Thanks Phil - This is on XE - Yes, I did check with source int (Int that was in the VRF), and behaviour was the same...Im not missing anything obvious in the leaking config that you can see? There's basically just the 2 import/export unicast lines needed (Plus route-map etc).....one thing I have just noticed is that the GRT prefixes are in the VRF correctly(prefix length's, and states imported path from xx.xxx.xx.xx/xx (global), but the VRF prefixes are not in the global table - Just the supernet(s) is(And no reference to the VRF.....Hmm...maybe import is working, but export isnt?
________________________________ From: Phil Bedard <[email protected]> Sent: Tuesday, 1 May 2018 6:15 AM To: CiscoNSP List; cisco-nsp NSP Subject: Re: [c-nsp] Route Leaking (GRT<-> VRF) This is regular IOS? Be careful where you are sourcing the pings from, since it's intermittent it could be sourcing them from somewhere you aren't expecting and doesn't have reachability between VRF/Global. Phil On 4/29/18, 6:30 AM, "cisco-nsp on behalf of CiscoNSP List" <[email protected] on behalf of [email protected]> wrote: Hi, (Apologies in advance, rather long post) Have setup a peering vrf to test route leaking (GRT<->VRF) For the route leaking, added the following to two PEs (Both having a vrf interface on them) vrf definition: address-family ipv4 import ipv4 unicast 10000 map RP_TEST_PREFIXES_GRT export ipv4 unicast 10000 map RP_TEST_PEERING_PARTNERS_PREFIXES_VRF #sh run | sec route-map RP_TEST_PREFIXES_GRT route-map RP_TEST_PREFIXES_GRT permit 10 match community CL_GRT_TEST_PREFIXES #sh run | include CL_GRT_TEST_PREFIXES ip community-list standard CL_GRT_TEST_PREFIXES permit NNNNN:1301 #sh run | sec route-map RP_TEST_PEERING_PARTNERS_PREFIXES_VRF route-map RP_TEST_PEERING_PARTNERS_PREFIXES_VRF permit 10 match community CL_TEST_PEERING_PARTNERS_PREFIXES_VRF #sh run | include CL_TEST_PEERING_PARTNERS_PREFIXES_VRF ip community-list standard CL_TEST_PEERING_PARTNERS_PREFIXES_VRF permit NNNNN:4000 Both PEs are able to reach VRF IPs on the remote PE (And themselves) Both PEs are able to reach GRT IPs on themselves (From VRF), but are unable to reach "some" GRT IPs on the remote PE (And in GRT) I originally thought it was IGP in GRT(It carries our PEs loops) - Those Loops have RIB failure on our PEs as IGP(OSPF) is preferred over BGP.....So I thought the RIB failure was somehow being "copied" into the VRF when route leaking occurred, and Next Hop for remote routes wasnt reachable...but the more prefixes in Global I tested, it became clear that next hop was "ok"...well for some destinations anyway.....The current situation is that if I test from both PEs to an IP in our GRT, some work, some dont, some work on one PE, but not the other?? A sample of one remote IP that works on one of the PE's but not on the other....Ive been staring at this for way too long, but I cant see anything glaringly obvious(different) between what PE_A "sees" vs PE_B....and what could eb causing one to fail to reach the remote IP....hopefully somebody has suggestions on where to go from here. Cheers ### PE Test for remote GRT IP that works from one PE, but not the other: Remote IP: XXX.YYY.ZZ.186 (Loopback of another PE) From PE "A" with Peering VRF setup Ping fails: VRF: #ping vrf TEST_PEERING XXX.YYY.ZZ.186 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to XXX.YYY.ZZ.186, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) GRT: #ping XXX.YYY.ZZ.186 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to XXX.YYY.ZZ.186, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/24/28 ms VRF BGP table: #sh ip bgp vpnv4 vrf TEST_PEERING XXX.YYY.ZZ.186 BGP routing table entry for XXX.YYY.ZZ.130:4000:XXX.YYY.ZZ.186/32, version 1460495 BGP Bestpath: compare-routerid Paths: (4 available, best #4, table TEST_PEERING) Additional-path-install Not advertised to any peer Refresh Epoch 2 Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global) XXX.YYY.ZZ.186 (metric 7) (via default) from XXX.YYY.ZZ.213 (XXX.YYY.ZZ.213) Origin incomplete, metric 0, localpref 100, valid, internal, no-import, no-import Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.1 rx pathid: 0, tx pathid: 0 Refresh Epoch 2 Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global) XXX.YYY.ZZ.186 (metric 7) (via default) from XXX.YYY.ZZ.212 (XXX.YYY.ZZ.212) Origin incomplete, metric 0, localpref 100, valid, internal, no-import, no-import Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.1 rx pathid: 0, tx pathid: 0 Refresh Epoch 2 Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global) XXX.YYY.ZZ.186 (metric 7) (via default) from XXX.YYY.ZZ.205 (XXX.YYY.ZZ.205) Origin incomplete, metric 0, localpref 100, valid, internal, no-import, no-import Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.2 rx pathid: 0, tx pathid: 0 Refresh Epoch 2 Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global) XXX.YYY.ZZ.186 (metric 7) (via default) from XXX.YYY.ZZ.204 (XXX.YYY.ZZ.204) Origin incomplete, metric 0, localpref 100, valid, internal, no-import, no-import, best Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.2 rx pathid: 0, tx pathid: 0x0 GRT BGP: #sh ip bgp XXX.YYY.ZZ.186 BGP routing table entry for XXX.YYY.ZZ.186/32, version 493438 BGP Bestpath: compare-routerid Paths: (4 available, best #1, table default, RIB-failure(17)) Additional-path-install Not advertised to any peer Refresh Epoch 2 Local, (received & used) XXX.YYY.ZZ.186 (metric 7) from XXX.YYY.ZZ.204 (XXX.YYY.ZZ.204) Origin incomplete, metric 0, localpref 100, valid, internal, af-export(1), best Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.2 rx pathid: 0, tx pathid: 0x0 Refresh Epoch 2 Local, (received & used) XXX.YYY.ZZ.186 (metric 7) from XXX.YYY.ZZ.205 (XXX.YYY.ZZ.205) Origin incomplete, metric 0, localpref 100, valid, internal, af-export(1) Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.2 rx pathid: 0, tx pathid: 0 Refresh Epoch 2 Local, (received & used) XXX.YYY.ZZ.186 (metric 7) from XXX.YYY.ZZ.212 (XXX.YYY.ZZ.212) Origin incomplete, metric 0, localpref 100, valid, internal, af-export(1) Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.1 rx pathid: 0, tx pathid: 0 Refresh Epoch 2 Local, (received & used) XXX.YYY.ZZ.186 (metric 7) from XXX.YYY.ZZ.213 (XXX.YYY.ZZ.213) Origin incomplete, metric 0, localpref 100, valid, internal, af-export(1) Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.1 rx pathid: 0, tx pathid: 0 # Reverse Direction: (VRF not setup on this PE) PE03-MEL-ME1_RME1_01_10245_1717-RU27#ping XXX.YYY.ZZ.130 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to XXX.YYY.ZZ.130, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/24/24 ms #sh ip bgp XXX.YYY.ZZ.130 BGP routing table entry for XXX.YYY.ZZ.130/32, version 79885314 BGP Bestpath: compare-routerid Paths: (4 available, best #1, table default, RIB-failure(17)) Additional-path-install Flag: 0x20 Not advertised to any peer Refresh Epoch 2 Local, (received & used) XXX.YYY.ZZ.130 (metric 7) from XXX.YYY.ZZ.204 (XXX.YYY.ZZ.204) Origin incomplete, metric 0, localpref 100, valid, internal, best Community: NNNNN:1000 NNNNN:1301 NNNNN:15000 Originator: XXX.YYY.ZZ.130, Cluster list: 0.0.0.2 rx pathid: 0, tx pathid: 0x0 Refresh Epoch 2 Local, (received & used) XXX.YYY.ZZ.130 (metric 7) from XXX.YYY.ZZ.205 (XXX.YYY.ZZ.205) Origin incomplete, metric 0, localpref 100, valid, internal Community: NNNNN:1000 NNNNN:1301 NNNNN:15000 Originator: XXX.YYY.ZZ.130, Cluster list: 0.0.0.2 rx pathid: 0, tx pathid: 0 Refresh Epoch 2 Local, (received & used) XXX.YYY.ZZ.130 (metric 7) from XXX.YYY.ZZ.212 (XXX.YYY.ZZ.212) Origin incomplete, metric 0, localpref 100, valid, internal Community: NNNNN:1000 NNNNN:1301 NNNNN:15000 Originator: XXX.YYY.ZZ.130, Cluster list: 0.0.0.1 rx pathid: 0, tx pathid: 0 Refresh Epoch 2 Local, (received & used) XXX.YYY.ZZ.130 (metric 7) from XXX.YYY.ZZ.213 (XXX.YYY.ZZ.213) Origin incomplete, metric 0, localpref 100, valid, internal Community: NNNNN:1000 NNNNN:1301 NNNNN:15000 Originator: XXX.YYY.ZZ.130, Cluster list: 0.0.0.1 rx pathid: 0, tx pathid: 0 PE03-MEL-ME1_RME1_01_10245_1717-RU27# # And then from the other PE with VRF defined: Ping success: #ping vrf TEST_PEERING XXX.YYY.ZZ.186 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to XXX.YYY.ZZ.186, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 26/30/45 ms Global success: #ping XXX.YYY.ZZ.186 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to XXX.YYY.ZZ.186, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 29/29/29 ms VRF BGP #sh ip bgp vpnv4 vrf TEST_PEERING XXX.YYY.ZZ.186 BGP routing table entry for XXX.YYY.ZZ.201:4000:XXX.YYY.ZZ.186/32, version 5108833 BGP Bestpath: compare-routerid Paths: (4 available, best #4, table TEST_PEERING) Additional-path-install Not advertised to any peer Refresh Epoch 2 Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global) XXX.YYY.ZZ.186 (metric 9) (via default) from XXX.YYY.ZZ.213 (XXX.YYY.ZZ.213) Origin incomplete, metric 0, localpref 100, valid, internal, no-import, no-import Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.1 rx pathid: 0, tx pathid: 0 Refresh Epoch 2 Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global) XXX.YYY.ZZ.186 (metric 9) (via default) from XXX.YYY.ZZ.212 (XXX.YYY.ZZ.212) Origin incomplete, metric 0, localpref 100, valid, internal, no-import, no-import Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.1 rx pathid: 0, tx pathid: 0 Refresh Epoch 2 Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global) XXX.YYY.ZZ.186 (metric 9) (via default) from XXX.YYY.ZZ.205 (XXX.YYY.ZZ.205) Origin incomplete, metric 0, localpref 100, valid, internal, no-import, no-import Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.2 rx pathid: 0, tx pathid: 0 Refresh Epoch 2 Local, (received & used), imported path from XXX.YYY.ZZ.186/32 (global) XXX.YYY.ZZ.186 (metric 9) (via default) from XXX.YYY.ZZ.204 (XXX.YYY.ZZ.204) Origin incomplete, metric 0, localpref 100, valid, internal, no-import, no-import, best Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.2 rx pathid: 0, tx pathid: 0x0 Global BGP: #sh ip bgp XXX.YYY.ZZ.186 BGP routing table entry for XXX.YYY.ZZ.186/32, version 82276054 BGP Bestpath: compare-routerid Paths: (4 available, best #1, table default, RIB-failure(17)) Additional-path-install Not advertised to any peer Refresh Epoch 2 Local, (received & used) XXX.YYY.ZZ.186 (metric 9) from XXX.YYY.ZZ.204 (XXX.YYY.ZZ.204) Origin incomplete, metric 0, localpref 100, valid, internal, af-export(1), best Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.2 rx pathid: 0, tx pathid: 0x0 Refresh Epoch 2 Local, (received & used) XXX.YYY.ZZ.186 (metric 9) from XXX.YYY.ZZ.205 (XXX.YYY.ZZ.205) Origin incomplete, metric 0, localpref 100, valid, internal, af-export(1) Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.2 rx pathid: 0, tx pathid: 0 Refresh Epoch 2 Local, (received & used) XXX.YYY.ZZ.186 (metric 9) from XXX.YYY.ZZ.212 (XXX.YYY.ZZ.212) Origin incomplete, metric 0, localpref 100, valid, internal, af-export(1) Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.1 rx pathid: 0, tx pathid: 0 Refresh Epoch 2 Local, (received & used) XXX.YYY.ZZ.186 (metric 9) from XXX.YYY.ZZ.213 (XXX.YYY.ZZ.213) Origin incomplete, metric 0, localpref 100, valid, internal, af-export(1) Community: NNNNN:1000 NNNNN:1301 NNNNN:12000 Originator: XXX.YYY.ZZ.186, Cluster list: 0.0.0.1 rx pathid: 0, tx pathid: 0 _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp cisco-nsp Info Page - puck.nether.net<https://puck.nether.net/mailman/listinfo/cisco-nsp> puck.nether.net To see the collection of prior postings to the list, visit the cisco-nsp Archives.. Using cisco-nsp: To post a message to all the list members, send email to [email protected]. archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
