Bilal,
yes, I would call the import process a filter, from vpnv4 into
vrf table. But as mentioned, it has "side effects" on the vpnv4
table as well.
(In fact, by default, it filters even what gets accepted into vpnv4 as well)
On the other hand, I would not call the export a filter, just a marking.
It becomes a filter if you use an export map though.
-Carlos
Bilal Hansrod @ 13/06/2011 10:13 -0300 dixit:
> Thanks Carlos for the quick reply- Is it correct to say that import
> process filters route when it imports from VPNV4 table into vrf table
> and export process filters before going into VPNV4 table from vrf?
>
> Bilal Hansrod
>
>
>
> On Mon, Jun 13, 2011 at 10:49 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar
> <mailto:tron_at_huapi.ba.ar>> wrote:
>
> Bilal,
> when you do a show ip bgp vpnv4 all, the show is *not* listing the
> routes open by VRF, but the routes open by RD, corresponding to the
> VRFs.
>
> When you receive a route coming from elsewhere (e.g. the
> 192.168.6.0/24 <http://192.168.6.0/24>
> @ R5 which is originated from R6) it is in the vpnv4 table with its
> original RD (100:2).
>
> But as you are importing it to VPN_B_at_R5, it gets also copied
> with the associated RD, 100:1. That's why you see it with both RDs.
> The import process assigns a new RD in the vpnv4 table.
>
> -Carlos
>
>
> Bilal Hansrod @ 13/06/2011 07:35 -0300 dixit:
>
> Hello,
>
> I was configuring export map for vrf and saw results which I am
> unable to
> understand. I used export map to match particular prefix from
> VPN_A (R5) and
> imported on R6 router in VPN_B. I can see in VPN_B routing table
> the prefix
> from R5 and don't see same prefix in VPN_A vrf. It seems good,
> but why do I
> see matched prefix on R6 on both vrf when I run show ip bgp
> vpnv4 all. It
> seems it imported on R6 in both vrf, but only installed in vrf
> VPN_B routing
> table due to export map.
>
> Anyone can explain this behaviour.
>
> Feel free to read in detail with configuration and output if you
> want to
> understand the topology.
>
>
> Thanks,
>
> Bilal Hansrod
>
>
>
>
>
> Topology:
>
> R6 connected to R4 via Ethernet and R4 is also connected to R5
> via FR and
> Serial
>
> R4 is BGP Route Reflector and R5 and R6 as clients
>
> R6 R4 R5
>
> |
>
> R5
>
> A loopback interface is configured on R5 VRF VPN_A
> 172.16.5.5/24 <http://172.16.5.5/24>
>
> A loopback interface is configured on R6 VRF VPN_B
> 192.168.6.6/24 <http://192.168.6.6/24>
>
> Both VRF exist on R5 and R6.
>
> Task: R6 VPN_A doesn't see prefix-list 172.16.5.0/24
> <http://172.16.5.0/24> and R5 does not see
> the prefix 192.168.6.0/24 <http://192.168.6.0/24>
>
> Solution Configuration:
>
> R5:
>
> ip vrf VPN_A
>
> rd 100:1
>
> export map R5
>
> route-target export 100:1
>
> route-target import 100:1
>
> route-target import 100:66
>
> !
>
> ip vrf VPN_B
>
> rd 100:2
>
> route-target export 100:2
>
> route-target import 100:2
>
>
> ip prefix-list VPN_A seq 10 permit 172.16.5.0/24
> <http://172.16.5.0/24>
>
>
> route-map R5 permit 10
>
> match ip address prefix-list VPN_A
>
> set extcommunity rt 100:55
>
> !
>
> route-map R5 permit 20
>
> set extcommunity rt 100:1
>
>
> R6:
>
>
> ip vrf VPN_A
>
> rd 100:1
>
> route-target export 100:1
>
> route-target import 100:1
>
> !
>
> ip vrf VPN_B
>
> rd 100:2
>
> export map R6
>
> route-target export 100:2
>
> route-target import 100:2
>
> route-target import 100:55
>
>
> ip prefix-list VPN_B seq 10 permit 192.168.6.0/24
> <http://192.168.6.0/24>
>
>
> route-map R6 permit 10
>
> match ip address prefix-list VPN_B
>
> set extcommunity rt 100:66
>
> !
>
> route-map R6 permit 20
>
> set extcommunity rt 100:2
>
>
> Results: The below results ensure that R5 VPN_B does not see
> 192.168.6.0
> from R6 and R6 VPN_A does not see 172.16.5.0/24
> <http://172.16.5.0/24> from R5.
>
>
> R5#show ip route vrf VPN_A 192.168.6.0
>
> Routing entry for 192.168.6.0/24 <http://192.168.6.0/24>
>
> Known via "bgp 100", distance 200, metric 0, type internal
>
> Last update from 150.1.6.6 00:32:17 ago
>
> Routing Descriptor Blocks:
>
> * 150.1.6.6 (Default-IP-Routing-Table), from 150.1.4.4, 00:32:17 ago
>
> Route metric is 0, traffic share count is 1
>
> AS Hops 0
>
>
> R5#show ip route vrf VPN_B 192.168.6.0
>
> % Network not in table
>
>
> R6#show ip route vrf VPN_A 172.16.5.0
>
> % Subnet not in table
>
>
> R6#show ip route vrf VPN_B 172.16.5.0
>
> Routing entry for 172.16.5.0/24 <http://172.16.5.0/24>
>
> Known via "bgp 100", distance 200, metric 0, type internal
>
> Last update from 150.1.5.5 00:35:49 ago
>
> Routing Descriptor Blocks:
>
> * 150.1.5.5 (Default-IP-Routing-Table), from 150.1.4.4, 00:35:49 ago
>
> Route metric is 0, traffic share count is 1
>
> AS Hops 0
>
> Now when I run show ip bgp vpnv4 all on R5 and R6, I still see
> routes in
> both VPN tables.
>
> For instance, R sees 192.168.6.0 in vrf VPN_A and VPN_B. Can
> anyone please
> explain why I can't see in routing table of vrf but still see in
> VPNV4
> table.
>
> R5#show ip bgp vpnv4 all
>
> BGP table version is 37, local router ID is 150.1.5.5
>
> Status codes: s suppressed, d damped, h history, * valid, >
> best, i -
> internal,
>
> r RIB-failure, S Stale
>
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf Weight Path
>
> Route Distinguisher: 100:1 (default for vrf VPN_A)
>
> *> 155.1.58.0/24 <http://155.1.58.0/24> 0.0.0.0 0 32768 ?
>
> *>i155.1.67.0/24 150.1.6.6 0 100 0 <tel:150.1.6.6%200%20100%200> ?
>
> *> 172.16.5.0/24 <http://172.16.5.0/24> 0.0.0.0 0 32768 ?
>
> *>i172.16.7.0/24 150.1.6.6 0 100 0 <tel:150.1.6.6%200%20100%200> ?
>
> *>i192.168.6.0 150.1.6.6 0 100 0 <tel:150.1.6.6%200%20100%200> ?
>
> Route Distinguisher: 100:2 (default for vrf VPN_B)
>
> *> 155.1.5.0/24 <http://155.1.5.0/24> 0.0.0.0 0 32768 ?
>
> *>i155.1.76.0/24 150.1.6.6 0 100 0 <tel:150.1.6.6%200%20100%200> ?
>
> *>i192.168.6.0 150.1.6.6 0 100 0 <tel:150.1.6.6%200%20100%200> ?
>
> *>i192.168.7.0 150.1.6.6 0 100 0 <tel:150.1.6.6%200%20100%200> ?
>
> Thanks,
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>>
> LW7 EQI Argentina
>
>
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Mon Jun 13 2011 - 10:39:13 ART
This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 06:24:28 ART