Hello,
I was configuring export map for vrf and saw results which I am unable to
understand. I used export map to match particular prefix from VPN_A (R5) and
imported on R6 router in VPN_B. I can see in VPN_B routing table the prefix
from R5 and don't see same prefix in VPN_A vrf. It seems good, but why do I
see matched prefix on R6 on both vrf when I run show ip bgp vpnv4 all. It
seems it imported on R6 in both vrf, but only installed in vrf VPN_B routing
table due to export map.
Anyone can explain this behaviour.
Feel free to read in detail with configuration and output if you want to
understand the topology.
Thanks,
Bilal Hansrod
Topology:
R6 connected to R4 via Ethernet and R4 is also connected to R5 via FR and
Serial
R4 is BGP Route Reflector and R5 and R6 as clients
R6 � R4 � R5
|
R5
A loopback interface is configured on R5 VRF VPN_A � 172.16.5.5/24
A loopback interface is configured on R6 VRF VPN_B � 192.168.6.6/24
Both VRF exist on R5 and R6.
Task: R6 VPN_A doesn't see prefix-list 172.16.5.0/24 and R5 does not see
the prefix 192.168.6.0/24
Solution Configuration:
R5:
ip vrf VPN_A
rd 100:1
export map R5
route-target export 100:1
route-target import 100:1
route-target import 100:66
!
ip vrf VPN_B
rd 100:2
route-target export 100:2
route-target import 100:2
ip prefix-list VPN_A seq 10 permit 172.16.5.0/24
route-map R5 permit 10
match ip address prefix-list VPN_A
set extcommunity rt 100:55
!
route-map R5 permit 20
set extcommunity rt 100:1
R6:
ip vrf VPN_A
rd 100:1
route-target export 100:1
route-target import 100:1
!
ip vrf VPN_B
rd 100:2
export map R6
route-target export 100:2
route-target import 100:2
route-target import 100:55
ip prefix-list VPN_B seq 10 permit 192.168.6.0/24
route-map R6 permit 10
match ip address prefix-list VPN_B
set extcommunity rt 100:66
!
route-map R6 permit 20
set extcommunity rt 100:2
Results: The below results ensure that R5 VPN_B does not see 192.168.6.0
from R6 and R6 VPN_A does not see 172.16.5.0/24 from R5.
R5#show ip route vrf VPN_A 192.168.6.0
Routing entry for 192.168.6.0/24
Known via "bgp 100", distance 200, metric 0, type internal
Last update from 150.1.6.6 00:32:17 ago
Routing Descriptor Blocks:
* 150.1.6.6 (Default-IP-Routing-Table), from 150.1.4.4, 00:32:17 ago
Route metric is 0, traffic share count is 1
AS Hops 0
R5#show ip route vrf VPN_B 192.168.6.0
% Network not in table
R6#show ip route vrf VPN_A 172.16.5.0
% Subnet not in table
R6#show ip route vrf VPN_B 172.16.5.0
Routing entry for 172.16.5.0/24
Known via "bgp 100", distance 200, metric 0, type internal
Last update from 150.1.5.5 00:35:49 ago
Routing Descriptor Blocks:
* 150.1.5.5 (Default-IP-Routing-Table), from 150.1.4.4, 00:35:49 ago
Route metric is 0, traffic share count is 1
AS Hops 0
Now when I run show ip bgp vpnv4 all on R5 and R6, I still see routes in
both VPN tables.
For instance, R sees 192.168.6.0 in vrf VPN_A and VPN_B. Can anyone please
explain why I can't see in routing table of vrf but still see in VPNV4
table.
R5#show ip bgp vpnv4 all
BGP table version is 37, local router ID is 150.1.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*> 155.1.58.0/24 0.0.0.0 0 32768 ?
*>i155.1.67.0/24 150.1.6.6 0 100 0 ?
*> 172.16.5.0/24 0.0.0.0 0 32768 ?
*>i172.16.7.0/24 150.1.6.6 0 100 0 ?
*>i192.168.6.0 150.1.6.6 0 100 0 ?
Route Distinguisher: 100:2 (default for vrf VPN_B)
*> 155.1.5.0/24 0.0.0.0 0 32768 ?
*>i155.1.76.0/24 150.1.6.6 0 100 0 ?
*>i192.168.6.0 150.1.6.6 0 100 0 ?
*>i192.168.7.0 150.1.6.6 0 100 0 ?
Thanks,
Blogs and organic groups at http://www.ccie.net
Received on Mon Jun 13 2011 - 20:35:50 ART