And your problem is, you get multiple default routes?
route-map FOO permit 100
match extcommunity 100
match ip address prefix-list DEFAULT
route-map FOO deny 200
match ip address prefix-list DEFAULT
route-map FOO permit 300
in your VRF_SHARED_SERVICE, so that you only import DEFAULT from RT
defined in extcommunity 100.
On Sun, 9 Jun 2024 at 07:57, Arne Larsen <[email protected]> wrote:
>
> Sort off, I need the default route from the vrf with the import target
> 64515:112, that's our leak for the shared vrf to the internet
>
>
> /Arne
>
> On 08/06/2024 17.31, Saku Ytti wrote:
> > On Sat, 8 Jun 2024 at 18:26, Arne Larsen via cisco-nsp
> > <[email protected]> wrote:
> >
> >> Yes, it'd with route-target I'm trying to get it to work, and what I'm
> >> trying to get rid off is the default route from the IOT vrf to be
> >> imported into the SHARED vrf.
> > Ok so the problem is not sharing routes between VRF, problem is
> > sharing selectively routes between VRF?
> >
> > In the example the problem is that VRF_SHARED_SERVICE gets default
> > route from VN_IOT.
> >
> > You could accomplish this two ways
> >
> > a) VRF_SHARED_SERVICE has import policy, which drops the default route
> > for 64515:136
> > b) VN_IOT has export policy, which doesn't set 64515:95 on default route
> >
> >
> > I think a) is more robust, you'd probably just deny importing any
> > default route at all, if you know you're going to have the 64515:95
> > default route you want. So no matter what happens in the other VRFs,
> > you'd never end up importing their default.
> >
> > Like
> >
> > vrf definition VRF_SHARED_SERVICE
> > address-family ipv4
> > import map FOO
> >
> > route-map FOO deny 100
> > match ip address prefix-list DEFAULT
> > route-map FOO permit 200
> >
> >
> >> Here are the vrf definition.:
> >>
> >>
> >> vrf definition VRF_SHARED_SERVICE
> >> rd 192.168.101.110:95
> >> !
> >> address-family ipv4
> >> route-target export 64515:95
> >> route-target import 64515:95
> >> route-target import 64515:10
> >> route-target import 64515:136
> >> route-target import 64515:112
> >> route-target import 64515:101
> >> exit-address-family
> >>
> >>
> >>
> >> vrf definition VN_IOT
> >> rd 192.168.101.110:136
> >> !
> >> address-family ipv4
> >> route-target export 64515:136
> >> route-target import 64515:136
> >> route-target import 64515:95
> >> exit-address-family
> >>
> >>
> >> /Arne
> >>
> >>
> >>
> >> On 08/06/2024 12.25, James Bensley wrote:
> >>> Hi Arne,
> >>>
> >>> The normal way to do this is with route targets but you didn't mention
> >>> route targets in your email. Are you importing the export RTs from VRF1
> >>> and VRF2 in to VRF3?
> >>>
> >>> You also mentioned route-maps. Are you already importing the export RTs
> >>> and trying to filter which routes are imported to only be the default
> >>> route?
> >>>
> >>> You didn't post any config, it always helps people to help you if you can
> >>> show what you have tried already.
> >>>
> >>> Cheers,
> >>> James.
> >>>
> >>>
> >>>
> >>> -------- Ursprüngliche Nachricht --------
> >>> Am 08.06.24 08:04 um Arne Larsen via cisco-nsp schrieb
> >>> <[email protected]>:
> >>>
> >>>> Hi all
> >>>>
> >>>> I’m struggling with an 9606 Cisco router and route leaking between
> >>>> vrf’s.
> >>>>
> >>>> I have 2 vrf’s with a default route that needs to imported into a 3.
> >>>>
> >>>> The default route from the one vrf’s is direct connected on the box,
> >>>> andthe other is via mBGP.
> >>>>
> >>>> I’ve tried several forms for import maps base on community, prefix,
> >>>> acl
> >>>> and so on, but I always ends up with pulling my legs.
> >>>>
> >>>> The 3 vrf is for shared services, so I import more the the 2 vrf’s
> >>>> with
> >>>> the default route.
> >>>>
> >>>> Can someone give me a hint how to get this to work.
> >>>>
> >>>> The 2 vrf’s with the def route has community xxxxx:112 and xxxxx:114.
> >>>> I need to import all other routes from all other vrf’s including the 2
> >>>> with the def route.
> >>>>
> >>>> Hope someone can help me out here
> >>>>
> >>>> Regards Arne
> >>>> _______________________________________________
> >>>> cisco-nsp mailing list [email protected]
> >>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>>>
> >> _______________________________________________
> >> cisco-nsp mailing list [email protected]
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
--
++ytti
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
