Problem leaking route from VRF to global table on CSR 1000V
So I have a problem with VRF's on a CSR 1000V, specifically exporting a connected subnet from a VRF into the global routing table.
My config, very abbreviated, is as follows:
Router: GE1: 10.0.0.1/31 VRF TEST GE2: 172.30.20.1/24 (No VRF, BGP neighbor to 172.30.20.2, receiving 0.0.0.0/0 (default route))
Now sh ip route displays: 0.0.0.0/0 (BGP) 172.30.20.1/24 (Connected)
sh ip route vrf TEST displays: 0.0.0.0/0 (BGP) 10.0.0.1/31 connected
My VRF config is as follows:
ip vrf TEST rd 1:1 import ipv4 unicast map GLOBAL export ipv4 unicast map CONNECTED-SUBNET ! ip prefix-list CONNECTED seq 1 permit 10.0.0.1/31 ip prefix-list DEFAULT seq 1 permit 0.0.0.0/0 ! route-map CONNECTED-SUBNET permit 10 match ip address prefix-list CONNECTED route-map GLOBAL permit 10 match ip address prefix-list DEFAULT
Now my import command works perfectly (0.0.0.0/0 is imported from BGP into the VRF's routing table), however my export command does not function - seemingly at all.
Even though my prefix list is an exact match, I do not see 10.0.0.1/31 appearing in the global routing table, or the BGP table at all (show ip bgp 10.0.0.1 shows only the 0.0.0.0/0 default route)
Any thoughts on what is going on here? Am I misunderstanding the export command for VRF's? I was under the impression this will export directly to the BGP table, and then be imported to the global routing table if applicable?
"GE1: 10.0.0.1/31 VRF TEST GE2: 172.30.20.1/24 (No VRF, BGP neighbor to 172.30.20.2, receiving 0.0.0.0/0 (default route))"
I must have misunderstood somewhere I was assuming you had no vrf bgp between GE1-2 , and just vrf on subnet 10.0.0.0/x which needed to be advertised in the global routing table hence my last post suggested you redistribute into bgp,
So assuming you are accepting a default route from GE2 it went like this
GE1 int fa0/1 ip vrf forwading TEST ip addresses 10.0.0.1 255.255.255.255
int xx ip address 172.30.20.1 255.255.255.0
router bgp xy neighbour 172.30.20.2 remote-as yx redistribute static ( to advertised the vrf subnet to GE2)
ip route 10.0.0.1 255.255.255.255 fa0/1 ( this is tell the global rib where to go for the vrf route)
ip prefix-list VRF permit 0.0.0.0/0 route-map VRF_rm match ip address prefix VRF ( match on the default route advertised from GE2 which is in the global rib)
ip vrf TEST import-map ipv4 vrf VRF-rm ( import the default from global rib into the vrf rib)
Please don't forget to rate any posts that have been helpful.
Thanks for the reply. You would be right in thinking I did not have VRF BGP, and your solution would work however I do not want to use static routes to achieve it as I need dynamic updating.
Where I fell over, is that I didn't realise I had to use VRF BGP to leak routes into the global table with the 'export ipv4 unicast map' command (I thought the export would directly export from the VRF routing table to the global BGP table - Rather, it appears to export from the VRF BGP table to the global BGP table, so if I did not have VRF BGP set up it does nothing at all.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...