06-13-2007 06:09 AM
I am trying to leak specific routes between two VRF's using the following config.
It filters one way, but doesn;t pass any routes the other. If I replace
export map customer-mgt-range
with
route-target import 39097:701
then all routes get learnt. If I then put the original line back in, it all works fine. Looks like a bug to me, but can't find a matching one on CCO.
ip vrf MGT
rd 39097:701
export map mgt-range
route-target import 39097:999
!
ip vrf TWR1
rd 39097:702
export map customer-mgt-range
route-target import 39097:701
access-list 31 permit 172.31.0.0 0.0.255.255
access-list 32 permit 195.60.197.0
!
route-map customer-mgt-range permit 10
match ip address 31
set extcommunity rt 39097:999
!
route-map mgt-range permit 10
match ip address 32
set extcommunity rt 39097:701
06-13-2007 07:22 AM
This should work...you have these 2 VRF;s on the same router is that correct.
Also i was unable to understand the quote
"export map customer-mgt-range
with
route-target import 39097:701
"
You mean to say you replaced a export map with route-targe import and it works fine ??..
I am unable to understand as how can a Export funcion is replaced by an Import function.
Post all the relevant parts of the config to better understand.
HTH-Cheers,
Swaroop
06-13-2007 07:38 AM
Sorry, my typo.
export map customer-mgt-range didn't work.
I replaced it with route-target export 39097:701 and it imported all.
Then I put back the original export map customer-mgt-range and it worked.
Here's the config...
ip vrf MGT
rd 39097:701
export map mgt-range
route-target import 39097:999
!
ip vrf TWR1
rd 39097:702
export map customer-mgt-range
route-target import 39097:701
!
router bgp 39097
no synchronization
bgp log-neighbor-changes
no auto-summary
!
address-family ipv4 vrf TWR1
neighbor 10.253.248.133 remote-as 39097
neighbor 10.253.248.133 activate
neighbor 10.253.248.133 route-reflector-client
neighbor 10.253.248.137 remote-as 39097
neighbor 10.253.248.137 activate
neighbor 10.253.248.137 route-reflector-client
neighbor 10.253.248.151 remote-as 39097
neighbor 10.253.248.151 activate
neighbor 10.253.248.171 remote-as 39097
neighbor 10.253.248.171 activate
maximum-paths 2
no auto-summary
no synchronization
network 172.31.99.2 mask 255.255.255.255
exit-address-family
!
!
address-family ipv4 vrf MGT
neighbor 10.253.0.133 remote-as 39097
neighbor 10.253.0.133 activate
neighbor 10.253.0.133 route-reflector-client
neighbor 10.253.0.137 remote-as 39097
neighbor 10.253.0.137 activate
neighbor 10.253.0.137 route-reflector-client
neighbor 10.253.0.151 remote-as 39097
neighbor 10.253.0.151 activate
neighbor 10.253.0.171 remote-as 39097
neighbor 10.253.0.171 activate
maximum-paths 2
no auto-summary
no synchronization
network 0.0.0.0
network 195.60.197.0
network 195.60.197.10 mask 255.255.255.255
exit-address-family
!
ip route 0.0.0.0 0.0.0.0 172.16.10.1
ip route vrf MGT 0.0.0.0 0.0.0.0 10.253.0.152
ip route vrf MGT 195.60.197.0 255.255.255.0 10.253.0.172
ip prefix-list mgt-range seq 6 permit 195.60.197.0/24 le 32
!
ip prefix-list customer-mgt-range seq 5 permit 172.31.0.0/16 le 32
access-list 31 permit 172.31.0.0 0.0.255.255
access-list 32 permit 195.60.197.0
!
route-map customer-mgt-range permit 10
match ip address 31
set extcommunity rt 39097:999
!
route-map mgt-range permit 10
match ip address 32
set extcommunity rt 39097:701
06-13-2007 08:01 AM
Config looks clean....Bug is ruled out as on the same device, same IOS,if it works one way, then definately has to work the other way.
Are you able to recreate this, or this happened once and stopped.
I could think of only one possibility, before you removed the export-map the routes werent matching the ACL you were using, later when you put it back again, they matched.
So could you confirm any other changes were made as well in between the issue detection and resolution.
HTH-Cheers,
Swaroop
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide