Re: Best way to leak routes into SHARED vrf without IGP

Here is what I did a quick test:

added
loopback 100
ip addr 200.200.200.100 255.255.255.255
ip vrf forwarding SHARED

Now I can see above loopback route on both VRFs

CE1#show ip route vrf customer10 200.200.200.0

Routing Table: customer10
Routing entry for 200.200.200.0/32, 1 known subnets
  Attached (1 connections)
B 200.200.200.100 is directly connected, 00:00:31, Loopback100

CE1# show ip route vrf SHARED 200.200.200.0

Routing Table: SHARED
Routing entry for 200.200.200.0/24, 2 known subnets
  Attached (1 connections)
  Variably subnetted with 2 masks
S 200.200.200.0/24 [1/0] via 2.2.2.2 (2.2.2.2 is PIX outside)
C 200.200.200.100/32 is directly connected, Loopback100
m-awvpdc01-nsw-udc-asr01#
m-awvpdc01-nsw-udc-asr01#

what a mystery!

Yes, I am clearing ip bgp table after every change.

On Mon, Apr 26, 2010 at 11:15 PM, Ryan West <rwest_at_zyedge.com> wrote:

> Try it without the route-map first and then work on fixing your
> route-map, just for a test.
>
>
>
> -ryan
>
>
>
> *From:* Radioactive Frog [mailto:pbhatkoti_at_gmail.com]
> *Sent:* Monday, April 26, 2010 9:14 AM
> *To:* Ryan West
> *Cc:* Cisco certification
> *Subject:* Re: Best way to leak routes into SHARED vrf without IGP
>
>
>
> Hi Ryan,
> Thanks for the quick reply. You've got it.
>
> The route 200.200.200.0/24 is not directly connected, its via 2.2.2.2 (PIX
> fw outside).
>
> If it was directly conencted e.g. interface loopback 100 on CE router, it
> shows up in the CUSTOMER10 vrf.
>
> I tried putting redist using route-map but it won't work!
>
> Any other idea?
>
>
>
> On Mon, Apr 26, 2010 at 11:07 PM, Ryan West <rwest_at_zyedge.com> wrote:
>
> Frog,
>
>
> > -----Original Message-----
> > Sent: Monday, April 26, 2010 8:55 AM
> > To: Cisco certification
> > Subject: Best way to leak routes into SHARED vrf without IGP
> >
> > Folks,
> >
> > Here is what I am trying to do but without IGP on IOS-XE 12.2.
> >
> > http://www.netcraftsmen.net/component/content/article/68-network-
> >
> infrastructure/696-using-bgp-with-vrf-lite-for-shared-service-support.html
> >
> >
> > Scenario:
> > =========
> > same scenario as above netcraftsmen link but without EIGRP.
> >
> > PE-----(MPLS cloud--------Customer10
> > | |
> > | |-------------------VRF-Customer10-----|SW|---customer10's machiens
> > | vrf-Shared
> > |1.1.1.1/30
> > |
> > |
> > |1.1.1.2/30
> > |
> > CE-RTR
> > |
> > |2.2.2.1/30
> > |
> > |vlan10
> > |
> > |2.2.2.2/30
> > |Outside
> > |
> > Firewall
> > |
> > |inside
> > |
> > 200.200.200.0/24
> >
> > I have 2 vrf's on R1:
> >
> > VRF2 = customer10
> > VRF3 = shared vrf (Customer10 should be able to access this)
> >
> > CUSTOMER10 IP = 100.0.0.0/16
> > Shared VRF = 200.200.200.0/24
> >
> > VRF2 i.e. customer10 is peered with CE using BGP.
> >
> >
> > ----------CE config-------------
> >
> > ip vrf CUSTOMER10
> > rd 10:10
> > route-target export 10:10
> > route-target import 20:20
> >
> > ip vrf SHARED
> > rd 20:20
> > route-target export 20:20
> > route-target import 10:10
> >
> > I have this static routes:
> > ip route vrf SHARED 200.200.200.0 255.255.255.0 2.2.2.2 (2.2.2.2. is PIX
> > firewall outside interface)
> >
> > I can see routes 200.200.200.0 on SHARED vrf on CE router.
> >
> > show ip route vrf SHARED 200.200.200.0
> >
> > Routing Table: SHARED
> > Routing entry for 200.200.200.0/24
> > Known via "static", distance 1, metric 0
> > Routing Descriptor Blocks:
> > * 2.2.2.2
> > Route metric is 0, traffic share count is 1
> >
> >
> > But can't see routes in the CUSTOMER10's vrf
> >
> > show ip route vrf CUSTOMER10 200.200.200.0
> >
> > Routing Table: CURTIN
> > % Network not in table <------------------this is the issue
> >
> >
> > How can I access 200.200.200.0 from Customer10's VRF without IGP?
> >
> > I have tried:
> >
> > access-list 88 permit 200.200.200.0
> >
> > route-map SHARED permit 10
> > match ip 88
> >
> > and then re-distributed it on BGP
> >
> > router bgp 300
> > address-family ipv4 vrf SHARED
> > redistribute connected route-map SHARED
> >
> >
>
> Wouldn't it be 'redistribute static' ? Doesn't seem to be a connected
> route.
>
> -ryan

Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 26 2010 - 23:29:54 ART