VRF redistribution problem

armin.kask · ‎08-21-2007

Hello,

I configured some VRF -s and redistribution

between them using import and export maps on vrf configuration. The route-maps are matching prefix list statements to allow import and export. The problem is that i have to clear bgp for the changes to take

effect and it is not good solution for this router since it routes primarily VOIP. Is there any way to avoid this ?

The router is 2801 and software image is c2801-advipservicesk9-mz.124-11.T.bin

Thanks in advance,

Armin

raghavbhargava · ‎08-21-2007

Hi armin,

You can do a soft reset by configuring the inbound soft configuration on ur PE router.Command for the same is:-

clear ip bgp [? | address | peer-group][soft [in|out]]

armin.kask · ‎08-21-2007

All of those VRF -s are in the same router. There is no BGP peerings.

The configuration is:

ip vrf NMS

rd 65000:1

import map NMS-IN

export map NMS-OUT

route-target export 65000:450

route-target import 65000:450

route-target import 65000:110

!

ip vrf VOIP

rd 65000:3

export map VOIP-OUT

route-target export 65000:100

route-target import 65000:100

route-target import 65000:111

router bgp 65000

no bgp default ipv4-unicast

bgp log-neighbor-changes

bgp update-delay 1

!

address-family ipv4

no auto-summary

no synchronization

exit-address-family

!

address-family ipv4 vrf VOIP

redistribute connected

redistribute static

no auto-summary

no synchronization

exit-address-family

!

address-family ipv4 vrf NMS

redistribute connected

redistribute static

no auto-summary

no synchronization

exit-address-family

ip prefix-list NMS-IN seq 5 permit 192.168.1.0/24

ip prefix-list NMS-IN seq 10 permit 172.16.0.0/24

!

ip prefix-list NMS-OUT seq 5 permit 192.168.253.32/29

!

ip prefix-list VOIP-OUT seq 5 permit 1.1.1.0/24

ip prefix-list VOIP-OUT seq 10 permit 192.168.1.0/24

route-map NMS-OUT permit 10

match ip address prefix-list NMS-OUT

set extcommunity rt 65000:111 additive

route-map VOIP-OUT permit 10

match ip address prefix-list VOIP-OUT

set extcommunity rt 65000:110 additive

route-map NMS-IN permit 10

match ip address prefix-list NMS-IN

mounir.mohamed · ‎08-22-2007

Dear,

In such case change the BGP scanning intervals in order to decrease import processing time between VPN's

Example:

router bgp 1

no synchronization

bgp log-neighbor-changes

bgp scan-time 5

no auto-summary

Kindly test it and feed me back, it's working with me.

Best Regards,

Mounir Mohamed

armin.kask · ‎08-22-2007

Thank You for answering,

It didnt help.

Armin

mounir.mohamed · ‎08-22-2007

how come, it should be help.

Kindly check.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t7/vpn_en.htm

Best Regards,

Mounir Mohamed

armin.kask · ‎08-22-2007

It doesnt seem to work. I tried on 2801 and 7200

!

ip vrf KLIENT-1

rd 65000:500

export map KLIENT-1-OUT

route-target export 65000:101

route-target import 65000:101

route-target import 65000:111

!

ip vrf NMS

rd 65000:1

import map NMS-IN

export map NMS-OUT

route-target export 65000:450

route-target import 65000:450

route-target import 65000:110

route-target import 65000:123

!

interface Loopback2

ip vrf forwarding KLIENT-1

ip address 10.0.0.1 255.255.255.0

!

interface Loopback5

ip vrf forwarding KLIENT-1

ip address 172.16.0.1 255.255.255.0

!

interface Loopback102

ip vrf forwarding NMS

ip address 18.2.1.2 255.255.255.255

!

interface FastEthernet0/0

description R2

ip vrf forwarding VOIP

ip address 192.168.1.2 255.255.255.0

duplex full

!

interface FastEthernet1/0

description CPE2

ip vrf forwarding NMS

ip address 192.168.253.33 255.255.255.248

duplex full

!

router bgp 65000

no bgp default ipv4-unicast

bgp log-neighbor-changes

!

address-family ipv4

redistribute connected

no auto-summary

no synchronization

bgp scan-time 15

exit-address-family

!

address-family ipv4 vrf NMS

redistribute connected

no auto-summary

no synchronization

exit-address-family

!

address-family ipv4 vrf KLIENT-1

redistribute connected

no auto-summary

no synchronization

exit-address-family

!

ip prefix-list KLIENT-1-IN seq 5 permit 192.168.253.32/29

!

ip prefix-list KLIENT-1-OUT seq 5 permit 172.16.0.0/24

ip prefix-list KLIENT-1-OUT seq 15 permit 10.0.0.0/24

!

ip prefix-list NMS-IN seq 5 permit 192.168.1.0/24

ip prefix-list NMS-IN seq 10 permit 172.16.0.0/24

ip prefix-list NMS-IN seq 15 permit 10.0.0.0/24

!

ip prefix-list NMS-OUT seq 5 permit 192.168.253.32/29

!

route-map NMS-OUT permit 10

match ip address prefix-list NMS-OUT

set extcommunity rt 65000:111 additive

route-map KLIENT-1-OUT permit 10

match ip address prefix-list KLIENT-1-OUT

set extcommunity rt 65000:110 additive

!

route-map NMS-IN permit 10

match ip address prefix-list NMS-IN

R3#sh ip bgp vpnv4 vrf NMS

BGP table version is 22, local router ID is 192.168.222.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 65000:1 (default for vrf NMS)

*> 18.2.1.2/32 0.0.0.0 0 32768 ?

*> 172.16.0.0/24 0.0.0.0 0 32768 ?

*> 192.168.1.0 0.0.0.0 0 32768 ?

*> 192.168.253.32/29

0.0.0.0 0 32768 ?

I am testing on prefix 10.0.0.0/24 and it doesnt appear on the routing table.

I also configured scan-time under vpnv4 unicast af but it doesnt show in the config.

Armin

swaroop.potdar · ‎08-22-2007

Your config is all ok. Infact just copy pasting the config above gives the desired output. And should do the same in any router without modifying any timers.

Here is a snippet.

PE1#show ip bgp vpnv4 al

PE1#show ip bgp vpnv4 all

BGP table version is 31, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 65000:1 (default for vrf NMS)

*> 10.0.0.0/24 0.0.0.0 0 32768 ?

*> 10.1.2.0/24 0.0.0.0 0 32768 ?

*> 18.2.1.2/32 0.0.0.0 0 32768 ?

*> 172.16.0.0/24 0.0.0.0 0 32768 ?

Route Distinguisher: 65000:3 (default for vrf VOIP)

*> 1.3.3.0/24 0.0.0.0 0 32768 ?

*> 10.1.1.0/24 0.0.0.0 0 32768 ?

Route Distinguisher: 65000:500 (default for vrf KLIENT-1)

*> 10.0.0.0/24 0.0.0.0 0 32768 ?

*> 172.16.0.0/24 0.0.0.0 0 32768 ?

PE1#

I havent found any problem in importing the 10.0.0.0/24 route, using exactly the same config as posted.

Although to know exactly whats happening with that route can you capture the output of

"deb ip bgp vpnv4 unicast import".

When you enable this debug, remove the import route map on NMS and capture and then apply the import route map and capture.

As this doesnt seem to be anything to do with BGP import of VRF routes, as just a single route seems to be missing in your setup.

HTH-Cheers,

Swaroop

armin.kask · ‎08-22-2007

The problem isnt that the route doesnt get imported. The problem is that when i add some route in to the prefix-list or remove something

i have to clear bgp. This is not desired as it is a VOIP router and clearing bgp could cause some problems in the network.

swaroop.potdar · ‎08-22-2007

Whenever you change your prefix list, simply remove and add the import/export map again, the table should reflect the changes promptly.

And this will not affect your network as well.

Do let me know if it doesnt work.

HTH-Cheers,

Swaroop

rseiler · ‎11-11-2008

You need to set the 'bgp router-id' for each vrf address-family to something unique for each vrf, otherwise the router is trying to use the same bgp router-id, which won't work.