On Sun, 2008-01-13 at 10:28 +0200, Mihai Tanasescu wrote: > Hello, > > > I have some trouble with VRF and route leaking unfortunately and wanted > some explanations or help if possible. > > I have 2 VRFs (out of many other) between which I leak routes (all > routes currently). > I can't have them in one VRF unfortunately. > > The problem:
The configuration below was not copy+pasted from an IOS configuration. It's usually a very good idea to do just that, and not try writing it in hand. The initial command for configuring a VRF is "ip vrf <name>", not just "vrf <name>" and IOS doesn't use shorthand itself. > Ex: > vrf aaa > rd 1:1 > route-target export 1:1 > route-target import 1:2 > > vrf bbb > rd 1:2 > route-target export 1:2 > route-target import 1:1 You need to import from "yourself", otherwise it won't work. This goes for any VRF, leaked elsewhere or not. (Minus some strange scenarios...) ! On your router ip vrf aaa rd 1:1 route-target import 1:1 route-target export 1:1 route-target import 1:2 exit ! ip vrf bbb rd 1:2 route-target import 1:2 route-target export 1:2 route-target import 1:1 exit ! BTW, the import and export commands for 1:1 can be shortened to "route-target both 1:1" when configuring. (Same for 1:2 of course. > router bgp 1 > address-family ipv4 vrf aaa > redistribute connected > > address-family ipv4 vrf bbb > redistribute connected > > int gi1/1 > ip vrf forwarding aaa > ip address 192.168.1.1 255.255.255.0 > > int gi1/2 > ip vrf forwarding bbb > ip address 192.168.2.1 255.255.255.0 > > > if I issue: > ping vrf aaa 192.168.1.1 - OK > ping vrf bbb 192.168.1.1 - NOT OK > I get: > %IP-3-LOOPPAK: Looping packet detected and dropped - > src=192.168.2.1, dst=192.168.1.1, hl=20, tl=100, prot=1, sport=0, dport=0 > in=GigabitEthernet1/2, nexthop=192.168.1.1, out=GigabitEthernet1/2 > options=none -Process= "IP Input", ipl= 0, pid= 194 > > ping vrf bbb 192.168.1.2 (an IP accessible via gi1/1 > from aaa) - OK. Try looking at the routing table after leaking, with a "show ip route vrf bbb". It should show your Gi1/1 as connected, learned via BGP. Same goes for VRF aaa and Gi1/2. You should be able to ping local interfaces too. This difference between a local and non-local address could maybe point at something like FIB-problems. What does "show mls cef vrf bbb 192.168.1.1" show? > Can I make it also somehow that ping works on the local interface > assigned IP addresses with route leaking ? You could apply an import-map to your leaking, with an ACL to choose only your local routes. But unless you know exactly what you're doing, it's problably a bad idea to mix your VRFs like that. Regards, Peter _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/