08-21-2007 10:27 AM
Hello,
I configured some VRF -s and redistribution
between them using import and export maps on vrf configuration. The route-maps are matching prefix list statements to allow import and export. The problem is that i have to clear bgp for the changes to take
effect and it is not good solution for this router since it routes primarily VOIP. Is there any way to avoid this ?
The router is 2801 and software image is c2801-advipservicesk9-mz.124-11.T.bin
Thanks in advance,
Armin
08-21-2007 10:49 PM
Hi armin,
You can do a soft reset by configuring the inbound soft configuration on ur PE router.Command for the same is:-
clear ip bgp [? | address | peer-group][soft [in|out]]
08-21-2007 10:59 PM
All of those VRF -s are in the same router. There is no BGP peerings.
The configuration is:
ip vrf NMS
rd 65000:1
import map NMS-IN
export map NMS-OUT
route-target export 65000:450
route-target import 65000:450
route-target import 65000:110
!
ip vrf VOIP
rd 65000:3
export map VOIP-OUT
route-target export 65000:100
route-target import 65000:100
route-target import 65000:111
router bgp 65000
no bgp default ipv4-unicast
bgp log-neighbor-changes
bgp update-delay 1
!
address-family ipv4
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf VOIP
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf NMS
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
ip prefix-list NMS-IN seq 5 permit 192.168.1.0/24
ip prefix-list NMS-IN seq 10 permit 172.16.0.0/24
!
ip prefix-list NMS-OUT seq 5 permit 192.168.253.32/29
!
ip prefix-list VOIP-OUT seq 5 permit 1.1.1.0/24
ip prefix-list VOIP-OUT seq 10 permit 192.168.1.0/24
route-map NMS-OUT permit 10
match ip address prefix-list NMS-OUT
set extcommunity rt 65000:111 additive
route-map VOIP-OUT permit 10
match ip address prefix-list VOIP-OUT
set extcommunity rt 65000:110 additive
route-map NMS-IN permit 10
match ip address prefix-list NMS-IN
08-22-2007 12:08 AM
Dear,
In such case change the BGP scanning intervals in order to decrease import processing time between VPN's
Example:
router bgp 1
no synchronization
bgp log-neighbor-changes
bgp scan-time 5
no auto-summary
Kindly test it and feed me back, it's working with me.
Best Regards,
Mounir Mohamed
08-22-2007 01:30 AM
Thank You for answering,
It didnt help.
Armin
08-22-2007 01:34 AM
how come, it should be help.
Kindly check.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t7/vpn_en.htm
Best Regards,
Mounir Mohamed
08-22-2007 04:52 AM
It doesnt seem to work. I tried on 2801 and 7200
!
ip vrf KLIENT-1
rd 65000:500
export map KLIENT-1-OUT
route-target export 65000:101
route-target import 65000:101
route-target import 65000:111
!
ip vrf NMS
rd 65000:1
import map NMS-IN
export map NMS-OUT
route-target export 65000:450
route-target import 65000:450
route-target import 65000:110
route-target import 65000:123
!
!
interface Loopback2
ip vrf forwarding KLIENT-1
ip address 10.0.0.1 255.255.255.0
!
interface Loopback5
ip vrf forwarding KLIENT-1
ip address 172.16.0.1 255.255.255.0
!
interface Loopback102
ip vrf forwarding NMS
ip address 18.2.1.2 255.255.255.255
!
interface FastEthernet0/0
description R2
ip vrf forwarding VOIP
ip address 192.168.1.2 255.255.255.0
duplex full
!
interface FastEthernet1/0
description CPE2
ip vrf forwarding NMS
ip address 192.168.253.33 255.255.255.248
duplex full
!
router bgp 65000
no bgp default ipv4-unicast
bgp log-neighbor-changes
!
address-family ipv4
redistribute connected
no auto-summary
no synchronization
bgp scan-time 15
exit-address-family
!
address-family ipv4 vrf NMS
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf KLIENT-1
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
!
ip prefix-list KLIENT-1-IN seq 5 permit 192.168.253.32/29
!
ip prefix-list KLIENT-1-OUT seq 5 permit 172.16.0.0/24
ip prefix-list KLIENT-1-OUT seq 15 permit 10.0.0.0/24
!
ip prefix-list NMS-IN seq 5 permit 192.168.1.0/24
ip prefix-list NMS-IN seq 10 permit 172.16.0.0/24
ip prefix-list NMS-IN seq 15 permit 10.0.0.0/24
!
ip prefix-list NMS-OUT seq 5 permit 192.168.253.32/29
!
!
route-map NMS-OUT permit 10
match ip address prefix-list NMS-OUT
set extcommunity rt 65000:111 additive
route-map KLIENT-1-OUT permit 10
match ip address prefix-list KLIENT-1-OUT
set extcommunity rt 65000:110 additive
!
!
route-map NMS-IN permit 10
match ip address prefix-list NMS-IN
R3#sh ip bgp vpnv4 vrf NMS
BGP table version is 22, local router ID is 192.168.222.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65000:1 (default for vrf NMS)
*> 18.2.1.2/32 0.0.0.0 0 32768 ?
*> 172.16.0.0/24 0.0.0.0 0 32768 ?
*> 192.168.1.0 0.0.0.0 0 32768 ?
*> 192.168.253.32/29
0.0.0.0 0 32768 ?
I am testing on prefix 10.0.0.0/24 and it doesnt appear on the routing table.
I also configured scan-time under vpnv4 unicast af but it doesnt show in the config.
Armin
08-22-2007 09:20 AM
Your config is all ok. Infact just copy pasting the config above gives the desired output. And should do the same in any router without modifying any timers.
Here is a snippet.
PE1#show ip bgp vpnv4 al
PE1#show ip bgp vpnv4 all
BGP table version is 31, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65000:1 (default for vrf NMS)
*> 10.0.0.0/24 0.0.0.0 0 32768 ?
*> 10.1.2.0/24 0.0.0.0 0 32768 ?
*> 18.2.1.2/32 0.0.0.0 0 32768 ?
*> 172.16.0.0/24 0.0.0.0 0 32768 ?
Route Distinguisher: 65000:3 (default for vrf VOIP)
*> 1.3.3.0/24 0.0.0.0 0 32768 ?
*> 10.1.1.0/24 0.0.0.0 0 32768 ?
Route Distinguisher: 65000:500 (default for vrf KLIENT-1)
*> 10.0.0.0/24 0.0.0.0 0 32768 ?
*> 172.16.0.0/24 0.0.0.0 0 32768 ?
PE1#
I havent found any problem in importing the 10.0.0.0/24 route, using exactly the same config as posted.
Although to know exactly whats happening with that route can you capture the output of
"deb ip bgp vpnv4 unicast import".
When you enable this debug, remove the import route map on NMS and capture and then apply the import route map and capture.
As this doesnt seem to be anything to do with BGP import of VRF routes, as just a single route seems to be missing in your setup.
HTH-Cheers,
Swaroop
08-22-2007 10:38 AM
The problem isnt that the route doesnt get imported. The problem is that when i add some route in to the prefix-list or remove something
i have to clear bgp. This is not desired as it is a VOIP router and clearing bgp could cause some problems in the network.
08-22-2007 11:09 AM
Whenever you change your prefix list, simply remove and add the import/export map again, the table should reflect the changes promptly.
And this will not affect your network as well.
Do let me know if it doesnt work.
HTH-Cheers,
Swaroop
11-11-2008 07:18 PM
You need to set the 'bgp router-id' for each vrf address-family to something unique for each vrf, otherwise the router is trying to use the same bgp router-id, which won't work.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: