Re: VRF and route leaking not working

everanneau · ‎10-24-2018

Hi all,

I would like to set up VRF and route-leak. But, for unknown reasons, routing between global and VRF RIBs does not seem to work.

Below is my running configuration:

!! IOS XR Configuration 6.1.2
!! Last configuration change at Wed Oct 24 14:52:08 2018 by admin
!
vrf test
 address-family ipv4 unicast
 import route-target
 65000:666
 !
 export route-target
 65000:666
 !
 !
!
interface MgmtEth0/0/CPU0/0
 ipv4 address 192.168.1.2 255.255.255.0
!
interface GigabitEthernet0/0/0/0
 ipv4 address 10.116.6.1 255.255.255.128
!
interface GigabitEthernet0/0/0/1
 ipv4 address 10.117.6.1 255.255.255.128
!
interface GigabitEthernet0/0/0/2
 vrf test
 ipv4 address 10.118.6.1 255.255.255.128
!
interface GigabitEthernet0/0/0/3
 ipv4 address 10.119.6.1 255.255.255.128
!
router static
 address-family ipv4 unicast
 10.118.6.0/25 vrf test
 !
 vrf test
 address-family ipv4 unicast
 0.0.0.0/0 vrf default
 !
 !
!
router bgp 65000
 bgp router-id 192.168.1.2
 address-family ipv4 unicast
 !
 address-family vpnv4 unicast
 !
 !
 vrf test
 rd 65000:666
 address-family ipv4 unicast
 redistribute connected
 redistribute static
 !

However, I cannot ping from global RIB to the VRF:

# ping 10.118.6.1
Wed Oct 24 15:28:21.311 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.118.6.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

neither from the VRF to the global:

# ping vrf test 10.119.6.1
Wed Oct 24 15:29:34.956 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.119.6.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Am I missing something in the configuration ? I already configured route leaking from global to vrf and vice versa.

Any ideas are really wellcome.

Best regards,

tkarnani · ‎10-24-2018

Please provide

show cef vrf test x.x.x.x detail

show cef x.x.x.x detail

lets see what cef says the next hop is.

if its drop..may need to add static routes like this

router static

address-family ipv4 unicast

x.x.x.x/x vrf test y.y.y.y/y

everanneau · ‎10-24-2018

Thank you for your interest.

Please find below the command's results

# show cef vrf test 10.119.6.1 detail
Wed Oct 24 20:31:38.584 UTC
0.0.0.0/0, version 2, proxy default, internal 0x1000011 0x0 (ptr 0xa14222f4) [1], 0x0 (0xa13ed950), 0x0 (0x0)
 Updated Oct 24 13:53:55.899
 Prefix Len 0, traffic index 0, precedence n/a, priority 3
  gateway array (0xa12b5984) reference count 1, flags 0x200, source rib (7), 1 backups
                [2 type 3 flags 0xa401 (0xa1351320) ext 0x0 (0x0)]
  LW-LDI[type=3, refc=1, ptr=0xa13ed950, sh-ldi=0xa1351320]
  gateway array update type-time 1 Oct 24 13:53:55.899
 LDI Update time Oct 24 13:53:55.899
 LW-LDI-TS Oct 24 13:53:55.899
   via 0.0.0.0/32, 0 dependencies, weight 0, class 0 [flags 0x0]
    path-idx 0 NHID 0x0 [0xa0f750d0 0x0]
    next hop VRF - 'default', table - 0xe0000000
    next hop 0.0.0.0/32


    Load distribution: 0 (refcount 2)

    Hash  OK  Interface                 Address
    0     Y   Unknown                   Lookup in table

#show cef 10.118.6.1 detail          
Wed Oct 24 20:34:18.543 UTC
10.118.6.0/25, version 257, internal 0x1000001 0x0 (ptr 0xa1421674) [1], 0x0 (0xa13ed8e4), 0x0 (0x0)
 Updated Oct 24 13:53:40.900
 Prefix Len 25, traffic index 0, precedence n/a, priority 3
  gateway array (0xa12b759c) reference count 1, flags 0x0, source rib (7), 0 backups
                [2 type 3 flags 0x8401 (0xa135216c) ext 0x0 (0x0)]
  LW-LDI[type=3, refc=1, ptr=0xa13ed8e4, sh-ldi=0xa135216c]
  gateway array update type-time 1 Oct 24 13:53:40.900
 LDI Update time Oct 24 13:53:40.900
 LW-LDI-TS Oct 24 13:53:40.900
   via 0.0.0.0/32, 0 dependencies, weight 0, class 0 [flags 0x0]
    path-idx 0 NHID 0x0 [0xa0f75090 0x0]
    next hop VRF - 'test', table - 0xe0000025
    next hop 0.0.0.0/32


    Load distribution: 0 (refcount 2)

    Hash  OK  Interface                 Address
    0     Y   Unknown                   Lookup in table

tkarnani · ‎10-25-2018

The outgoing interface is unknown, can we try adding a next hop ip or an outgoing interface to your static route statements?

everanneau · ‎10-26-2018

While it is working when leaking vrf routes with the following route:

router static
  address-family ipv4 unicast
    10.118.6.0/25 vrf test GigabitEthernet0/0/0/2

it does not work when trying to leak global routes to the vrf test:

router static
 vrf test
   address-family ipv4 unicast
     0.0.0.0/0 vrf default 10.117.6.1

nor

router static
 vrf test
   address-family ipv4 unicast
     0.0.0.0/0 vrf default GigabitEthernet0/0/0/1

In fact, the route is not even installed in the routing table:

# sh route vrf test
Fri Oct 26 10:32:41.729 UTC

Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
       U - per-user static route, o - ODR, L - local, G  - DAGR, l - LISP
       A - access/subscriber, a - Application route
       M - mobile route, r - RPL, (!) - FRR Backup path

Gateway of last resort is not set

C    10.118.6.0/25 is directly connected, 00:20:33, GigabitEthernet0/0/0/2
L    10.118.6.1/32 is directly connected, 00:20:33, GigabitEthernet0/0/0/2

#sh ip cef vrf test 2.2.2.2   
Fri Oct 26 10:34:55.839 UTC
0.0.0.0/0, version 0, proxy default, default route handler, drop adjacency, internal 0x1001011 0x0 (ptr 0xa1421674) [1], 0x0 (0xa13eda94), 0x0 (0x0)
 Updated Oct 26 10:21:09.386
 Prefix Len 0, traffic index 0, precedence n/a, priority 15
   via 0.0.0.0/32, 10 dependencies, weight 0, class 0 [flags 0x0]
    path-idx 0 NHID 0x0 [0xa0f41134 0x0]
    next hop VRF - 'default', table - 0xe0000000
    next hop 0.0.0.0/32
     drop adjacency

tkarnani · ‎10-29-2018

can we try this please?

router static
 vrf test
   address-family ipv4 unicast
     0.0.0.0/0 vrf default GigabitEthernet0/0/0/1 10.117.6.[2] >>> not sure what the other side is

thecrev · ‎11-02-2018

When doing this, I've always had to use the name of the physical or virtual interface for the next hop, not the IP address. However, I've never done this with a default route before.

I know this is a ridiculous question, but is gi0/0/0/1 connected and up?

everanneau · ‎11-06-2018

In fact, it does not work with the default route. I then statically added DirectlyConnected routes to the vrf and force vrf test to look in the default vrf.