05-15-2006 05:42 PM
I have the following setup:
ip vrf NMS
rd xxxxx:161
export map NMS
route-target import xxxxx:162
route-target import xxxxx:162
ip vrf TEST10
rd xxxxx:10
export map ManagedCE
route-target export xxxxx:10
route-target import xxxxx:10
route-target import xxxxx:161
maximum routes 256 75
route-map NMS permit 10
match ip address prefix-list 20
set extcommunity rt xxxxx:161 additive
route-map ManagedCE permit 10
match ip address 30
set extcommunity rt xxxxxx:162 additive
ip prefix-list 20 seq 5 permit 10.161.0.0/24
ip prefix-list 20 seq 10 permit 10.161.1.0/24
access-list 30 permit 192.168.101.12 log
access-list 30 permit 192.168.101.11 log
access-list 30 permit 192.168.101.10 log
access-list 30 permit 192.168.101.5 log
access-list 30 permit 192.168.101.4 log
access-list 30 permit 192.168.101.6 log
access-list 30 permit 192.168.101.1 log
access-list 30 permit 192.168.100.1 log
access-list 30 permit 192.168.101.3 log
access-list 30 permit 192.168.101.2 log
address-family ipv4 vrf TEST10
redistribute connected
redistribute static
redistribute rip
default-information originate
no auto-summary
no synchronization
exit-address-family
address-family ipv4 vrf NMS
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
10.161.0.1/24 is local to this PE, 10.161.1.1/24 is on a different PE
Yet, when I look at the routes for vrf TEST10, I only see the 10.161.0.0/24 route (The 10.161.1.0/24 is missing?) - It is however in the NMS vrf's route table:
#show ip bgp vpnv4 all
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: xxxxxx:10 (default for vrf TEST10)
*> 10.0.0.0/24 0.0.0.0 0 32768 ?
*>i10.0.3.0/24 xxx.xxx.xxx.248 0 100 0 ?
*>i10.0.5.0/24 xxx.xxx.xxx.249 0 100 0 ?
*>i10.0.6.0/24 xxx.xxx.xxx.250 0 100 0 ?
*>i10.0.7.0/24 xxx.xxx.xxx.247 0 100 0 ?
*>i10.0.8.0/24 xxx.xxx.xxx.249 0 100 0 ?
*>i10.0.10.0/24 xxx.xxx.xxx.238 0 100 0 ?
*>i10.0.12.0/24 xxx.xxx.xxx.238 0 100 0 ?
*>i10.0.16.0/24 xxx.xxx.xxx.238 0 100 0 ?
*> 10.161.0.0/24 0.0.0.0 0 32768 ?
*> 192.168.100.1/32 10.0.0.2 0 32768 ?
Route Distinguisher: xxxxxx:161 (default for vrf NMS)
*> 10.161.0.0/24 0.0.0.0 0 32768 ?
*>i10.161.1.0/24 xxx.xxx.xxx.238 0 100 0 ?
*> 192.168.100.1/32 10.0.0.2 0 32768 ?
*> 192.168.101.1/32 172.16.1.10 0 32768 ?
*> 192.168.101.6/32 172.16.1.9 0 32768 ?
*> 192.168.101.12/32
172.17.1.12 0 32768 ?
Is there anything special that needs to be done to import the 10.161.1.0/24 route into the TEST10 vrf? (We have management/monitoring servers hanging of multiple PE's)
Solved! Go to Solution.
05-16-2006 10:13 AM
For the 10.161.1.0/24 to appear in Test10 table, you could either make Test10 import xxxx:162, or on the other PE where 10.161.1.0/24 is connected, make the route be exported with xxxx:161.
Generally, the configuration for NMS like the following
ip vrf NMS
route-target import 1:1
route-target export 1:1
route-target export 1:2
ip vrf ManagedVPN1
route-target import 1:2
route-target export 1:1
route-target import 1:3
route-target export 1:3
ip vrf ManagedVPN2
route-target import 1:2
route-target export 1:1
route-target import 1:4
route-target export 1:4
where route targets 1:1 and 1:2 are for the operation of the NMS, and 1:3 and 1:4 are for vpns ManagedVPN1 and ManagedVPN2 respectively.
05-15-2006 07:36 PM
Can you move the export prefix list to a normal access-list and check ? The configuration looks ok otherwise to me.
05-15-2006 08:07 PM
Done:
route-map NMS permit 10
match ip address 40
set extcommunity rt xxxxx:161 additive
access-list 40 permit 10.161.0.0 0.0.0.255
access-list 40 permit 10.161.1.0 0.0.0.255
I'm not getting any hits on acl 40 though:
#show access-lists 40
Standard IP access list 40
10 permit 10.161.0.0, wildcard bits 0.0.0.255
20 permit 10.161.1.0, wildcard bits 0.0.0.255
And still not seeing the 10.161.1.x route in vrf TEST10
#show ip bgp vpnv4 all
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: xxxxxx:10 (default for vrf TEST10)
*> 10.0.0.0/24 0.0.0.0 0 32768 ?
*>i10.0.3.0/24 xxx.xxx.xxx.248 0 100 0 ?
*>i10.0.5.0/24 xxx.xxx.xxx.249 0 100 0 ?
*>i10.0.6.0/24 xxx.xxx.xxx.250 0 100 0 ?
*>i10.0.7.0/24 xxx.xxx.xxx.247 0 100 0 ?
*>i10.0.8.0/24 xxx.xxx.xxx.249 0 100 0 ?
*>i10.0.10.0/24 xxx.xxx.xxx.238 0 100 0 ?
*>i10.0.12.0/24 xxx.xxx.xxx.238 0 100 0 ?
*>i10.0.16.0/24 xxx.xxx.xxx.238 0 100 0 ?
*> 10.161.0.0/24 0.0.0.0 0 32768 ?
*> 192.168.100.1/32 10.0.0.2 0 32768 ?
As 10.161.1.0/24 is not directly connected to this PE(And only learned via iBGP), do I need to enable anything additional for this route to be injected into vrf TEST10?
05-15-2006 11:22 PM
Kind of misunderstood your problem.
Does sh ip bgp vpnv4 rt
P.S:-You can also do clear ip bgp * and see if helps if you are confident that your config is fine ;-)
05-16-2006 01:22 AM
From your VRF configuration, NMS will import RT of xxxx:162 (note that you have two xxxx:162, I wonder if that is a typo). Test10 will import xxxx:10 and xxxx:161. Since 10.161.1.0/24 route is in the NMS and not in Test10, I will assume that it is tagged with xxxx:162, and not with either xxxx:10 or xxxx:161.
The key thing to note is that your export map configuration in the vrf does not affect routes that have been recieved from another PE. It has effect for the routes locally originated on the PE. Hence, the 10.161.0.0/24 route will be affected by export maps.
You can try show ip bgp vpnv4 all 10.161.1.0 to see the RTs associated with the route.
05-16-2006 02:51 AM
Ok - So if I have the monitoring servers (VRF NMS 10.161.1.0/24) directly connected to a different PE to the VRF TEST10 connections, is there anyway to monitor TEST10 CE's from the 10.161.1.0/24 range?(i.e. Inject the 10.161.1.0/24 range into vrf TEST10, and the CE's Loop addresses into vrf NMS)?
05-16-2006 10:13 AM
For the 10.161.1.0/24 to appear in Test10 table, you could either make Test10 import xxxx:162, or on the other PE where 10.161.1.0/24 is connected, make the route be exported with xxxx:161.
Generally, the configuration for NMS like the following
ip vrf NMS
route-target import 1:1
route-target export 1:1
route-target export 1:2
ip vrf ManagedVPN1
route-target import 1:2
route-target export 1:1
route-target import 1:3
route-target export 1:3
ip vrf ManagedVPN2
route-target import 1:2
route-target export 1:1
route-target import 1:4
route-target export 1:4
where route targets 1:1 and 1:2 are for the operation of the NMS, and 1:3 and 1:4 are for vpns ManagedVPN1 and ManagedVPN2 respectively.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: