Re: Best way to leak routes into SHARED vrf without IGP

Now its boiled down to injecting "directly connected" vs
"indirectly-connected" routes into BGP without IGP

On Mon, Apr 26, 2010 at 11:29 PM, Radioactive Frog <pbhatkoti_at_gmail.com>wrote:

>
> Here is what I did a quick test:
>
> added
> loopback 100
> ip addr 200.200.200.100 255.255.255.255
> ip vrf forwarding SHARED
>
> Now I can see above loopback route on both VRFs
>
>
> CE1#show ip route vrf customer10 200.200.200.0
>
> Routing Table: customer10
> Routing entry for 200.200.200.0/32, 1 known subnets
> Attached (1 connections)
> B 200.200.200.100 is directly connected, 00:00:31, Loopback100
>
> CE1# show ip route vrf SHARED 200.200.200.0
>
> Routing Table: SHARED
> Routing entry for 200.200.200.0/24, 2 known subnets
> Attached (1 connections)
> Variably subnetted with 2 masks
> S 200.200.200.0/24 [1/0] via 2.2.2.2 (2.2.2.2 is PIX outside)
> C 200.200.200.100/32 is directly connected, Loopback100
> m-awvpdc01-nsw-udc-asr01#
> m-awvpdc01-nsw-udc-asr01#
>
>
> what a mystery!
>
> Yes, I am clearing ip bgp table after every change.
>
>
>
> On Mon, Apr 26, 2010 at 11:15 PM, Ryan West <rwest_at_zyedge.com> wrote:
>
>> Try it without the route-map first and then work on fixing your
>> route-map, just for a test.
>>
>>
>>
>> -ryan
>>
>>
>>
>> *From:* Radioactive Frog [mailto:pbhatkoti_at_gmail.com]
>> *Sent:* Monday, April 26, 2010 9:14 AM
>> *To:* Ryan West
>> *Cc:* Cisco certification
>> *Subject:* Re: Best way to leak routes into SHARED vrf without IGP
>>
>>
>>
>> Hi Ryan,
>> Thanks for the quick reply. You've got it.
>>
>> The route 200.200.200.0/24 is not directly connected, its via 2.2.2.2
>> (PIX fw outside).
>>
>> If it was directly conencted e.g. interface loopback 100 on CE router, it
>> shows up in the CUSTOMER10 vrf.
>>
>> I tried putting redist using route-map but it won't work!
>>
>> Any other idea?
>>
>>
>>
>> On Mon, Apr 26, 2010 at 11:07 PM, Ryan West <rwest_at_zyedge.com> wrote:
>>
>> Frog,
>>
>>
>> > -----Original Message-----
>> > Sent: Monday, April 26, 2010 8:55 AM
>> > To: Cisco certification
>> > Subject: Best way to leak routes into SHARED vrf without IGP
>> >
>> > Folks,
>> >
>> > Here is what I am trying to do but without IGP on IOS-XE 12.2.
>> >
>> > http://www.netcraftsmen.net/component/content/article/68-network-
>> >
>> infrastructure/696-using-bgp-with-vrf-lite-for-shared-service-support.html
>> >
>> >
>> > Scenario:
>> > =========
>> > same scenario as above netcraftsmen link but without EIGRP.
>> >
>> > PE-----(MPLS cloud--------Customer10
>> > | |
>> > | |-------------------VRF-Customer10-----|SW|---customer10's machiens
>> > | vrf-Shared
>> > |1.1.1.1/30
>> > |
>> > |
>> > |1.1.1.2/30
>> > |
>> > CE-RTR
>> > |
>> > |2.2.2.1/30
>> > |
>> > |vlan10
>> > |
>> > |2.2.2.2/30
>> > |Outside
>> > |
>> > Firewall
>> > |
>> > |inside
>> > |
>> > 200.200.200.0/24
>> >
>> > I have 2 vrf's on R1:
>> >
>> > VRF2 = customer10
>> > VRF3 = shared vrf (Customer10 should be able to access this)
>> >
>> > CUSTOMER10 IP = 100.0.0.0/16
>> > Shared VRF = 200.200.200.0/24
>> >
>> > VRF2 i.e. customer10 is peered with CE using BGP.
>> >
>> >
>> > ----------CE config-------------
>> >
>> > ip vrf CUSTOMER10
>> > rd 10:10
>> > route-target export 10:10
>> > route-target import 20:20
>> >
>> > ip vrf SHARED
>> > rd 20:20
>> > route-target export 20:20
>> > route-target import 10:10
>> >
>> > I have this static routes:
>> > ip route vrf SHARED 200.200.200.0 255.255.255.0 2.2.2.2 (2.2.2.2. is PIX
>> > firewall outside interface)
>> >
>> > I can see routes 200.200.200.0 on SHARED vrf on CE router.
>> >
>> > show ip route vrf SHARED 200.200.200.0
>> >
>> > Routing Table: SHARED
>> > Routing entry for 200.200.200.0/24
>> > Known via "static", distance 1, metric 0
>> > Routing Descriptor Blocks:
>> > * 2.2.2.2
>> > Route metric is 0, traffic share count is 1
>> >
>> >
>> > But can't see routes in the CUSTOMER10's vrf
>> >
>> > show ip route vrf CUSTOMER10 200.200.200.0
>> >
>> > Routing Table: CURTIN
>> > % Network not in table <------------------this is the issue
>> >
>> >
>> > How can I access 200.200.200.0 from Customer10's VRF without IGP?
>> >
>> > I have tried:
>> >
>> > access-list 88 permit 200.200.200.0
>> >
>> > route-map SHARED permit 10
>> > match ip 88
>> >
>> > and then re-distributed it on BGP
>> >
>> > router bgp 300
>> > address-family ipv4 vrf SHARED
>> > redistribute connected route-map SHARED
>> >
>> >
>>
>> Wouldn't it be 'redistribute static' ? Doesn't seem to be a connected
>> route.
>>
>> -ryan

Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 26 2010 - 23:32:52 ART