/0
192.168.52.0/29 is subnetted, 1 subnets
S 192.168.52.0 [1/0] via 192.168.5.2, GigabitEthernet0/0
WAN_Router#show run | i ip route
ip route 192.168.52.0 255.255.255.248 GigabitEthernet0/0 192.168.5.2
ip route 0.0.0.0 0.0.0.0 dhcp
WAN_Router#ping 192.168.52.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.52.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
WAN_Router#ping 192.168.52.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.52.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

willwetherman · ‎02-12-2017

Thanks.

The configuration all looks ok from what I can see and the successful pings to 192.168.52.1 and the router behind the LAN_Sec_Router 192.168.52.2 from the WAN Router is positive. However, it’s odd that you are unable to ping from 192.168.52.1.

Is it only pings to 192.168.5.2 from the Computers VRF that fails? How about pings to 192.168.5.1 or other interfaces local to the WAN Router? Also do have the same issue when pinging from 192.168.52.2?

When you test again can you also debug ICMP on the WAN router as this may indicate why its sending a host unreachable message.

Shawnw4401 · ‎02-12-2017

Will,

Here's the debug packet I received from the WAN_Router. It only has one port to ping from. The other side is connected to a switch that cannot ping the router, but it passes the modem's traffic to the router.

WAN_Router#ping 192.168.52.1 source 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.52.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.5.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
WAN_Router#
*Feb 12 17:22:46.084: ICMP: echo reply rcvd, src 192.168.52.1, dst 192.168.5.1, topology BASE, dscp 0 topoid 0
*Feb 12 17:22:46.084: ICMP: echo reply rcvd, src 192.168.52.1, dst 192.168.5.1, topology BASE, dscp 0 topoid 0
*Feb 12 17:22:46.084: ICMP: echo reply rcvd, src 192.168.52.1, dst 192.168.5.1, topology BASE, dscp 0 topoid 0
*Feb 12 17:22:46.088: ICMP: echo reply rcvd, src 192.168.52.1, dst 192.168.5.1, topology BASE, dscp 0 topoid 0
*Feb 12 17:22:46.088: ICMP: echo reply rcvd, src 192.168.52.1, dst 192.168.5.1, topology BASE, dscp 0 topoid 0

WAN_Router#ping 192.168.52.2 source 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.52.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.5.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
WAN_Router#
*Feb 12 17:24:22.955: ICMP: echo reply rcvd, src 192.168.52.2, dst 192.168.5.1, topology BASE, dscp 0 topoid 0
*Feb 12 17:24:22.959: ICMP: echo reply rcvd, src 192.168.52.2, dst 192.168.5.1, topology BASE, dscp 0 topoid 0
*Feb 12 17:24:22.963: ICMP: echo reply rcvd, src 192.168.52.2, dst 192.168.5.1, topology BASE, dscp 0 topoid 0
*Feb 12 17:24:22.963: ICMP: echo reply rcvd, src 192.168.52.2, dst 192.168.5.1, topology BASE, dscp 0 topoid 0
*Feb 12 17:24:22.967: ICMP: echo reply rcvd, src 192.168.52.2, dst 192.168.5.1, topology B1 source 192.168.5.1

LAN_Sec_Router#ping vrf Computers ip 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
LAN_Sec_Router#ping vrf Computers ip 192.168.5.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.2, timeout is 2 seconds:

*Feb 12 17:36:06.099: ICMP: echo reply sent, src 192.168.5.2, dst 192.168.254.26, topology BASE, dscp 0 topoid 0.
*Feb 12 17:36:08.099: ICMP: echo reply sent, src 192.168.5.2, dst 192.168.254.26, topology BASE, dscp 0 topoid 0.
*Feb 12 17:36:10.099: ICMP: echo reply sent, src 192.168.5.2, dst 192.168.254.26, topology BASE, dscp 0 topoid 0.
*Feb 12 17:36:12.099: ICMP: echo reply sent, src 192.168.5.2, dst 192.168.254.26, topology BASE, dscp 0 topoid 0.
*Feb 12 17:36:14.099: ICMP: echo re

LAN_Switch#ping vrf Computers ip 192.168.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
LAN_Switch#
9w5d: ICMP: echo reply rcvd, src 192.168.5.1, dst 192.168.52.2
9w5d: ICMP: echo reply rcvd, src 192.168.5.1, dst 192.168.52.2
9w5d: ICMP: echo reply rcvd, src 192.168.5.1, dst 192.168.52.2
9w5d: ICMP: echo reply rcvd, src 192.168.5.1, dst 192.168.52.2
9w5d: ICMP: echo reply rcvd, src 192.168.5.1, dst 192.168.52.2
LAN_Switch#ping vrf Computers ip 192.168.5.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
LAN_Switch#
9w5d: ICMP: echo reply rcvd, src 192.168.5.2, dst 192.168.52.2
9w5d: ICMP: echo reply rcvd, src 192.168.5.2, dst 192.168.52.2
9w5d: ICMP: echo reply rcvd, src 192.168.5.2, dst 192.168.52.2
9w5d: ICMP: echo reply rcvd, src 192.168.5.2, dst 192.168.52.2
9w5d: ICMP: echo reply rcvd, src 192.168.5.2, dst 192.168.52.2

So, it seems to work from the switch and PC to reach 192.168.5.1 and 192.168.5.2, but I cannot reach it for some odd reason from the router??? Little confused by this. There is another VRF I want to achieve this same functionality with, but I never tried to set it up as I have been trying to troubleshoot this one for a while now.

willwetherman · ‎02-12-2017

Ok according to the below debug, when you ping 192.168.5.2 from the Computers VRF the echo reply is being sent back to 192.168.254.26. I can see that 192.168.254.26 is the loopback26 interface in the Computers VRF

LAN_Sec_Router#ping vrf Computers ip 192.168.5.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.2, timeout is 2 seconds:

*Feb 12 17:36:06.099: ICMP: echo reply sent, src 192.168.5.2, dst 192.168.254.26, topology BASE

Can you try pinging again with a source of 192.168.52.1?

ping vrf Computers ip 192.168.5.2 source 192.168.52.1

ping vrf Computers ip 192.168.5.1 source 192.168.52.1

Shawnw4401 · ‎02-12-2017

Will,

When doing a source ping, I can ping 192.168.5.1, but I cannot ping 192.168.5.2 still.

LAN_Sec_Router#ping vrf Computers 192.168.5.2 source 192.168.52.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.52.1

*Feb 12 17:59:20.950: ICMP: echo reply sent, src 192.168.5.2, dst 192.168.52.1, topology BASE, dscp 0 topoid 0
*Feb 12 17:59:20.950: ICMP: echo reply rcvd, src 192.168.5.2, dst 192.168.52.1, topology BASE, dscp 0 topoid 0.
*Feb 12 17:59:22.950: ICMP: echo reply sent, src 192.168.5.2, dst 192.168.52.1, topology BASE, dscp 0 topoid 0
*Feb 12 17:59:22.950: ICMP: echo reply rcvd, src 192.168.5.2, dst 192.168.52.1, topology BASE, dscp 0 topoid 0.
*Feb 12 17:59:24.950: ICMP: echo reply sent, src 192.168.5.2, dst 192.168.52.1, topology BASE, dscp 0 topoid 0
*Feb 12 17:59:24.950: ICMP: echo reply rcvd, src 192.168.5.2, dst 192.168.52.1, topology BASE, dscp 0 topoid 0.
*Feb 12 17:59:26.950: ICMP: echo reply sent, src 192.168.5.2, dst 192.168.52.1, topology BASE, dscp 0 topoid 0
*Feb 12 17:59:26.950: ICMP: echo reply rcvd, src 192.168.5.2, dst 192.168.52.1, topology BASE, dscp 0 topoid 0.
*Feb 12 17:59:28.951: ICMP: echo reply sent, src 192.168.5.2, dst 192.168.52.1, topology BASE, dscp 0 topoid 0
*Feb 12 17:59:28.951: ICMP: echo reply rcvd, src 192.168.5.2, dst 192.168.52.1, topology BASE, dscp 0 topoid 0.
Success rate is 0 percent (0/5)
LAN_Sec_Router#ping vrf Computers 192.168.5.1 source 192.168.52.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.52.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
LAN_Sec_Router#
*Feb 12 18:02:13.242: ICMP: echo reply rcvd, src 192.168.5.1, dst 192.168.52.1, topology BASE, dscp 0 topoid 1
*Feb 12 18:02:13.242: ICMP: echo reply rcvd, src 192.168.5.1, dst 192.168.52.1, topology BASE, dscp 0 topoid 1
*Feb 12 18:02:13.242: ICMP: echo reply rcvd, src 192.168.5.1, dst 192.168.52.1, topology BASE, dscp 0 topoid 1
*Feb 12 18:02:13.242: ICMP: echo reply rcvd, src 192.168.5.1, dst 192.168.52.1, topology BASE, dscp 0 topoid 1
*Feb 12 18:02:13.246: ICMP: echo reply rcvd, src 192.168.5.1, dst 192.168.52.1, topology BASE, dscp 0 topoid 1

willwetherman · ‎02-12-2017

Ok that is odd and I cannot see a reason why that would happen.

I have just tested your setup on a couple of routers and it works for me without any issues. What model of router is this and what IOS version is it running?

From a functionality perspective, will this behaviour cause you an issue as traffic transiting the router between the Computers VRF and Global Routing table now seems to be working as expected?

Shawnw4401 · ‎02-12-2017

Will,

Since my PC was able to reach 192.168.5.1 just fine, I don't think there will be any issues functionality with this behavior.

I am also running 15.1(4)M9 on a 3945 Cisco router with AdventerpriseK9.