Routing issue between VRFs

cbabcock05068 · ‎03-05-2016

Hi,

I've got an issue I just can't seem to get my head around. I've a single router with multiple VRFs. I'm trying to leak a route to allow VRFs to reach a syslog server on the NETMON vrf from AFS:V101 vrf. It shows that the imports have worked via BGP and route tables look perfect. I can ping the Gig2 interface that is assigned to the NETMON vrf via a leaked route, but packets dont seem to want to leave the Gi2 interface. I triple checked the RT and did a packet capture on the server(Win2012). No packets reach the server interface when initiating pings from PE or CE router in vrf AFS:V101, and the frames are going to the correct MAC when I initiate pings from the server. Very sure I'm missing something in the router. Any help would be greatly appreciated. Thanks!!

172-30-3-13-PE1#ping vrf AFS:V101 172.30.13.100 <----[IP address of Gi2 in vrf NETMON. Leaking seems to be working.]
Sending 5, 100-byte ICMP Echos to 172.30.13.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/13 ms

172-30-3-13-PE1#ping vrf NETMON 172.30.13.28 <----[The host is alive. ]
Sending 5, 100-byte ICMP Echos to 172.30.13.28, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/9/18 ms

172-30-3-13-PE1#ping vrf AFS:V101 172.30.13.28 <----[Packets do not leave the interface of Gi2.]
Sending 5, 100-byte ICMP Echos to 172.30.13.28, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

172-30-3-13-PE1#

VRFs:

vrf definition AFS:V101
rd 100:101
route-target export 100:1
route-target import 100:1
route-target import 100:101
!
address-family ipv4
route-target export 100:101
route-target import 100:1
route-target import 100:101
exit-address-family
!
vrf definition NETMON
rd 100:1
route-target export 100:1
route-target import 100:101
route-target import 100:1
!
address-family ipv4
route-target export 100:101
route-target import 100:101
route-target import 100:1
exit-address-family

interface GigabitEthernet2
vrf forwarding NETMON
ip address 172.30.13.100 255.255.255.0
negotiation auto
end

interface Loopback100
vrf forwarding AFS:V101
ip address 10.14.1.1 255.255.255.255
ip mtu 1450
end

[VRF NETMON route table]

172-30-3-13-PE1#sho ip ro vrf NETMON | b Gateway
Gateway of last resort is not set
      10.0.0.0/32 is subnetted, 2 subnets
B        10.14.1.1 is directly connected, 01:47:39, Loopback100
B        10.114.1.101 is directly connected, 01:19:12, Virtual-Access2.1
      172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.30.13.0/24 is directly connected, GigabitEthernet2
L        172.30.13.100/32 is directly connected, GigabitEthernet2

[VRF NETMON route table]

172-30-3-13-PE1#sho ip ro vrf AFS:V101 | b Gateway
Gateway of last resort is not set
      10.0.0.0/32 is subnetted, 3 subnets
C        10.14.1.1 is directly connected, Loopback100
C        10.114.1.101 is directly connected, Virtual-Access2.1
B        10.214.1.103 [200/0] via 10.114.1.101, 01:18:30
      172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
B        172.30.13.0/24 is directly connected, 01:47:57, GigabitEthernet2
L        172.30.13.100/32 is directly connected, GigabitEthernet2
172-30-3-13-PE1#

172-30-3-13-PE1#sho ip bgp vpnv4 all

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf NETMON)
*> 10.14.1.1/32     0.0.0.0              10000         32768 ?
*> 10.114.1.101/32 0.0.0.0              10000         32768 ?
*> 172.30.13.0/24   0.0.0.0              20000         32768 ?
Route Distinguisher: 100:101 (default for vrf AFS:V101)
*> 10.14.1.1/32     0.0.0.0              10000         32768 ?
*> 10.114.1.101/32 0.0.0.0              10000         32768 ?
*>i 10.214.1.103/32 10.114.1.101                  100      0 i
* i                  10.114.1.101                           0 i
*> 172.30.13.0/24   0.0.0.0              20000         32768 ?
172-30-3-13-PE1#