Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Help with exporting one route into another vrf

All,

I have a situation that I'm needing help with. I have a two vrf's (CustA and CustB). I'm importing each others routes into it's own vrf (CustA into CustB's table, etc.).

I don't want CustB to have all of CustA's routes and vice versa. I created a route-map and tried creating an export map under CustB's vrf, and it works, but it keeps CustA from getting all of its routes.

What I have is below:

ip vrf CUSTA

rd 200:100

import map PERMIT30

route-target both 200:100

route-target import 300:100

ip vrf CUSTB

rd 300:100

route-target both 300:100

route-target import 200:100

access-list 100 permit ip 30.30.30.0 0.0.0.255 any

route-map PERMIT30 5

match ip address 100

If I leave the above alone, my routing table on CUSTA only contains its connected and the 30.30.30.0 subnet. If I add a catch-all permit clause in the policy-map, CUSTA gets all routes from CUSTB which is what I don't want.

Thanks!

John

HTH, John *** Please rate all useful posts ***
2 REPLIES
New Member

Re: Help with exporting one route into another vrf

You probably want to read up on some of the other options for the "match" statement. Access-lists are a blunt instrument best used for safeguards. There are plenty of other criteria to match on, but you'll want to get into the router and see which match criteria pop up in the online help and will apply to a "VRF import route-map" , because support for each kind for various different usages can vary by platform and software chain, and route-maps are notorious for not telling you which criteria are supported for your intentions until you actually have them all built and try to apply them :-)

Cisco Employee

Re: Help with exporting one route into another vrf

Hi John,

Usually, you use filtering based on route-target:

You create an export-map for each VRF which will add a specific route-target to match which routes should be exchange between VRF A and B. The routes which don't match the export will just have the VRF local route-target set with the route-target export command:

p vrf CUSTA

rd 200:100

export map To-CUSTB

route-target import 200:100

route-target import 300:101

ip vrf CUSTB

rd 300:100

export map To-CUSTA

route-target import 300:100

route-target import 200:101

!

route-map To-CUSTB 5

match ip address 100

set extcommunity rt 200:100 200:101

!

route-map To-CUSTB 100

set extcommunity rt 200:100

!

route-map To-CUSTA 5

match ip address 101

set extcommunity rt 300:100 300:101

!

route-map To-CUSTA 100

set extcommunity rt 300:100

!

Inside the route-map, you can match on other criteria like BGP community for example

With import-map, in your case you need to use a deny statement to match which prefixes you don't want. The we are sure the permit all at the end will match all the routes you want.

In any case try to base your macth criteria on community as it's more flexible and scalable.

HTH

Laurent.

155
Views
0
Helpful
2
Replies