Hi Kelly, - Page 2

lap · ‎05-16-2011

Hi all,

I would like to do some route leaking from VRF to Global and Global to VRF on the same router. Here is an output of the config:

interface FastEthernet4
description ***Connection to WAN***
ip vrf forwarding FVRF
ip address 10.0.0.6 255.255.255.0

interface Vlan100
description ***LAN***
ip address 192.168.227.1 255.255.255.0

So what I want is to import 192.168.227.0 /24 into FVRF and import 10.0.0.0 /24 into the global routing table.

I though I could do that config but it is not possible:

(config)#ip route vrf FVRF 192.168.227.0 255.255.255.0 vlan 100
% For VPN or topology routes, must specify a next hop IP address if not a point-to-point interface

OR

DK-SLVPN(config)#ip route vrf FVRF 192.168.227.0 255.255.255.0 vlan 100 192.168.227.1 global
%Invalid next hop address (it's this router)

Any ideas are really welcome.

Best regards,

Laurent

parag waghmare · ‎12-22-2016

Hi Kelly,

Hope you can help.

I am stuck in a similar situation. I did exactly what you did. This is alright for connected routes. What I am doing is redistributing ospf into bgp. The router on which I am doing this is a building router bsr and has two links to the Distribution router Dr. Both links are pt-to-pt ospf links with cost of one. Now my problem is once the ospf learned remote routes are redistributed into bgp. When I do sh ip bgp , it does not give me a nest-hop ip address of one of the pt-to-pt links instead it puts 0.0.0.0 in next-hop.

the route 192.101.254.252/32 is an ospf learned route and redistributed in bgp vrf VPN-NETWORKS.

when I do sh ip bgp , bgp is not able to work the next-hop. Does bgp think that they are equal cost multi-paths and gets confused ?

here is the out put for sh ip bgp

test-bsr-266#sh ip bgp
BGP table version is 14, local router ID is 192.101.254.243
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

*> 192.101.254.252/32 0.0.0.0 4 32768 ?

any help would be appreciated.

Chris Hurst · ‎01-13-2016

I recently ran into a scenario where I needed to do this as well. I realize that this is an old post, but I did find a way to keep the LAN in the Global VRF, and route between the Global VRF and the FVRF without MP-BGP by using Policy Based Routing. There is an article on it here: http://itvagabonds.com/tutorials/basic-wan-vrf-routing-configuration-cisco-isr that explains it in more detail.

For the setup in the original question, the following lines would need added. The 'set global' line is what actually places the traffic into the Global VRF.

!! Default route on FVRF if next hop GW on WAN is 10.0.0.1 !
ip route vrf FVRF 0.0.0.0 0.0.0.0 10.0.0.1
!
!! Route from Global VRF -> FRVF if next hop GW on WAN is 10.0.0.1 !
ip route 0.0.0.0 0.0.0.0 FastEthernet4 10.0.0.1
!
!! Use PBR to route traffic that matches traffic in the ACL back into the Global VRF !
ip access-list extended WAN_TO_GLOBAL_ACL
permit ip any 192.168.227.0 0.255.255.255
!
route-map WAN_TO_GLOBAL permit 10
match ip address WAN_TO_GLOBAL_ACL
set global
!
interface FastEthernet4
ip policy route-map WAN_TO_GLOBAL

If the WAN side did not have a next hop for some reason, then you would need a PBR on the Vlan100 interface as well to set matching traffic to the FVRF VRF.

mininer · ‎12-25-2016

http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/multiprotocol-label-switching-vpns-mpls-vpns/47807-routeleaking.html

Route Leaking from a Global Routing Table into a VRF and Route Leaking from a VRF into a Global Routing Table

This part can solve the problem.

Route leaking from VRF to Global on same router with VLAN interface

Route Leaking from a Global Routing Table into a VRF and Route Leaking from a VRF into a Global Routing Table