VRF Leaking (bug??)

Unanswered Question
Jun 13th, 2007
User Badges:

I am trying to leak specific routes between two VRF's using the following config.


It filters one way, but doesn;t pass any routes the other. If I replace


export map customer-mgt-range

with

route-target import 39097:701

then all routes get learnt. If I then put the original line back in, it all works fine. Looks like a bug to me, but can't find a matching one on CCO.



ip vrf MGT

rd 39097:701

export map mgt-range

route-target import 39097:999

!

ip vrf TWR1

rd 39097:702

export map customer-mgt-range

route-target import 39097:701


access-list 31 permit 172.31.0.0 0.0.255.255

access-list 32 permit 195.60.197.0


!

route-map customer-mgt-range permit 10

match ip address 31

set extcommunity rt 39097:999

!

route-map mgt-range permit 10

match ip address 32

set extcommunity rt 39097:701


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
swaroop.potdar Wed, 06/13/2007 - 07:22
User Badges:
  • Blue, 1500 points or more

This should work...you have these 2 VRF;s on the same router is that correct.


Also i was unable to understand the quote

"export map customer-mgt-range

with

route-target import 39097:701

"


You mean to say you replaced a export map with route-targe import and it works fine ??..

I am unable to understand as how can a Export funcion is replaced by an Import function.


Post all the relevant parts of the config to better understand.


HTH-Cheers,

Swaroop

random_camden Wed, 06/13/2007 - 07:38
User Badges:

Sorry, my typo.

export map customer-mgt-range didn't work.

I replaced it with route-target export 39097:701 and it imported all.

Then I put back the original export map customer-mgt-range and it worked.




Here's the config...


ip vrf MGT

rd 39097:701

export map mgt-range

route-target import 39097:999

!


ip vrf TWR1

rd 39097:702

export map customer-mgt-range

route-target import 39097:701


!

router bgp 39097

no synchronization

bgp log-neighbor-changes

no auto-summary

!

address-family ipv4 vrf TWR1

neighbor 10.253.248.133 remote-as 39097

neighbor 10.253.248.133 activate

neighbor 10.253.248.133 route-reflector-client

neighbor 10.253.248.137 remote-as 39097

neighbor 10.253.248.137 activate

neighbor 10.253.248.137 route-reflector-client

neighbor 10.253.248.151 remote-as 39097

neighbor 10.253.248.151 activate

neighbor 10.253.248.171 remote-as 39097

neighbor 10.253.248.171 activate

maximum-paths 2

no auto-summary

no synchronization

network 172.31.99.2 mask 255.255.255.255

exit-address-family

!

!

address-family ipv4 vrf MGT

neighbor 10.253.0.133 remote-as 39097

neighbor 10.253.0.133 activate

neighbor 10.253.0.133 route-reflector-client

neighbor 10.253.0.137 remote-as 39097

neighbor 10.253.0.137 activate

neighbor 10.253.0.137 route-reflector-client

neighbor 10.253.0.151 remote-as 39097

neighbor 10.253.0.151 activate

neighbor 10.253.0.171 remote-as 39097

neighbor 10.253.0.171 activate

maximum-paths 2

no auto-summary

no synchronization

network 0.0.0.0

network 195.60.197.0

network 195.60.197.10 mask 255.255.255.255

exit-address-family

!


ip route 0.0.0.0 0.0.0.0 172.16.10.1

ip route vrf MGT 0.0.0.0 0.0.0.0 10.253.0.152

ip route vrf MGT 195.60.197.0 255.255.255.0 10.253.0.172


ip prefix-list mgt-range seq 6 permit 195.60.197.0/24 le 32

!

ip prefix-list customer-mgt-range seq 5 permit 172.31.0.0/16 le 32


access-list 31 permit 172.31.0.0 0.0.255.255

access-list 32 permit 195.60.197.0

!

route-map customer-mgt-range permit 10

match ip address 31

set extcommunity rt 39097:999

!

route-map mgt-range permit 10

match ip address 32

set extcommunity rt 39097:701

swaroop.potdar Wed, 06/13/2007 - 08:01
User Badges:
  • Blue, 1500 points or more

Config looks clean....Bug is ruled out as on the same device, same IOS,if it works one way, then definately has to work the other way.


Are you able to recreate this, or this happened once and stopped.


I could think of only one possibility, before you removed the export-map the routes werent matching the ACL you were using, later when you put it back again, they matched.


So could you confirm any other changes were made as well in between the issue detection and resolution.


HTH-Cheers,

Swaroop

Actions

This Discussion