Hi Vladislav, >2) running a routing protocol between the VRF and the global - iBGP won't work >as I can't define a per-VRF cluster-IDs. I'm also not >keen on redistributing >mp-bgp routes into an IGP.
You could run eBGP by using local-as, as follow. router bgp 1 neighbor 10.10.2.2 remote-as 10 neighbor 10.10.2.2 local-as 20 no-prepend replace-as ! address-family ipv4 network 11.11.11.11 mask 255.255.255.255 neighbor 10.10.2.2 activate exit-address-family ! address-family ipv4 vrf A bgp router-id 10.10.2.2 neighbor 10.10.2.1 remote-as 20 neighbor 10.10.2.1 local-as 10 no-prepend replace-as neighbor 10.10.2.1 activate exit-address-family Regards, Harold De : Vladislav A. VASILEV <[email protected]> Date : samedi, 14 septembre 2024 à 21:39 À : Harold Ritter (hritter) <[email protected]> Cc : [email protected] <[email protected]> Objet : Re: [c-nsp] IOSXE / route leaking between VRFs and GT Hi Harold, That definitely works and it's what I'm doing now. However, I'm looking for a way to avoid having to add static routes for each and every mp-bgp route I receive from remote PEs. The only two options that came to mind were: 1) leaking the route from the VRF to the global as shown below 2) running a routing protocol between the VRF and the global - iBGP won't work as I can't define a per-VRF cluster-IDs. I'm also not keen on redistributing mp-bgp routes into an IGP. I can't get away without having VASI interfaces, because some of the dst networks I need to leak are directly connected on the same PE router. As such, these routes can't be leaked into the VRF without having a valid next-hop IP (they must be one hop away). Thanks! Best Regards, Vladislav On Sun, Sep 15, 2024 at 5:03 AM Harold Ritter (hritter) <[email protected]<mailto:[email protected]>> wrote: Hi Vladislav, The route leaking is normally used when the global and the VRF are isolated from one another. In your case, you have a path between the global the global and VRF A through the vasi interfaces. Please add the following static route and you should get connectivity between R1 Lo1 and R2 Lo1. Ip route 22.22.22.22 255.255.255.255 10.10.2.2 Regards, Harold De : cisco-nsp <[email protected]<mailto:[email protected]>> de la part de Vladislav A. VASILEV via cisco-nsp <[email protected]<mailto:[email protected]>> Date : vendredi, 13 septembre 2024 à 16:08 À : [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Objet : [c-nsp] IOSXE / route leaking between VRFs and GT I've got the following three requirements: 1) perform 2) and 3) on the same router 2) source NAT private networks (received as mp-bgp routes) on R1 (no issues here) 3) leak select mp-bgp prefixes into the global table (from a CP perspective routes are being leaked, but I can't get any traffic through) here's the test topology: global_table---R1---vasileft1---vasiright1---vrf_table---R1(PE)[ge1]---mp-bgp_routes----[ge1]R2(PE) All config being tested on: Cisco IOS XE Software, Version 17.03.02 Cisco IOS Software [Amsterdam], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.3.2, RELEASE SOFTWARE (fc3) in summary: R1's loopback1 (in global table) needs connectivity to R2's loopback1 (in VRF A) Configuration on R1: hostname R1 vrf definition A rd 1:1 route-target export 1:1 route-target import 1:1 address-family ipv4 export ipv4 unicast map to-global exit-address-family interface Loopback0 ip address 1.1.1.1 255.255.255.255 ip router isis ISIS isis circuit-type level-2-only interface Loopback1 ip address 11.11.11.11 255.255.255.255 interface GigabitEthernet1 ip address 10.10.1.1 255.255.255.252 ip router isis ISIS negotiation auto no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point interface vasileft1 ip address 10.10.2.1 255.255.255.252 no keepalive interface vasiright1 vrf forwarding A ip address 10.10.2.2 255.255.255.252 no keepalive segment-routing mpls connected-prefix-sid-map address-family ipv4 1.1.1.1/32<http://1.1.1.1/32> index 1 range 1 exit-address-family router isis ISIS net 49.0000.0000.0001.00 is-type level-2-only metric-style wide segment-routing mpls router bgp 1 bgp router-id 1.1.1.1 bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 update-source Loopback0 address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community extended address-family ipv4 vrf A redistribute static <--- redistribute the leaked route from GT to VRF A ip route vrf A 11.11.11.11 255.255.255.255 10.10.2.1 <-- leak global route into VRF A ip prefix-list to-global seq 10 permit 22.22.22.22/32<http://22.22.22.22/32> route-map to-global permit 10 match ip address prefix-list to-global set ip next-hop 10.10.2.2 <------- without setting the next-hoop to vasiright1's IP the route does not get leaked R1#sh ip ro 1.0.0.0/32<http://1.0.0.0/32> is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 2.0.0.0/32<http://2.0.0.0/32> is subnetted, 1 subnets i L2 2.2.2.2 [115/20] via 10.10.1.2, 00:20:55, GigabitEthernet1 10.0.0.0/8<http://10.0.0.0/8> is variably subnetted, 4 subnets, 2 masks C 10.10.1.0/30<http://10.10.1.0/30> is directly connected, GigabitEthernet1 L 10.10.1.1/32<http://10.10.1.1/32> is directly connected, GigabitEthernet1 C 10.10.2.0/30<http://10.10.2.0/30> is directly connected, vasileft1 L 10.10.2.1/32<http://10.10.2.1/32> is directly connected, vasileft1 11.0.0.0/32<http://11.0.0.0/32> is subnetted, 1 subnets C 11.11.11.11 is directly connected, Loopback1 22.0.0.0/32<http://22.0.0.0/32> is subnetted, 1 subnets *B 22.22.22.22 [200/0] via 10.10.2.2 (A), 00:09:50* R1#sh ip ro 22.22.22.22 Routing entry for *22.22.22.22/32<http://22.22.22.22/32> <http://22.22.22.22/32>* Known via "bgp 1", distance 200, metric 0, type internal Last update from 10.10.2.2 00:10:10 ago Routing Descriptor Blocks: * *10.10.2.2 (A)*, from 2.2.2.2, 00:10:10 ago opaque_ptr 0x7F13B34F1938 Route metric is 0, traffic share count is 1 AS Hops 0 MPLS label: none R1#sh ip ro vrf A 10.0.0.0/8<http://10.0.0.0/8> is variably subnetted, 2 subnets, 2 masks C 10.10.2.0/30<http://10.10.2.0/30> is directly connected, vasiright1 L 10.10.2.2/32<http://10.10.2.2/32> is directly connected, vasiright1 11.0.0.0/32<http://11.0.0.0/32> is subnetted, 1 subnets S 11.11.11.11 [1/0] via 10.10.2.1 22.0.0.0/32<http://22.0.0.0/32> is subnetted, 1 subnets *B 22.22.22.22 [200/0] via 2.2.2.2, 00:10:39* R2#sh ip ro vrf A 11.0.0.0/32<http://11.0.0.0/32> is subnetted, 1 subnets *B 11.11.11.11 [200/0] via 1.1.1.1, 00:09:29* 22.0.0.0/32<http://22.0.0.0/32> is subnetted, 1 subnets C 22.22.22.22 is directly connected, Loopback1 Thank you! Vladislav Vasilev _______________________________________________ cisco-nsp mailing list [email protected]<mailto:[email protected]> https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
