Jump to content


3

A4 VRF Default route leaking


22 replies to this topic

#1 heavens

heavens

    Advanced Member

  • Members
  • PipPipPip
  • 118 posts
  • 43 thanks

Posted 21 April 2017 - 07:04 AM

Does anyone have exact configuration to leak default route from LOCALSP VRF on R16,R17,R18 & R19 to Global routing table? I am trying to run 'export ipv4' command under VRF but these routers are not letting me to configure this command.

#2 ccieaspire007

ccieaspire007

    Advanced Member

  • Members
  • PipPipPip
  • 156 posts
  • 45 thanks

Posted 21 April 2017 - 08:35 AM

I have 15.2 on my IOU but that doesn't seem to support the export ipv4 option. So i tried it on GNS3 and it works fine. Is there any other way to leak apart from using export ipv4 CLI?

#3 kkkn

kkkn

    Member

  • Members
  • PipPip
  • 23 posts
  • 9 thanks

Posted 21 April 2017 - 10:00 AM

I think this one is for A4 version with VRF. So, I am just curious about the requirement.
The version that I know of has following wording
For "VRF version LAB" only (A4):
  • R16,R17,R18,R19 have pre-configured vrf LOCALSP
  • R16,R17,R18,R19 must establish an EBGP peering with AS 20003 in vrf LOCALSP
  • These must receive only default route and not other prefixes from AS 20003
and available solution does it without leaking the routes from one VRF.
I am just asking whether there is any other requirement beside above for the A4 variant.  

Regards,

Edited by kkkn, 21 April 2017 - 10:01 AM.


#4 heavens

heavens

    Advanced Member

  • Members
  • PipPipPip
  • 118 posts
  • 43 thanks

Posted 21 April 2017 - 12:49 PM

Mostly they only ask for above requirements but I have seen somewhere where they asked to receive the default route from BGP as well and then prefer EIGRP default route. Once you can see default route in Global table then you can just use 'backdoor' command to prefer EIGRP route but I am struggling to leak default route from VRFs into Global routing table.

#5 heavens

heavens

    Advanced Member

  • Members
  • PipPipPip
  • 118 posts
  • 43 thanks

Posted 21 April 2017 - 12:50 PM

ccieaspire007 do you have the exact configuration to leak route from VRF into Global routing table when you tried on GNS3 ?

#6 ccieaspire007

ccieaspire007

    Advanced Member

  • Members
  • PipPipPip
  • 156 posts
  • 45 thanks

Posted 21 April 2017 - 01:44 PM

R1========R2=======R3 (33.33.33.33/32)

R2 has VRF towards R3.

R2#show run vrf
Building configuration...

Current configuration : 341 bytes
ip vrf LOCALSP
rd 2:2
export ipv4 unicast map MATCH_33
route-target export 2:2

*snip*

R2#show run | sec route-map MATCH_33
route-map MATCH_33 permit 10
match ip address prefix-list MATCH_33

R2#show ip prefix-list MATCH_33
ip prefix-list MATCH_33: 1 entries
   seq 5 permit 33.33.33.33/32


R2#show ip route vrf LOCALSP

Routing Table: LOCALSP
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2
   i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
   ia - IS-IS inter area, * - candidate default, U - per-user static route
   o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
   a - application route
   + - replicated route, % - next hop override

Gateway of last resort is not set

  10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C     10.1.23.0/24 is directly connected, GigabitEthernet1/0
L     10.1.23.2/32 is directly connected, GigabitEthernet1/0
  33.0.0.0/32 is subnetted, 1 subnets
B     33.33.33.33 [20/0] via 10.1.23.3, 02:47:55


R2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2
   i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
   ia - IS-IS inter area, * - candidate default, U - per-user static route
   o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
   a - application route
   + - replicated route, % - next hop override

Gateway of last resort is not set

  33.0.0.0/32 is subnetted, 1 subnets
B     33.33.33.33 [20/0] via 10.1.23.3 (LOCALSP), 02:46:58

#7 ccieaspire007

ccieaspire007

    Advanced Member

  • Members
  • PipPipPip
  • 156 posts
  • 45 thanks

Posted 21 April 2017 - 01:45 PM

View Postheavens, on 21 April 2017 - 12:49 PM, said:

Mostly they only ask for above requirements but I have seen somewhere where they asked to receive the default route from BGP as well and then prefer EIGRP default route. Once you can see default route in Global table then you can just use 'backdoor' command to prefer EIGRP route but I am struggling to leak default route from VRFs into Global routing table.

Isn't there another variation where they ask you NOT to use backdoor? What was the solution for that, any idea?

#8 ccanz

ccanz

    Member

  • Members
  • PipPip
  • 28 posts
  • 13 thanks

Posted 21 April 2017 - 04:25 PM

You might need to change the admin distance for bgp if you cannot use backdoor command

#9 heavens

heavens

    Advanced Member

  • Members
  • PipPipPip
  • 118 posts
  • 43 thanks

Posted 22 April 2017 - 05:07 AM

you have to use distance command but for that to take affect you have to shut and no-shut the physical interface leading to the ISP router.

Also in non-VRF version even if you use backdoor command for 0.0.0.0 but 1.2.3.4 will still be learned from ISP router so how do you resolve that issue ?

#10 ccieaspire007

ccieaspire007

    Advanced Member

  • Members
  • PipPipPip
  • 156 posts
  • 45 thanks

Posted 22 April 2017 - 05:47 AM

View Postheavens, on 22 April 2017 - 05:07 AM, said:

you have to use distance command but for that to take affect you have to shut and no-shut the physical interface leading to the ISP router.

Also in non-VRF version even if you use backdoor command for 0.0.0.0 but 1.2.3.4 will still be learned from ISP router so how do you resolve that issue ?

You need to allow only 0.0.0.0 to be learned via ISP. I use a prefix-list inbound allowing 0.0.0.0/0 only. Most likely, this will be specified in the question as well if its non-VRF version.

#11 heavens

heavens

    Advanced Member

  • Members
  • PipPipPip
  • 118 posts
  • 43 thanks

Posted 22 April 2017 - 05:56 AM

You are right but if there is a trace route from R18 and R19 then that trace route might not match because by default path will be through ISP and not through R15 and what I have seen is the backdoor command doesn't work in this case.

#12 heavens

heavens

    Advanced Member

  • Members
  • PipPipPip
  • 118 posts
  • 43 thanks

Posted 22 April 2017 - 06:08 AM

The issue with 1.2.3.4 is that, it is only being learnt through ISP and not through R15 so if there is any trace route to 1.2.3.4 to match in the exam from R16,R17,R18 or R19 (in non-VRF) then it will always take ISP path and it will never use default route through R15. Also you cannot counter this by using distance or backdoor command because you are only learning this route from ISP so as long as this route is in the BGP table it will get installed in routing table.

#13 ccieaspire007

ccieaspire007

    Advanced Member

  • Members
  • PipPipPip
  • 156 posts
  • 45 thanks

Posted 22 April 2017 - 06:14 AM

View Postheavens, on 22 April 2017 - 05:56 AM, said:

You are right but if there is a trace route from R18 and R19 then that trace route might not match because by default path will be through ISP and not through R15 and what I have seen is the backdoor command doesn't work in this case.

You need to block 1.2.3.4 from being learned on R18/R19 as well. In that case, shouldn't it just follow the default route to R15 and get out from there? I'll have to lab it up again and verify. Will get back to you in some time.

#14 heavens

heavens

    Advanced Member

  • Members
  • PipPipPip
  • 118 posts
  • 43 thanks

Posted 22 April 2017 - 06:24 AM

Task says you have to learn all the prefixes:

For "NO VRF version LAB" only (A1, A2, A3):
  • R16,R17,R18,R19 must establish an EBGP peering with AS 20003
  • These must receive default route and other prefixes from AS 20003

Edited by heavens, 22 April 2017 - 06:25 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Organization

Community

Downloads

Test Providers

Site Info


Go to top