Re: Best way to leak routes into SHARED vrf without IGP

The Mystery is solved now!
Reloading the whole router has fixed this issue.

Same config worked - i.e. redistributing static with route-map.

Thanks Ryan for your help.

On Mon, Apr 26, 2010 at 11:32 PM, Radioactive Frog <pbhatkoti_at_gmail.com>wrote:

>
> Now its boiled down to injecting "directly connected" vs
> "indirectly-connected" routes into BGP without IGP
>
>
>
>
> On Mon, Apr 26, 2010 at 11:29 PM, Radioactive Frog <pbhatkoti_at_gmail.com>wrote:
>
>>
>> Here is what I did a quick test:
>>
>> added
>> loopback 100
>> ip addr 200.200.200.100 255.255.255.255
>> ip vrf forwarding SHARED
>>
>> Now I can see above loopback route on both VRFs
>>
>>
>> CE1#show ip route vrf customer10 200.200.200.0
>>
>> Routing Table: customer10
>> Routing entry for 200.200.200.0/32, 1 known subnets
>> Attached (1 connections)
>> B 200.200.200.100 is directly connected, 00:00:31, Loopback100
>>
>> CE1# show ip route vrf SHARED 200.200.200.0
>>
>> Routing Table: SHARED
>> Routing entry for 200.200.200.0/24, 2 known subnets
>> Attached (1 connections)
>> Variably subnetted with 2 masks
>> S 200.200.200.0/24 [1/0] via 2.2.2.2 (2.2.2.2 is PIX outside)
>> C 200.200.200.100/32 is directly connected, Loopback100
>>
>>
>> what a mystery!
>>
>> Yes, I am clearing ip bgp table after every change.
>>
>>
>>
>> On Mon, Apr 26, 2010 at 11:15 PM, Ryan West <rwest_at_zyedge.com> wrote:
>>
>>> Try it without the route-map first and then work on fixing your
>>> route-map, just for a test.
>>>
>>>
>>>
>>> -ryan
>>>
>>>
>>>
>>> *From:* Radioactive Frog [mailto:pbhatkoti_at_gmail.com]
>>> *Sent:* Monday, April 26, 2010 9:14 AM
>>> *To:* Ryan West
>>> *Cc:* Cisco certification
>>> *Subject:* Re: Best way to leak routes into SHARED vrf without IGP
>>>
>>>
>>>
>>> Hi Ryan,
>>> Thanks for the quick reply. You've got it.
>>>
>>> The route 200.200.200.0/24 is not directly connected, its via 2.2.2.2
>>> (PIX fw outside).
>>>
>>> If it was directly conencted e.g. interface loopback 100 on CE router, it
>>> shows up in the CUSTOMER10 vrf.
>>>
>>> I tried putting redist using route-map but it won't work!
>>>
>>> Any other idea?
>>>
>>>
>>>
>>> On Mon, Apr 26, 2010 at 11:07 PM, Ryan West <rwest_at_zyedge.com> wrote:
>>>
>>> Frog,
>>>
>>>
>>> > -----Original Message-----
>>> > Sent: Monday, April 26, 2010 8:55 AM
>>> > To: Cisco certification
>>> > Subject: Best way to leak routes into SHARED vrf without IGP
>>> >
>>> > Folks,
>>> >
>>> > Here is what I am trying to do but without IGP on IOS-XE 12.2.
>>> >
>>> > http://www.netcraftsmen.net/component/content/article/68-network-
>>> >
>>> infrastructure/696-using-bgp-with-vrf-lite-for-shared-service-support.html
>>> >
>>> >
>>> > Scenario:
>>> > =========
>>> > same scenario as above netcraftsmen link but without EIGRP.
>>> >
>>> > PE-----(MPLS cloud--------Customer10
>>> > | |
>>> > | |-------------------VRF-Customer10-----|SW|---customer10's machiens
>>> > | vrf-Shared
>>> > |1.1.1.1/30
>>> > |
>>> > |
>>> > |1.1.1.2/30
>>> > |
>>> > CE-RTR
>>> > |
>>> > |2.2.2.1/30
>>> > |
>>> > |vlan10
>>> > |
>>> > |2.2.2.2/30
>>> > |Outside
>>> > |
>>> > Firewall
>>> > |
>>> > |inside
>>> > |
>>> > 200.200.200.0/24
>>> >
>>> > I have 2 vrf's on R1:
>>> >
>>> > VRF2 = customer10
>>> > VRF3 = shared vrf (Customer10 should be able to access this)
>>> >
>>> > CUSTOMER10 IP = 100.0.0.0/16
>>> > Shared VRF = 200.200.200.0/24
>>> >
>>> > VRF2 i.e. customer10 is peered with CE using BGP.
>>> >
>>> >
>>> > ----------CE config-------------
>>> >
>>> > ip vrf CUSTOMER10
>>> > rd 10:10
>>> > route-target export 10:10
>>> > route-target import 20:20
>>> >
>>> > ip vrf SHARED
>>> > rd 20:20
>>> > route-target export 20:20
>>> > route-target import 10:10
>>> >
>>> > I have this static routes:
>>> > ip route vrf SHARED 200.200.200.0 255.255.255.0 2.2.2.2 (2.2.2.2. is
>>> PIX
>>> > firewall outside interface)
>>> >
>>> > I can see routes 200.200.200.0 on SHARED vrf on CE router.
>>> >
>>> > show ip route vrf SHARED 200.200.200.0
>>> >
>>> > Routing Table: SHARED
>>> > Routing entry for 200.200.200.0/24
>>> > Known via "static", distance 1, metric 0
>>> > Routing Descriptor Blocks:
>>> > * 2.2.2.2
>>> > Route metric is 0, traffic share count is 1
>>> >
>>> >
>>> > But can't see routes in the CUSTOMER10's vrf
>>> >
>>> > show ip route vrf CUSTOMER10 200.200.200.0
>>> >
>>> > Routing Table: CURTIN
>>> > % Network not in table <------------------this is the issue
>>> >
>>> >
>>> > How can I access 200.200.200.0 from Customer10's VRF without IGP?
>>> >
>>> > I have tried:
>>> >
>>> > access-list 88 permit 200.200.200.0
>>> >
>>> > route-map SHARED permit 10
>>> > match ip 88
>>> >
>>> > and then re-distributed it on BGP
>>> >
>>> > router bgp 300
>>> > address-family ipv4 vrf SHARED
>>> > redistribute connected route-map SHARED
>>> >
>>> >
>>>
>>> Wouldn't it be 'redistribute static' ? Doesn't seem to be a connected
>>> route.
>>>
>>> -ryan

Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 26 2010 - 23:50:42 ART