Solved: Redistribute MPLS/eBGP to EIGRP- Two companies Migration

blach1980 · ‎01-28-2012

I have a question about two companies migration Iusse, Attached scenario should give most of the information.

Company A got two router R1 and R2 running EIGRP100 with the service providers 1
Company B got R3 Running MPLS BGP with same service provider 1
Company A is migrating with Company B

After migration Company A and B should be takling internally

With the Below Configuration, I can reach from company A to B, but Not from Company B router to Company A Not sure what I am missing in my configs Or is there a better way to migrate two copmanies with out creating new EIGRP AS?

Company A Router 1

router eigrp 100 <----To ISP 1
redistribute connected
no auto-summary
eigrp router-id 10.10.10.1
network 10.0.0.0
network 172.17.10.0 0.0.0.3
!
!
router eigrp 200 <---- to Company B
redistribute connected
no auto-summary
eigrp router-id 192.168.200.5
network 172.16.10.0 0.0.0.3

Company A-R1#ping 192.168.200.1- This is in VRF on Router CompanyB

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.200.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Company B Router configuration

How can I redistribute the routes learned [through redistribute connected/static] into EIGRP 200

router eigrp 200( built new EIGRP 200 to get routes from Company A and keep them seperate)
redistribute connected

redistribute bgp 200 metric 10000 2000 255 1 1500

network 172.16.10.0 0.0.0.3
no auto-summary
eigrp router-id 192.168.200.1
!
router bgp 200 <-----eBGP to ISP 1
bgp router-id 172.15.10.1
bgp log-neighbor-changes
!
address-family ipv4
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf test1
redistribute connected
redistribute eigrp 200
neighbor 172.15.10.2 remote-as 54321
neighbor 172.15.10.2 update-source Vlan555
neighbor 172.15.10.2 activate
neighbor 172.15.10.2 soft-reconfiguration inbound
no synchronization
network 10.50.60.0 mask 255.255.255.192
network 172.15.10.0 mask 255.255.255.252
network 192.168.200.0 mask 255.255.255.252
exit-address-family

company B#ping 192.168.200.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.200.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R4#ping 192.168.200.1

Can someone guide me what I am doing wrong?

Vaibhava Varma · ‎01-28-2012

Hi Blach

If I understand your requirement correctly you want to advertise the VRF-Specific Subnet 192.168.200.0/32 which is present in a VRF on Company B to be available to both the eBGP peering to ISP-1 and to the Company-A-R1. If I understand it correctly then we can make the peering to Company-A-R1 on Compnay B also VRF Specific and create VRF Specific EIGRP Process on Company B Router

Something like this below on Company B router

router eigrp 200

no auto-summary

!

address-family ipv4 vrf "VRF_Name"

redistribute connected

redistribute bgp 200 metric 10000 2000 255 1 1500

network 172.16.10.0 0.0.0.3
no auto-summary
eigrp router-id 192.168.200.1

exit-address-family

Regards

Varma

View solution in original post

Vaibhava Varma · ‎01-28-2012

Hi Blach

If we configure the L3-Link on Company B facing Company-A-R1 into VRF and also accordingly add the EIGRP 200 into VRF on Company B, on the Company-A-R1 we need not do any VRF specific configuration and everything can remain in global routing table. Not sure if there are some security policies which makes it mandatory to do same VRF specific config at Company-A-R1 also. But feasibility wise only doing configuration on Comapny B will be fine.

Taking the scenario into consideration where we have to send the VRF specific routes of Company B into the Global ROuting Table peering with Company A-R1, the only complex option would be use the route-leaking concept of Internet Access in a VRF using Global Route-Leaking which relies on applying a Static Deafult VRF route under the VRF context point to a Global IP Next-Hop with keyword global and also to create Global Routing Table Specific reverse static routes for the VRF Subnets pointing to the VRF Interface.This concept will not work for leaking directly connected VRF routes into Global Routing Table. So all in all it would be something like as below:

E.G)

On Company B

ip route vrf test1 0.0.0.0 0.0.0.0 172.16.10.1 global

ip route x.x.x.x y.y.y.y "Interface"

!

router eigrp 200

redistribute static

I would personally suggest to you option 1 of creating VRF specific EIGRP config.

Regards

Varma

View solution in original post

Reza Sharifi · ‎01-28-2012

On router-B, is 192.168.200.1 in a vrf? What happens if you take the interface out of the vrf? can you ping it than?

On router-B is the interface that connects to router-A also in the same vrf?

can you post full config from both routers?

Vaibhava Varma · ‎01-28-2012

Hi Blach

As Reza has asked above for clarification regarding VRFs and from your comments above it seems you have Global Peering between Comapny B and Company-A-R1 but we are trying to ping VRF routes of Company B from Comapny A which will not work..The EIGRP 200 configs on Company-B and Company-A-R1 are global routing table specific

Also your BGP config on Company B router confirms that Subnet 192.168.200.0/30 is in VRF

address-family ipv4 vrf test1

network 192.168.200.0 mask 255.255.255.252--VRF Specific Advertisement

Company A-R1#ping 192.168.200.1- This is in VRF on Router CompanyB

company B#ping 192.168.200.5--From Company B we can ping global IP of Company-A-R1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.200.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R4#ping 192.168.200.1

Regards

Varma

blach1980 · ‎01-28-2012

Hi Varma,

I understand that the EIGRP 200 between the companies should talk using the global outing tables[EIGRP], my question is How can we make the subnets available both in BGP table and EIGRP table? How can we make the directly/static connected routes avilable to both routing table?

Vaibhava Varma · ‎01-28-2012

Hi Blach

If I understand your requirement correctly you want to advertise the VRF-Specific Subnet 192.168.200.0/32 which is present in a VRF on Company B to be available to both the eBGP peering to ISP-1 and to the Company-A-R1. If I understand it correctly then we can make the peering to Company-A-R1 on Compnay B also VRF Specific and create VRF Specific EIGRP Process on Company B Router

Something like this below on Company B router

router eigrp 200

no auto-summary

!

address-family ipv4 vrf "VRF_Name"

redistribute connected

redistribute bgp 200 metric 10000 2000 255 1 1500

network 172.16.10.0 0.0.0.3
no auto-summary
eigrp router-id 192.168.200.1

exit-address-family

Regards

Varma

blach1980 · ‎01-28-2012

Thanks for your response Varma, You perfecly understood the scenario, Based on your advise if I make Company B EIGRP 200 into VRF node, I have to make Company A R1 also into VRF node, which I cannot make it!! Do we have any other way of redistributing the routing in to both EIGRP[Gloabal] and BGP tables?[VRF]

Vaibhava Varma · ‎01-28-2012

Hi Blach

If we configure the L3-Link on Company B facing Company-A-R1 into VRF and also accordingly add the EIGRP 200 into VRF on Company B, on the Company-A-R1 we need not do any VRF specific configuration and everything can remain in global routing table. Not sure if there are some security policies which makes it mandatory to do same VRF specific config at Company-A-R1 also. But feasibility wise only doing configuration on Comapny B will be fine.

Taking the scenario into consideration where we have to send the VRF specific routes of Company B into the Global ROuting Table peering with Company A-R1, the only complex option would be use the route-leaking concept of Internet Access in a VRF using Global Route-Leaking which relies on applying a Static Deafult VRF route under the VRF context point to a Global IP Next-Hop with keyword global and also to create Global Routing Table Specific reverse static routes for the VRF Subnets pointing to the VRF Interface.This concept will not work for leaking directly connected VRF routes into Global Routing Table. So all in all it would be something like as below:

E.G)

On Company B

ip route vrf test1 0.0.0.0 0.0.0.0 172.16.10.1 global

ip route x.x.x.x y.y.y.y "Interface"

!

router eigrp 200

redistribute static

I would personally suggest to you option 1 of creating VRF specific EIGRP config.

Regards

Varma

blach1980 · ‎01-28-2012

Thanks for the response, I will try both the options and see how it goes, appreciate your response.

Reza Sharifi · ‎01-28-2012

I am not sure, what you are trying to accomplish with vrf here. You have an interface in global on one router (router a)and an interface in vrf on the router router (router b). On router b you are trying to reach the global routing table. Why can't peer both routers using global routing table. vrf is usually used for path isolation. If you have one physical network with multiple customers on it, it would make sense to provide path isolation for each customer, so they don't see each others' route table. In your case, you the 2 companies that have merged to be one, and unless I am missing something, I don't see end-to-end path isolation.

HTH

blach1980 · ‎01-29-2012

Thank for the Reply, I have 60+ customers on Router B seperating ther traffic using VRF[as you mentioned for isolation]. I just gave a Loopback as an example.Sorry I should have provided this info earlier.And I have to make only 30 of the customers traffic available to Company A and viceversa.

blach1980 · ‎01-28-2012

I can Ping the interface, if its not part of VRF

blach1980 · ‎01-28-2012

Here is the configuration on both routers

Company A router R1

interface Loopback1
ip address 10.10.10.1 255.255.255.255
!
interface Loopback2
ip address 192.168.200.5 255.255.255.255
!
interface GigabitEthernet1/0/1
switchport trunk allowed vlan 666
!

interface GigabitEthernet1/0/14
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200,300,777,888
switchport mode trunk

interface Vlan100
ip address 192.168.10.2 255.255.255.192
standby ip 192.168.10.1
!
interface Vlan200
ip address 192.168.10.66 255.255.255.192
standby ip 192.168.10.65
!
interface Vlan300
ip address 192.168.10.130 255.255.255.192
standby ip 192.168.10.129
!
interface Vlan666
ip address 172.16.10.1 255.255.255.252
!
interface Vlan777
ip address 172.17.10.1 255.255.255.252
!
!
router eigrp 100
redistribute connected
no auto-summary
eigrp router-id 10.10.10.1
network 10.0.0.0
network 172.17.10.0 0.0.0.3
!
!
router eigrp 200
redistribute connected
no auto-summary
eigrp router-id 192.168.200.5
network 172.16.10.0 0.0.0.3
!

Company B R1

ip vrf test1
rd 200:555
route-target export 200:555
route-target import 200:555
route-target import 250:555

interface Loopback1
ip address 10.10.10.4 255.255.255.255
!
interface Loopback2
ip vrf forwarding test1
ip address 192.168.200.1 255.255.255.255
!
interface Loopback100
ip address 130.150.121.1 255.255.255.255
!

interface Vlan555
ip vrf forwarding test1
ip address 172.15.10.1 255.255.255.252
!
interface Vlan600
ip vrf forwarding test1
ip address 10.50.60.129 255.255.255.192
shutdown
!
interface Vlan666
ip address 172.16.10.2 255.255.255.252

router eigrp 200
redistribute connected
no redistribute eigrp 200
network 172.16.10.0 0.0.0.3
no auto-summary
eigrp router-id 192.168.200.1
!
router bgp 200
bgp router-id 172.15.10.1
bgp log-neighbor-changes
!
address-family ipv4
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf test1
redistribute connected
redistribute eigrp
redistribute eigrp
neighbor 172.15.10.2 remote-as 250

neighbor 172.15.10.2 update-source Vlan555
neighbor 172.15.10.2 activate
neighbor 172.15.10.2 soft-reconfiguration inbound
no synchronization
network 10.50.60.0 mask 255.255.255.192
network 172.15.10.0 mask 255.255.255.252
network 192.168.200.0 mask 255.255.255.252
exit-address-family
!

I can reach company B from A if the interface is not in VRF!!

Kishore Chennupati · ‎01-28-2012

Blach,

So, your requirement is that 192.168.200.1 should be available both in the VRF and also the GRT(global routing table) on Router B. Right?

If your only concern is that then use something called vrf select. below is how your config would look like.So instead of using ip vrf forwarding we use the below commands. However, you have to check if your platform supports the following commands.

Router B

interface loopback2

ip address 192.168.200.1 255.255.255.255

ip vrf select source

ip vrf receive test1

Now, if you do a

sh ip route 192.168.200.1 and

sh ip route vrf test1 192.168.200.1

you should the see the prefix in both the RIB's. and then you should be able to ping from Router A to Router B. I have labbed it for you as below

R3#sh ip route vrf test1 | i 192.168.200

C 192.168.200.0/24 is directly connected, Loopback2

R3#sh ip route | i 192.168.200

C 192.168.200.0/24 is directly connected, Loopback2

R3#

Let me know how you go.

Edit: you might encounter the below while creating a ip vrf select as some platforms might not have it. I am showing it below on a 7206 series

R3(config-if)#ip vrf ?

forwarding Configure forwarding table

receive Add Interface Address into VRF Table

sitemap Configure route-map for routes received from this site

As you can see there is no optino for select

If your platform only allows ip vrf receive and not ip vrf select then just create a dummy policy-map like the below and it should work. I have labbed it and pasting it for you here.

route-map DUMMY

set vrf test1

!

int loopback 2

ip policy route-map DUMMMY

ip vrf receive test1

R3(config)#route-map DUMMY

R3(config-route-map)#set vrf test1

R3(config-route-map)#int loopback 2

R3(config-if)#ip policy route-map DUMMMY

R3(config-if)#ip vrf receive test1

R3(config-if)#

*Jan 29 11:32:07.355: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback2, changed state to up

R3#sh ip route vrf test1 | i 192.168.200

C 192.168.200.0/24 is directly connected, Loopback2

R3#sh ip route | i 192.168.200

C 192.168.200.0/24 is directly connected, Loopback2

R3#

Message was edited by: Kishore Chennupati

blach1980 · ‎01-29-2012

Hello Kishore,

Thank for the Reply, I have 60+ customers on Router B seperating ther traffic using VRF.I just gave a Loopback as an example.Sorry I should have provided this info earlier and I have to make only 30 of the customers traffic available to Company A and viceversa.

Kishore Chennupati · ‎02-04-2012

varma gave you correct answer. Below is what you need to configure on Company B R1 router.

router eigrp 200

no auto-summary

!

address-family ipv4 vrf "VRF_Name"

redistribute connected

redistribute bgp 200 metric 10000 2000 255 1 1500

network 172.16.10.0 0.0.0.3
no auto-summary
eigrp router-id 192.168.200.1

exit-address-family

Let me explain it to you. Your company B R1 router is acting like a PE. and this case the Compan A R1 acts like a CE and they peer using the eigrp 200 AS.

So you dont need to create any VRF's etc on company A R1. Just put the above config and it should work.

So, when you ping from the company B R1 to the company A R1 just use the ping vrf VRF_Name" command.

The way around you dont need to use the vrf

HTH

Kishore

Rate if helps