Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Redistribute from VRF to Global

Is it possible to redistribute all routes from a VRF routing table to the global routing table?

21 REPLIES

Re: Redistribute from VRF to Global

why do you want to do this, i mean it kinda beats the purpose of putting a domain into VRF in the first place, where we can simply have adjacency directly in the global table.

if you have anything specific, do mention the same, so its easy to get the whole picture.

Cheers,

Swaroop

New Member

Re: Redistribute from VRF to Global

I have a reason I would like to do this also, and cant really figure out a good way to do this.

We need to move our current global internet routing table to a vrf, that is a big job and will take some time to do, moving every customer interface, bgp peer etc.. to a new Internet vrf, and out of the global table.

To do this it would be nice to just make a new vrf and import all routes in and out of the global table and the new vrf, untill everyone is moved then break the import export.

To import its not to bad, but I cant find a really good way to export from the new vrf out to the global table, where the unmoved customers will still reside.

maybe this will help give you a example of why someone would want to do this.

It would be nice if there was just a "route-target export global" or "route-target export null" command under the vrf config.

Silver

Re: Redistribute from VRF to Global

Hi,

maybe for a VRF_Internet on IPv4 gateway?

See that:

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801445fb.shtml

Some months ago it didn't work (6500 platform, sup720 3BXL); a cross-cable from interface in VRF to interface in global does the trick.

HTH

Andrea

Re: Redistribute from VRF to Global

This type of funtionality may be desired as pointed out in the posts and for mainly migration of customers and service onto MPLS from IPV4.

1) To import GLobal routes in VRF you can use the IPV4 prefix import into VRF.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00803b8db9.html

2) Now for route leak of VRF in to Global table you need to use a simple static route for the subnets in a given VRF and pointing to the Interface on the PE side which connects to the CE.

One more thing I would like all to note here is we need to be careful what we are importing into the VRF from the global table. As we dont want two routes for the same deatination.

This does a two way route leak into VRF and Global table. But such fixup solutions should be used only for a transitionary state, and it would be dificult to maintain the state as is.

Having said that, the solution we generally have adopted and recommended to customers for migration is different from what we are discussing.

HTH-Cheers,

Swaroop

Re: Redistribute from VRF to Global

Hi,

you could take an IP interface from "VRF internet" on PE1 to global IP routing table in PE2 and setup OSPF and iBGP through this link. Somewhat messy and error prone, but it will only be for a transition phase anyhow.

Regards, Martin

New Member

Re: Redistribute from VRF to Global

How about ebgp customers that sit, currently in the global routing table, and I want to move to that new vrf, I cant add a static route for there address space, cause it will remove their AS peering.

You run in to the same issue if you use another routing protocol like ospf to distribute the routes.

You said "Having said that, the solution we generally have adopted and recommended to customers for migration is different from what we are discussing."

Mind sharing that info?

Re: Redistribute from VRF to Global

FOr migration customer we generally adopt a two pronged approach.

1) Migrate the Core for Label Switching.

2) Enable all service including Internet, Central Hosted Service Like Mail, Telephony etc onto a dual connected scenario. That is each service will have two links one for VRF and other into Global Table.

3) Start migrating customers one at a time,

when you put them in VRF they acces all the services as is through VRF and who are left over they access through global table.

This requires each VPN/Customer to be migrated at a time. Hope this method suits you, as its very subjective.

HTH-Cheers,

Swaroop

New Member

Re: Redistribute from VRF to Global

Ok this is a Service Provider network, so I could do like what you say here.

So I have 2 routing tables with full Internet routes, I have to have full Internet routes cause some cusomers ask for them from us.

Now lets say I have services like Mail, DNS, Websites, News, stuff like that in both vrfs with 2 links.

What about customers getting to other customers? maybe some kind of default route could be used between the VRFs that can cause some issues.

The Internet routes come in from my up stream providers, 4 of them.

Now I can easily get those routes in to the new Internet VRF but when I move the customers over to that VRF I need to get their routes back out to everyone else still in the global routing table.

This is a big issue when it comes to EBGP customers since I cant use static routes or anything like that to get connections from the global table to them, since they need to be advertised upstream from my border routers from the global VRF, at least untill I move those boarders into the new VRF also.

Seems like if just it was as easy to export VRF routes from a VRF back to the global table, as it is to export routes from a VRF to another VRF, then this all would allot easier to me.

I mean to do that would not the router just have to export a copy of that route with no RD? remove the RD.

Re: Redistribute from VRF to Global

Q-What about customers getting to other customers? maybe some kind of default route could be used between the VRFs that can cause some issues.

A- //

Before migrating to a VPN structure an Internet ISP would not be providing any VPN service. If the one customer has been talking to another customer then it has to be via Internet, so when you provision you provision with Internet service also for each customer who has availed of that service.

//

Q- The Internet routes come in from my up stream providers, 4 of them.

Now I can easily get those routes in to the new Internet VRF but when I move the customers over to that VRF I need to get their routes back out to everyone else still in the global routing table.

A- //

you are missing a major point here, when you create an Internet VRF the VRF is just not holding the Internet Routes, in fact its your IBGP extended within a VRF for your customers to peer with so the control lies with you to give full or default route, having said that your customer is doing an EBGP with you for this service so he obviously can announce routes, which would be announced on the internet via your border routers.Other customer who are not migrated would know of this migrated customer routes via your border router.

//

Q- Seems like if just it was as easy to export VRF routes from a VRF back to the global table, as it is to export routes from a VRF to another VRF, then this all would allot easier to me.

I mean to do that would not the router just have to export a copy of that route with no RD? remove the RD.

A- //

Think about this, if you export the route in Global Table, how would the routing take place, as IPV4 wont know how the route originated, so only method left is redistributing with static route,

//

On a lighter note, Having to work withing available resources and constraints is where we scale :-))

I believe you should be good to go with this approach, if you dont have anything which is different in terms of setup than what i had described.

if you have any more specific queries regarding the same do put across.

HTH-Cheers,

Swaroop

New Member

Re: Redistribute from VRF to Global

On this topic

A- //

you are missing a major point here, when you create an Internet VRF the VRF is just not holding the Internet Routes, in fact its your IBGP extended within a VRF for your customers to peer with so the control lies with you to give full or default route, having said that your customer is doing an EBGP with you for this service so he obviously can announce routes, which would be announced on the internet via your border routers.Other customer who are not migrated would know of this migrated customer routes via your border router.

//

I am still playing with some of this in our lab, with a 7609 router.

And you are right I must be missing something major here.

On my current boarder routers, my upstreams only peer to the global table, to them there is no MPBGP (no address familys)

So I can either on that border router import those global routes in to the new Internet VRF with a a import map, under the "ip vrf Internet" area of the config or I can do this out on the network somewhere on a PE router.

So out on a PE router I have a customer that is currently EBGP peering and I move him to peer with VRF internet (I am still working on how that is done cleanly) his routes are now only in VRF Internet and not in the global table, as far as I understand it.

How would I get those routes back out to the global table so that I can advertises that customers EBGP routes to my customers in the global table and also to the my Internet peers.

I mentioned above that I was still working on peering a EBGP peer to a vrf cleanly. When I say that, I mean, so that the customer does not run MPBGP, and to him the peering looks that same as before I moved him into that VRF.

Currently customers I have in vrfs are just static routed and don't do BGP with my AS.

When I move the customers peering interface in to the new vrf in the lab BGP can no longer get to his peering IP to peer anymore, then I move the neighbors ip peer to the Internet VRF under BGP, the session only comes up on the Customers router.

Here is the config on the LAB PE router.

address-family ipv4 vrf Internet

redistribute connected

redistribute static

neighbor 192.168.168.2 remote-as 65000

neighbor 192.168.168.2 activate

neighbor 192.168.168.2 default-originate

neighbor 192.168.168.2 prefix-list DEFAULT-ONLY out

Customer Interface in PE

interface GigabitEthernet2/3

description 7200 - BGP VRF TESTING

ip vrf forwarding Internet

ip address 192.168.168.1 255.255.255.252

On the Customers router (lab) its like this

Simple as I can keep it.

router bgp 65000

no synchronization

bgp log-neighbor-changes

neighbor 192.168.168.1 remote-as 3505

BTW any help is appriciated, I emailed my Cisco SE and havent herd from him yet, that was a couple days agao, he is slack!

Re: Redistribute from VRF to Global

The config should be like this.

PE connecting to Customer Router.

address-family ipv4 vrf Internet

redistribute connected

redistribute static

neighbor 192.168.168.2 remote-as 65000

neighbor 192.168.168.2 remove-private-as

neighbor 192.168.168.2 activate

neighbor 192.168.168.2 default-originate !

neighbor 192.168.168.2 prefix-list DEFAULT-ONLY out ! If you want to advertise full routing table you can omit your this statement.

PE router connecting to Border Router.

!

address-family ipv4 vrf Internet

redistribute connected

neighbor 192.168.168.100 remote-as xxx ! EBGP Peering to your border router.

neighbor 192.168.168.100 activate

!

This gets all your internet routes into the VRF and also advertises the customer route learnt at other PE to the Border Router or IGW. Since now border router has your customer routes non-migrated customer can reach this customer via border router, which will inturn direct traffic via Internet VRF towards the customer.

If you are using the same AS for MPLS service then you can use local-as feature to propagate IBGP learnt routes within your MPLS VPN.

HTH-Cheers,

Swaroop

New Member

Re: Redistribute from VRF to Global

Humm that still does not work, here is the current BGP config from LAB PE router.

router bgp 65001

bgp log-neighbor-changes

bgp graceful-restart restart-time 120

bgp graceful-restart stalepath-time 360

bgp graceful-restart

neighbor RR-Clients peer-group

neighbor RR-Clients remote-as 65001

neighbor RR-Clients description Route Reflector Clients

neighbor RR-Clients update-source Loopback0

neighbor 192.168.X.X peer-group RR-Clients ! our route reflectors ips

neighbor 192.168.X.X peer-group RR-Clients ! our route reflectors ips

!

! NOTICE I DONT MENTION THE VRF NEIGHBOR ANYWHERE ABOVE

!

address-family ipv4

redistribute connected

redistribute static

neighbor RR-Clients next-hop-self

neighbor 192.168.X.X activate

neighbor 192.168.X.X activate

no auto-summary

no synchronization

exit-address-family

!

address-family vpnv4

neighbor RR-Clients send-community extended

neighbor 192.168.X.X activate

neighbor 192.168.X.X activate

exit-address-family

!

address-family ipv4 vrf Internet

redistribute connected

redistribute static

neighbor 192.168.168.2 remote-as 65000

neighbor 192.168.168.2 activate

neighbor 192.168.168.2 default-originate

neighbor 192.168.168.2 remove-private-as

neighbor 192.168.168.2 prefix-list DEFAULT-ONLY out

no synchronization

exit-address-family

Remember this is a LAB so I am using as private AS just for testing, it would be a real customers AS, that would be a public arin given AS number in a real senario.

Also I have changes the ips and as number of our router even in the LAB just cause!

Here is the problem, I guess, that neighbor does not even show up

show ip bgp sum

BGP router identifier 192.168.X.X, local AS number 65001

BGP table version is 2496500, main routing table version 2496500

196854 network entries using 23031918 bytes of memory

393695 path entries using 20472140 bytes of memory

53824/35129 BGP path/bestpath attribute entries using 7535360 bytes of memory

23 BGP rrinfo entries using 552 bytes of memory

48481 BGP AS-PATH entries using 1234350 bytes of memory

4 BGP extended community entries using 96 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 52274416 total bytes of memory

BGP activity 308201/111251 prefixes, 726748/332871 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

192.168.X.X 4 3505 647559 16249 2496500 0 0 1w4d 196841

192.168.X.X 4 3505 570050 16249 2496500 0 0 1w4d 196841

show ip bgp neighbors 192.168.168.2

% No such neighbor

When I add the neighbor under the main BGP IPV4 area it shows up in the commands above.

But still stays in idle, thing is I dont want the neighbor to peer in global or insert routes there.

Re: Redistribute from VRF to Global

You are using the wrong command to see the neighbor adjacency.

Use this:

"show ip bgp vpnv4 all summ"

"show ip bgp vpnv4 vrf Internet neighbor 192.168.168.2"

And most important is verify the ip 192.168.168.2 is in the Internet VRF.

Till now we have discussed,

1) How to do the migration.

2) What is you Internet Setup.

3) How to migrate Internet.

4) How to view VRF BGP neighbors :-)

I would recommend, that you throughly read and practise, the scenario before your go for the real migration.

You have anything else do let me know.

HTH-Cheers,

Swaroop

New Member

Re: Redistribute from VRF to Global

Thanks, I have not tried this yet, but yes you have helped allot.

Sorry it seems as if I am askeding about so many different things but they are somewhat tied together.

And I have never setup the above senario before.

New Member

Re: Redistribute from VRF to Global

Yea that seems to work, haha sorry but I just kinda was missing that command, and hard to know that whs what it was.

I have tried commands under "show ip bgp vpnv4" but missed the "all sum" option and was looking for something like that.

Anyway that should help me figure out how to migate.

The reason for migration so quickly is that we have started testing some multicast traffic lately and I need to leave multicast traffic in the global routing table, would be nice to just move all global internet traffic to a vrf.

Again your help is much appriciated!

Bronze

Re: Redistribute from VRF to Global

Ok i dont know if this thread is dead but i will add my experience to this.

Firstly you are putting the full internet routing table into a vrf. This is not advisable nor required. have you ever considered CSC? Thats exactly what that is for.

To get customers access to the internet, two options. From a layer 3 vpn perspective you have a global static pointing to your internet domains. Other one is even easier Layer 2 Eompls circuits. This will get you your full routing table to customers who require it and your mpls core doesnt care that it is 140k routes its just layer2 packets to you.

Re: Redistribute from VRF to Global

Your post interested me, so just wanted to chat :-).

This thread was around the topic of migrating IPV4 to MPLS, and the challenges involved. But just wanted to discuss the options mentioned by you.

1) CSC : This model in terms of MPLS is to support a MPLS carrier at different locations via a second MPLS backbone.

Do we really need CSC, for Internet over MPLS, and even if we modify CSC for Internet within running MPLS for the Internet domain. how do you avoid carrying all the routes in a VRF in a CSC model, without increasing the number of devices.

2) EoMPLS: its generally a big no. because of its point to point nature.

3) Global static is ok when practising Internet access in the Lab. In real world SP's its seldom used.

4) Now almost all SP's across use only two method for Internet Access in Majority.

a) Transparent LSP for Internet Traffic via MPLS global core.

b) VRF based Internet Distribution, which gives ease of deployment and the SP's can easily treat Internet Service as different department, fucntion or service and deprovision it with the same ease as provisioning.

So end of the day SP's are more interested in ease of provisoing and administration.

For instance if the question is all about how to get the Internet working without carrying routes in MPLS, I have another solution, where you extend your infra routes in the Internet VRF, and the end customers do a direct MultiHop EBGP with the Internet GW wherever it is. Default and Full table can be given this way, and MPLS core doesnt have a single Internet route. But SP customers dont like the idea at all as their customer may not at all be comfortable doing a multihop EBGP. But technically its a good idea.

HTH-Cheers,

Swaroop

Bronze

Re: Redistribute from VRF to Global

swaroop answer to your question 1)

You dont take the ISPs BGP table you only take their IGP (usually OSPF).

Re: Redistribute from VRF to Global

robert, if we do that then we have to do a multihop EBGP for all customers. which is the same as using the infra routes in a normal VRF, the method which i explained in the last para of my last post.

First is it wont be called CSC and second is SP's wont accept it since its multihop EBGP.

Second option is to have a dedicated edge device only for IPV4 so we can avoid multihop ebgp, but then its cost intensive. again not so good a idea.

HTH-Cheers,

Swaroop

Bronze

Re: Redistribute from VRF to Global

i really dont follow what you are doing here mate. Normally ISPs have border routers where each EBGP customer directly attaches to. However it seems that this is not the case with what you are explaining which is kinda against every other ISP that i have seen.

Many ways to skin said cat i admit.

Re: Redistribute from VRF to Global

Hmmm in the context of the thread, let look at it like this.

1) IPV4 migration to MPLS, traditionally you have customers termiating on your border routers, now you are migrating the border routers to MPLS PE. ...the border routers are gone no more....

2) Internet is given default or full/partial only through

a) VRF or

b) Global BGP free core method using a transparent LSP.

Thats it, no more no less to it. Hope I am able to explain it.

HTH-Cheers,

Swaroop

1888
Views
29
Helpful
21
Replies