Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

IP VRF to VRF Definition Import-Map behaviour changes

Have the import rules changed from IP VRF syntax (IPV4 only) to VRF Definitions (IPV4&6)?


The issue being we have a management VRF which is used for access, monitoring, archiving.  which works well in the IP vrf sytnax example:   


ip vrf A-IPVPN
 rd 9282:1002
 import map Customer-Mgmt-Infrastructure
 route-target export 9282:1002
 route-target import 9282:1002
 route-target import 9282:1999


ip vrf Customer-Mgmt
 rd 9282:1999
 import map Import-Customer-Mgmt
 route-target export 9282:1999
 route-target import 9282:1999
 route-target import 9282:2010
 route-target import 9282:1002
 route-target import 9282:2011
 route-target import 9282:1005


route-map Import-Customer-Mgmt permit 10
 match ip address prefix-list Customer-Mgmt-CPE

ip prefix-list Customer-Mgmt-CPE: 2 entries
   seq 5 deny
   seq 10 permit le 32


This allows all PE's to learn Customers Routes and import and export management details, I believe I have followed best practice and the result is what I would expect, however since creating some new customers with the vrf definition syntax it appears that the Import-Customer-Mgmt now filters out BGP routes within the Local VRF PE-PE, however the the routes are visible via :


show ip bgp vpnv4 rd  


 but not imported into BGP table.


Vrf definition 

rf definition S-C-IPVPN
 rd 9282:1005
 route-target export 9282:1005
 route-target import 9282:1005
 route-target import 9282:1999

 address-family ipv4
  import map Customer-Mgmt-Infrastructure


After hitting my head against a wall for longer than I would like to admit, I removed the import map and routes in the RD are installed into the BGP Table?


My question is, is this now default behaviour or is it a bug in our particular version (asr1002x-universalk9.03.09.01.S.153-2.S1.SPA.bin)


I had been considering upgrading our syntax using the vrf upgrade-cli, glad i didnt as this would have caused a major outage as we use the a fair amount of import maps with our Internet transit circuits.


If this is normal behaviour what it the best way to match and permit Local vrf RD? baring in mind I would like ideally to reuse the same route-map.    


I will continue to investigate,  but if anyone has had experience of this behaviour I would appropriate there input 


Regard Neil 



Regards Neil
New Member

The following route map has

The following route map has no impact:


route-map Customer-Mgmt-Infrastructure-2 permit, sequence 10
  Match clauses:
    community (community-list filter): S-C-IPVPN
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes


Named Community expanded list S-C-IPVPN
    permit RT:9282:1005


Think i will need to lab up.



Regards Neil
CreatePlease to create content