Sort off, I need the default route from the vrf with the import target
64515:112, that's our leak for the shared vrf to the internet
/Arne
On 08/06/2024 17.31, Saku Ytti wrote:
On Sat, 8 Jun 2024 at 18:26, Arne Larsen via cisco-nsp
<[email protected]> wrote:
Yes, it'd with route-target I'm trying to get it to work, and what I'm
trying to get rid off is the default route from the IOT vrf to be
imported into the SHARED vrf.
Ok so the problem is not sharing routes between VRF, problem is
sharing selectively routes between VRF?
In the example the problem is that VRF_SHARED_SERVICE gets default
route from VN_IOT.
You could accomplish this two ways
a) VRF_SHARED_SERVICE has import policy, which drops the default route
for 64515:136
b) VN_IOT has export policy, which doesn't set 64515:95 on default route
I think a) is more robust, you'd probably just deny importing any
default route at all, if you know you're going to have the 64515:95
default route you want. So no matter what happens in the other VRFs,
you'd never end up importing their default.
Like
vrf definition VRF_SHARED_SERVICE
address-family ipv4
import map FOO
route-map FOO deny 100
match ip address prefix-list DEFAULT
route-map FOO permit 200
Here are the vrf definition.:
vrf definition VRF_SHARED_SERVICE
rd 192.168.101.110:95
!
address-family ipv4
route-target export 64515:95
route-target import 64515:95
route-target import 64515:10
route-target import 64515:136
route-target import 64515:112
route-target import 64515:101
exit-address-family
vrf definition VN_IOT
rd 192.168.101.110:136
!
address-family ipv4
route-target export 64515:136
route-target import 64515:136
route-target import 64515:95
exit-address-family
/Arne
On 08/06/2024 12.25, James Bensley wrote:
Hi Arne,
The normal way to do this is with route targets but you didn't mention route
targets in your email. Are you importing the export RTs from VRF1 and VRF2 in
to VRF3?
You also mentioned route-maps. Are you already importing the export RTs and
trying to filter which routes are imported to only be the default route?
You didn't post any config, it always helps people to help you if you can show
what you have tried already.
Cheers,
James.
-------- Ursprüngliche Nachricht --------
Am 08.06.24 08:04 um Arne Larsen via cisco-nsp schrieb
<[email protected]>:
Hi all
I’m struggling with an 9606 Cisco router and route leaking between vrf’s.
I have 2 vrf’s with a default route that needs to imported into a 3.
The default route from the one vrf’s is direct connected on the box,
andthe other is via mBGP.
I’ve tried several forms for import maps base on community, prefix, acl
and so on, but I always ends up with pulling my legs.
The 3 vrf is for shared services, so I import more the the 2 vrf’s with
the default route.
Can someone give me a hint how to get this to work.
The 2 vrf’s with the def route has community xxxxx:112 and xxxxx:114.
I need to import all other routes from all other vrf’s including the 2
with the def route.
Hope someone can help me out here
Regards Arne
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
