Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Route Leaking Issue

Hi All,

Still cutting my teeth with MPLS, and i am labbing up some stuff, and i've come accross an issue (or not)

This maybe by design, i'm not sure.

I've got a basic P core running OSPF and MPLS. Easy so far.

I've got 2 PEs, one on each side (still with me )

Attached to each PE I have a CE, and a Loopback.

On each side the CE is in one VRF and the Loopback is in another.

All straighforward so far. Routing is work I am using RIP for the CEs and Redisribute connected for the L-Backs.

MPBGP is working fine and the routes are being carried accross the core.

I now want to step it up and bit a try out some route leaking. I have imported routes from the CE VRF to the LBack VRF easily

on one PE. and vice versa.

However, the next step is where i get confused. When i import routes to a VRF i would expect to see them

propagated accross the MPLS core to the same VRF on the other side of the VPN.

Not sure if it should work like this.

Any Opinions??

Thank all

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
8 REPLIES

Re: Route Leaking Issue

Hi Stephen,

As per your senario you wnat to import the route from one vrf to other vrf  , So to achive that you can configure route-target for same.

Below is the senario :

CE 1_A--------------                                                         ------------------- CE1_B

                           PE 1 ---------------- P ---------------- PE 2

CE 2_A--------------                                                         ------------------- CE 2_B

In above senario

1] CE1_A & CE 1_B are in CUST_A vrf .

2] CE2_A & CE 2_B are in CUST_B vrf .

Now If you want that in CE 1 _A  that is in vrf CUST_A should communicate with only CE2_A that is in vrf CUST_B you ca have different RT , Below is the example for above senario.

PE1 -

ip vrf CUST_A
rd 65000:100
route-target export 65:100
route-target import 65:100

route-target import 65: 20

route-target export 65: 10

ip vrf CUST_B
rd 65000:200
route-target export 65:100
route-target import 65:100

route-target import 65: 10

route-target export 65: 20

Here in above config you can see that in CUST_A vrf we had export the RT 65: 10 & that RT is imported by CUST_B vrf & in CUST_B vrf you had exported  65:20 RT & that RT is imported by CUST_A vrf.

So in now you can see that in CE 1_A & CE 2_A will see each other route in there routing table . This is know as extramet in MPLS.

Regards

Chetan Kumar

http://chetanress.blogspot.com

Hall of Fame Super Silver

Re: Route Leaking Issue

Hello Stephen,

routes imported from MP BGP vpnv4 address family are not re-advertised, this is wanted and allows to build partial extranets where only some VRF sites of VPN A are visible on some VRF sites of VPN B.

Re-advertising would mean adding a route-target of VPN A to a route imported from VPN B.

So if you want to see routes of VPN B on multiple VRF sites of VPN A you need to add route-target import commands in each VRF.

Hope to help

Giuseppe

Re: Route Leaking Issue

Thast great guys,

I really appreciate the responses.

I have tried the config and the same thing happens. The routes do not get re-advertised access the VPNv4 paths.

So, how can i scale MPLS easily. If I want to import routes in one location, from one VRF to another (say a central services,

or management VRF) how does this work. I think i understand the extranet concept now.

Does this mean i have to import the central services VRF at every customer VRF location/Router.

Thanks again

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

Re: Route Leaking Issue

Hi Stephan

MPLS VPN can configure with various flavor. Below are few on them.

  1] Central VPN

  2] Extranet VPN

This two flavor you can use .

1] Central VPN is like HUB & SPOKE . Here you have to user different RD in every location.

For Example : HUB will import all spoke RD & Export his own RD.

                     Spoke will import only HUB RD & export his own RD.

2] Extranet VPN  : If you want that only particular VPN Site A should communicate will other VPN site B but not with other VPN site that are in same domain . you can call as partial mesh.

For example : Two VRF is configured & Each VRF is having 10 sites. If you want that one site in vrf A should communicate with one site of vrf B but not all other site . Then you can configure extranet to achieve the requirement. ( The configuration was posted in same thread for extranet )

Regards

Chetan Kumar

http://chetanress.blogspot.com

Re: Route Leaking Issue

Great Chetan,

That really helps. I now understand the extranet concept.

But in Central VPN, is it the case that the Customer VRFs only have to be imported at the Central VPN Site.

And if you imported for the Central VPN, does the imported routes propagate accross the VPNv4 BGP.


Basically, i want to know when,where and how imported routes propagate, or not.

Thanks again for your input.

Regards


Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

Re: Route Leaking Issue

Hi Stephan

When ?

Use import when you want that VRF route in your VRF.

Where ?

When you wnat multiple VRF shoul communicate ( Complex VPN , HUB & SPOKE , Partial Mesh , Extranet )

How import route propogate ?

All VPNv4 route propogate via bgp vpnv4 update. Here BGP import scanner work ( Scan for ecery 15 Sec ). this scanner work only for AF's.

You can change timers ( bgp scan-time import <5-60 ).

And when Peer I-BGP advertise that VPNv4 route then scanner will detect that route and will install to VRF.using import policies.

But in Central VPN, is it the case that the Customer VRFs only have to be imported at the Central VPN Site ?

Yes in Central VPN you should import only Customer VRF. In this case you will se that in Customer VRF where you have imported only Central VRF route , So it will communicate will only Central location . Means HUB & SPOKE.

Regards

Chetan Kumar

http://chetanress.blogspot.com

Message was edited by: Chetan Kumar Ress

Hall of Fame Super Silver

Re: Route Leaking Issue

Hello Stephen,

>> Does this mean i have to import the central services VRF at every customer VRF location/Router.

yes you need a config line like

route-target import 10000:101

in each VRF configuration: it is not so cumbersome!

routes learned from VPNv4  address-family are not re-advertised in VPNv4 address familty this is a loop avoidance feature: if routes are learned via VPNv4 this means they are originated by a different PE node not by local node so these routes are not re-advertised back.

the BGP attribute extended community route-target is used to decide if a vpnv4 route should be imported in a VRF table or not.

Multiple route targets can be associated to a VPNv4 route like it happens for standard BGP communities

By using route-maps with export-map command you can even modify the set of route targets associated to some routes of a VRF site (a so called partial extranet).

That is you can export only some routes of a VRF site towards sites.

But this is a complex configuration.

Hope to help

Giuseppe

Re: Route Leaking Issue

Thats great guys.

It all makes sense to me now. I'm glad you could clear this up for me.

And thanks for the lengthy answers 

Regards

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
817
Views
10
Helpful
8
Replies