Hi Harold, Yes, this will work. I had considered local-as, but just on the VRF side, which doesn't work as you can't set it on an iBGP session!
Thanks a lot! Best Regards, Vladislav Vasilev On Sun, Sep 15, 2024 at 7:23 AM Harold Ritter (hritter) <[email protected]> wrote: > Hi Vladislav, > > > > >2) running a routing protocol between the VRF and the global - iBGP won't > work as I can't define a per-VRF cluster-IDs. I'm also not >keen on > redistributing mp-bgp routes into an IGP. > > > > You could run eBGP by using local-as, as follow. > > > > router bgp 1 > > neighbor 10.10.2.2 remote-as 10 > > neighbor 10.10.2.2 local-as 20 no-prepend replace-as > > ! > > address-family ipv4 > > network 11.11.11.11 mask 255.255.255.255 > > neighbor 10.10.2.2 activate > > exit-address-family > > ! > > address-family ipv4 vrf A > > bgp router-id 10.10.2.2 > > neighbor 10.10.2.1 remote-as 20 > > neighbor 10.10.2.1 local-as 10 no-prepend replace-as > > neighbor 10.10.2.1 activate > > exit-address-family > > > > Regards, > > > > Harold > > > > *De : *Vladislav A. VASILEV <[email protected]> > *Date : *samedi, 14 septembre 2024 à 21:39 > *À : *Harold Ritter (hritter) <[email protected]> > *Cc : *[email protected] <[email protected]> > *Objet : *Re: [c-nsp] IOSXE / route leaking between VRFs and GT > > Hi Harold, > > > > That definitely works and it's what I'm doing now. However, I'm looking > for a way to avoid having to add static routes for each and every mp-bgp > route I receive from remote PEs. The only two options that came to mind > were: > > > > 1) leaking the route from the VRF to the global as shown below > > 2) running a routing protocol between the VRF and the global - iBGP won't > work as I can't define a per-VRF cluster-IDs. I'm also not keen on > redistributing mp-bgp routes into an IGP. > > > > I can't get away without having VASI interfaces, because some of the dst > networks I need to leak are directly connected on the same PE router. As > such, these routes can't be leaked into the VRF without having a valid > next-hop IP (they must be one hop away). > > > > Thanks! > > > > Best Regards, > > Vladislav > > > > > > > > On Sun, Sep 15, 2024 at 5:03 AM Harold Ritter (hritter) <[email protected]> > wrote: > > Hi Vladislav, > > > > The route leaking is normally used when the global and the VRF are > isolated from one another. In your case, you have a path between the global > the global and VRF A through the vasi interfaces. Please add the following > static route and you should get connectivity between R1 Lo1 and R2 Lo1. > > > > Ip route 22.22.22.22 255.255.255.255 10.10.2.2 > > > > Regards, > > > > Harold > > > > *De : *cisco-nsp <[email protected]> de la part de > Vladislav A. VASILEV via cisco-nsp <[email protected]> > *Date : *vendredi, 13 septembre 2024 à 16:08 > *À : *[email protected] <[email protected]> > *Objet : *[c-nsp] IOSXE / route leaking between VRFs and GT > > I've got the following three requirements: > > 1) perform 2) and 3) on the same router > 2) source NAT private networks (received as mp-bgp routes) on R1 (no issues > here) > 3) leak select mp-bgp prefixes into the global table (from a CP perspective > routes are being leaked, but I can't get any traffic through) > > here's the test topology: > > > global_table---R1---vasileft1---vasiright1---vrf_table---R1(PE)[ge1]---mp-bgp_routes----[ge1]R2(PE) > > > All config being tested on: > Cisco IOS XE Software, Version 17.03.02 > Cisco IOS Software [Amsterdam], Virtual XE Software > (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.3.2, RELEASE SOFTWARE (fc3) > > in summary: R1's loopback1 (in global table) needs connectivity to R2's > loopback1 (in VRF A) > > Configuration on R1: > > hostname R1 > > vrf definition A > rd 1:1 > route-target export 1:1 > route-target import 1:1 > address-family ipv4 > export ipv4 unicast map to-global > exit-address-family > > interface Loopback0 > ip address 1.1.1.1 255.255.255.255 > ip router isis ISIS > isis circuit-type level-2-only > > interface Loopback1 > ip address 11.11.11.11 255.255.255.255 > > interface GigabitEthernet1 > ip address 10.10.1.1 255.255.255.252 > ip router isis ISIS > negotiation auto > no mop enabled > no mop sysid > isis circuit-type level-2-only > isis network point-to-point > > interface vasileft1 > ip address 10.10.2.1 255.255.255.252 > no keepalive > > interface vasiright1 > vrf forwarding A > ip address 10.10.2.2 255.255.255.252 > no keepalive > > segment-routing mpls > connected-prefix-sid-map > address-family ipv4 > 1.1.1.1/32 index 1 range 1 > exit-address-family > > router isis ISIS > net 49.0000.0000.0001.00 > is-type level-2-only > metric-style wide > segment-routing mpls > > router bgp 1 > bgp router-id 1.1.1.1 > bgp log-neighbor-changes > neighbor 2.2.2.2 remote-as 1 > neighbor 2.2.2.2 update-source Loopback0 > address-family vpnv4 > neighbor 2.2.2.2 activate > neighbor 2.2.2.2 send-community extended > address-family ipv4 vrf A > redistribute static <--- redistribute the leaked route from GT to VRF A > > ip route vrf A 11.11.11.11 255.255.255.255 10.10.2.1 <-- leak global route > into VRF A > ip prefix-list to-global seq 10 permit 22.22.22.22/32 > > route-map to-global permit 10 > match ip address prefix-list to-global > set ip next-hop 10.10.2.2 <------- without setting the next-hoop to > vasiright1's IP the route does not get leaked > > R1#sh ip ro > > 1.0.0.0/32 is subnetted, 1 subnets > C 1.1.1.1 is directly connected, Loopback0 > 2.0.0.0/32 is subnetted, 1 subnets > i L2 2.2.2.2 [115/20] via 10.10.1.2, 00:20:55, GigabitEthernet1 > 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks > C 10.10.1.0/30 is directly connected, GigabitEthernet1 > L 10.10.1.1/32 is directly connected, GigabitEthernet1 > C 10.10.2.0/30 is directly connected, vasileft1 > L 10.10.2.1/32 is directly connected, vasileft1 > 11.0.0.0/32 is subnetted, 1 subnets > C 11.11.11.11 is directly connected, Loopback1 > 22.0.0.0/32 is subnetted, 1 subnets > *B 22.22.22.22 [200/0] via 10.10.2.2 (A), 00:09:50* > > R1#sh ip ro 22.22.22.22 > Routing entry for *22.22.22.22/32 <http://22.22.22.22/32>* > Known via "bgp 1", distance 200, metric 0, type internal > Last update from 10.10.2.2 00:10:10 ago > Routing Descriptor Blocks: > * *10.10.2.2 (A)*, from 2.2.2.2, 00:10:10 ago > opaque_ptr 0x7F13B34F1938 > Route metric is 0, traffic share count is 1 > AS Hops 0 > MPLS label: none > > R1#sh ip ro vrf A > 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks > C 10.10.2.0/30 is directly connected, vasiright1 > L 10.10.2.2/32 is directly connected, vasiright1 > 11.0.0.0/32 is subnetted, 1 subnets > S 11.11.11.11 [1/0] via 10.10.2.1 > 22.0.0.0/32 is subnetted, 1 subnets > *B 22.22.22.22 [200/0] via 2.2.2.2, 00:10:39* > > > > R2#sh ip ro vrf A > 11.0.0.0/32 is subnetted, 1 subnets > *B 11.11.11.11 [200/0] via 1.1.1.1, 00:09:29* > 22.0.0.0/32 is subnetted, 1 subnets > C 22.22.22.22 is directly connected, Loopback1 > > > Thank you! > Vladislav Vasilev > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
