Help with exporting one route into another vrf

Unanswered Question
Sep 4th, 2009

All,

I have a situation that I'm needing help with. I have a two vrf's (CustA and CustB). I'm importing each others routes into it's own vrf (CustA into CustB's table, etc.).

I don't want CustB to have all of CustA's routes and vice versa. I created a route-map and tried creating an export map under CustB's vrf, and it works, but it keeps CustA from getting all of its routes.

What I have is below:

ip vrf CUSTA

rd 200:100

import map PERMIT30

route-target both 200:100

route-target import 300:100

ip vrf CUSTB

rd 300:100

route-target both 300:100

route-target import 200:100

access-list 100 permit ip 30.30.30.0 0.0.0.255 any

route-map PERMIT30 5

match ip address 100

If I leave the above alone, my routing table on CUSTA only contains its connected and the 30.30.30.0 subnet. If I add a catch-all permit clause in the policy-map, CUSTA gets all routes from CUSTB which is what I don't want.

Thanks!

John

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
b.julin Fri, 09/04/2009 - 12:27

You probably want to read up on some of the other options for the "match" statement. Access-lists are a blunt instrument best used for safeguards. There are plenty of other criteria to match on, but you'll want to get into the router and see which match criteria pop up in the online help and will apply to a "VRF import route-map" , because support for each kind for various different usages can vary by platform and software chain, and route-maps are notorious for not telling you which criteria are supported for your intentions until you actually have them all built and try to apply them :-)

Laurent Aubert Sat, 09/05/2009 - 17:31

Hi John,

Usually, you use filtering based on route-target:

You create an export-map for each VRF which will add a specific route-target to match which routes should be exchange between VRF A and B. The routes which don't match the export will just have the VRF local route-target set with the route-target export command:

p vrf CUSTA

rd 200:100

export map To-CUSTB

route-target import 200:100

route-target import 300:101

ip vrf CUSTB

rd 300:100

export map To-CUSTA

route-target import 300:100

route-target import 200:101

!

route-map To-CUSTB 5

match ip address 100

set extcommunity rt 200:100 200:101

!

route-map To-CUSTB 100

set extcommunity rt 200:100

!

route-map To-CUSTA 5

match ip address 101

set extcommunity rt 300:100 300:101

!

route-map To-CUSTA 100

set extcommunity rt 300:100

!

Inside the route-map, you can match on other criteria like BGP community for example

With import-map, in your case you need to use a deny statement to match which prefixes you don't want. The we are sure the permit all at the end will match all the routes you want.

In any case try to base your macth criteria on community as it's more flexible and scalable.

HTH

Laurent.

Actions

This Discussion