Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1576
Views
0
Helpful
6
Replies

export maps not being injected into VRF

Go to solution
johnelliot
Level 1
Level 1

‎05-15-2006 05:42 PM

I have the following setup:

ip vrf NMS

rd xxxxx:161

export map NMS

route-target import xxxxx:162

route-target import xxxxx:162

ip vrf TEST10

rd xxxxx:10

export map ManagedCE

route-target export xxxxx:10

route-target import xxxxx:10

route-target import xxxxx:161

maximum routes 256 75

route-map NMS permit 10

match ip address prefix-list 20

set extcommunity rt xxxxx:161 additive

route-map ManagedCE permit 10

match ip address 30

set extcommunity rt xxxxxx:162 additive

ip prefix-list 20 seq 5 permit 10.161.0.0/24

ip prefix-list 20 seq 10 permit 10.161.1.0/24

access-list 30 permit 192.168.101.12 log

access-list 30 permit 192.168.101.11 log

access-list 30 permit 192.168.101.10 log

access-list 30 permit 192.168.101.5 log

access-list 30 permit 192.168.101.4 log

access-list 30 permit 192.168.101.6 log

access-list 30 permit 192.168.101.1 log

access-list 30 permit 192.168.100.1 log

access-list 30 permit 192.168.101.3 log

access-list 30 permit 192.168.101.2 log

address-family ipv4 vrf TEST10

redistribute connected

redistribute static

redistribute rip

default-information originate

no auto-summary

no synchronization

exit-address-family

address-family ipv4 vrf NMS

redistribute connected

redistribute static

no auto-summary

no synchronization

exit-address-family

10.161.0.1/24 is local to this PE, 10.161.1.1/24 is on a different PE

Yet, when I look at the routes for vrf TEST10, I only see the 10.161.0.0/24 route (The 10.161.1.0/24 is missing?) - It is however in the NMS vrf's route table:

#show ip bgp vpnv4 all

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: xxxxxx:10 (default for vrf TEST10)

*> 10.0.0.0/24 0.0.0.0 0 32768 ?

*>i10.0.3.0/24 xxx.xxx.xxx.248 0 100 0 ?

*>i10.0.5.0/24 xxx.xxx.xxx.249 0 100 0 ?

*>i10.0.6.0/24 xxx.xxx.xxx.250 0 100 0 ?

*>i10.0.7.0/24 xxx.xxx.xxx.247 0 100 0 ?

*>i10.0.8.0/24 xxx.xxx.xxx.249 0 100 0 ?

*>i10.0.10.0/24 xxx.xxx.xxx.238 0 100 0 ?

*>i10.0.12.0/24 xxx.xxx.xxx.238 0 100 0 ?

*>i10.0.16.0/24 xxx.xxx.xxx.238 0 100 0 ?

*> 10.161.0.0/24 0.0.0.0 0 32768 ?

*> 192.168.100.1/32 10.0.0.2 0 32768 ?

Route Distinguisher: xxxxxx:161 (default for vrf NMS)

*> 10.161.0.0/24 0.0.0.0 0 32768 ?

*>i10.161.1.0/24 xxx.xxx.xxx.238 0 100 0 ?

*> 192.168.100.1/32 10.0.0.2 0 32768 ?

*> 192.168.101.1/32 172.16.1.10 0 32768 ?

*> 192.168.101.6/32 172.16.1.9 0 32768 ?

*> 192.168.101.12/32

172.17.1.12 0 32768 ?

Is there anything special that needs to be done to import the 10.161.1.0/24 route into the TEST10 vrf? (We have management/monitoring servers hanging of multiple PE's)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
olorunloba
Level 5
Level 5
In response to johnelliot

‎05-16-2006 10:13 AM

For the 10.161.1.0/24 to appear in Test10 table, you could either make Test10 import xxxx:162, or on the other PE where 10.161.1.0/24 is connected, make the route be exported with xxxx:161.

Generally, the configuration for NMS like the following

ip vrf NMS

route-target import 1:1

route-target export 1:1

route-target export 1:2

ip vrf ManagedVPN1

route-target import 1:2

route-target export 1:1

route-target import 1:3

route-target export 1:3

ip vrf ManagedVPN2

route-target import 1:2

route-target export 1:1

route-target import 1:4

route-target export 1:4

where route targets 1:1 and 1:2 are for the operation of the NMS, and 1:3 and 1:4 are for vpns ManagedVPN1 and ManagedVPN2 respectively.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
attrgautam
Level 5
Level 5

‎05-15-2006 07:36 PM

Can you move the export prefix list to a normal access-list and check ? The configuration looks ok otherwise to me.

0 Helpful

Go to solution
johnelliot
Level 1
Level 1
In response to attrgautam

‎05-15-2006 08:07 PM

Done:

route-map NMS permit 10

match ip address 40

set extcommunity rt xxxxx:161 additive

access-list 40 permit 10.161.0.0 0.0.0.255

access-list 40 permit 10.161.1.0 0.0.0.255

I'm not getting any hits on acl 40 though:

#show access-lists 40

Standard IP access list 40

10 permit 10.161.0.0, wildcard bits 0.0.0.255

20 permit 10.161.1.0, wildcard bits 0.0.0.255

And still not seeing the 10.161.1.x route in vrf TEST10

#show ip bgp vpnv4 all

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: xxxxxx:10 (default for vrf TEST10)

*> 10.0.0.0/24 0.0.0.0 0 32768 ?

*>i10.0.3.0/24 xxx.xxx.xxx.248 0 100 0 ?

*>i10.0.5.0/24 xxx.xxx.xxx.249 0 100 0 ?

*>i10.0.6.0/24 xxx.xxx.xxx.250 0 100 0 ?

*>i10.0.7.0/24 xxx.xxx.xxx.247 0 100 0 ?

*>i10.0.8.0/24 xxx.xxx.xxx.249 0 100 0 ?

*>i10.0.10.0/24 xxx.xxx.xxx.238 0 100 0 ?

*>i10.0.12.0/24 xxx.xxx.xxx.238 0 100 0 ?

*>i10.0.16.0/24 xxx.xxx.xxx.238 0 100 0 ?

*> 10.161.0.0/24 0.0.0.0 0 32768 ?

*> 192.168.100.1/32 10.0.0.2 0 32768 ?

As 10.161.1.0/24 is not directly connected to this PE(And only learned via iBGP), do I need to enable anything additional for this route to be injected into vrf TEST10?

0 Helpful

Go to solution
attrgautam
Level 5
Level 5
In response to johnelliot

‎05-15-2006 11:22 PM

Kind of misunderstood your problem.

Does sh ip bgp vpnv4 rt show you that the RT is tagged. If so, what is the RT and whether you have imported into your TEST10 vrf.

P.S:-You can also do clear ip bgp * and see if helps if you are confident that your config is fine ;-)

0 Helpful

Go to solution
olorunloba
Level 5
Level 5
In response to attrgautam

‎05-16-2006 01:22 AM

From your VRF configuration, NMS will import RT of xxxx:162 (note that you have two xxxx:162, I wonder if that is a typo). Test10 will import xxxx:10 and xxxx:161. Since 10.161.1.0/24 route is in the NMS and not in Test10, I will assume that it is tagged with xxxx:162, and not with either xxxx:10 or xxxx:161.

The key thing to note is that your export map configuration in the vrf does not affect routes that have been recieved from another PE. It has effect for the routes locally originated on the PE. Hence, the 10.161.0.0/24 route will be affected by export maps.

You can try show ip bgp vpnv4 all 10.161.1.0 to see the RTs associated with the route.

0 Helpful

Go to solution
johnelliot
Level 1
Level 1
In response to olorunloba

‎05-16-2006 02:51 AM

Ok - So if I have the monitoring servers (VRF NMS 10.161.1.0/24) directly connected to a different PE to the VRF TEST10 connections, is there anyway to monitor TEST10 CE's from the 10.161.1.0/24 range?(i.e. Inject the 10.161.1.0/24 range into vrf TEST10, and the CE's Loop addresses into vrf NMS)?

0 Helpful

Go to solution
olorunloba
Level 5
Level 5
In response to johnelliot

‎05-16-2006 10:13 AM

For the 10.161.1.0/24 to appear in Test10 table, you could either make Test10 import xxxx:162, or on the other PE where 10.161.1.0/24 is connected, make the route be exported with xxxx:161.

Generally, the configuration for NMS like the following

ip vrf NMS

route-target import 1:1

route-target export 1:1

route-target export 1:2

ip vrf ManagedVPN1

route-target import 1:2

route-target export 1:1

route-target import 1:3

route-target export 1:3

ip vrf ManagedVPN2

route-target import 1:2

route-target export 1:1

route-target import 1:4

route-target export 1:4

where route targets 1:1 and 1:2 are for the operation of the NMS, and 1:3 and 1:4 are for vpns ManagedVPN1 and ManagedVPN2 respectively.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents