Why are you trying to do this?
Do you have other interfaces in each VRF? Are there customers who
only need to see their own prefixes and not the other? Why cant you
talk to Mr AS{2|3} and just tell them your ASN is X?
Cheers,
Matt
CCIE #22386
CCSI #31207
On 25 November 2011 15:56, Amir Khalili <[email protected]> wrote:
> Thanks for your responses - however this is what I am trying to acheive:
>
> using a single router - single BGP process - peering the vrfs using in vrf
> bgp router id feature. This is possible when you use ibgp
>
> however, in some cases, you will need to use ebgp -
>
> ip vrf red
> rd 1:1
>
> ip vrf blue
> rd 1:2
>
> int l1
> ip vrf forw red
> ip address 1.1.1.1 255.255.255.255
>
> int l2
> ip vrf forw blue
> ip address 2.2.2.2 255.255.255.255
>
> router bgp 1.
>
> address-f ipv4 vrf red
> bgp router-id 1.1.1.1
> neib 2.2.2.2 remote-as 2
>
> address-f ipv4 vrf blue
> bgp router-id 2.2.2.2
> neib 1.1.1.1 remote-as 3
>
> in the above you will need to fake the as and send it to the peer!! is it
> possible in cisco?
>
> Cheers
> Amir
>
>
>
>
>
>
> On Thu, Nov 24, 2011 at 4:57 PM, Matthew Mengel
> <[email protected]>wrote:
>
>> Assuming that the attached image is what you are trying to do, sure.
>>
>> R1:
>>
>> ip vrf BLUE
>> rd 1:1
>> !
>> ip vrf RED
>> rd 101:1
>> !
>> !
>> interface Loopback0
>> ip address 1.1.1.1 255.255.255.0
>> !
>> interface FastEthernet0/0
>> ip vrf forwarding BLUE
>> ip address 10.2.2.1 255.255.255.0
>> !
>> interface FastEthernet0/1
>> ip vrf forwarding RED
>> ip address 10.3.3.1 255.255.255.0
>> !
>> !
>> router bgp 1
>> no bgp default ipv4-unicast
>> bgp log-neighbor-changes
>> !
>> address-family ipv4 vrf RED
>> neighbor 10.3.3.3 remote-as 3
>> neighbor 10.3.3.3 local-as 101
>> neighbor 10.3.3.3 activate
>> no synchronization
>> exit-address-family
>> !
>> address-family ipv4 vrf BLUE
>> neighbor 10.2.2.2 remote-as 2
>> neighbor 10.2.2.2 activate
>> no synchronization
>> exit-address-family
>> !
>>
>> R2:
>>
>> !
>> interface Loopback0
>> ip address 2.2.2.2 255.255.255.255
>> !
>> interface FastEthernet0/0
>> ip address 10.2.2.2 255.255.255.0
>>
>> !
>> router bgp 2
>> no synchronization
>> bgp log-neighbor-changes
>> network 2.2.2.2 mask 255.255.255.255
>> neighbor 10.2.2.1 remote-as 1
>> no auto-summary
>> !
>>
>>
>> R3:
>>
>> !
>> interface Loopback0
>> ip address 3.3.3.3 255.255.255.255
>> !
>> interface FastEthernet0/1
>> ip address 10.3.3.3 255.255.255.0
>> !
>> router bgp 3
>> no synchronization
>> bgp log-neighbor-changes
>> network 3.3.3.3 mask 255.255.255.255
>> neighbor 10.3.3.1 remote-as 101
>> no auto-summary
>> !
>>
>> You see the routes in the VRFs and in the VPV4 address-family:
>>
>> R1#sho ip bgp vpnv4 all
>> BGP table version is 5, local router ID is 1.1.1.1
>> Status codes: s suppressed, d damped, h history, * valid, > best, i -
>> internal,
>> r RIB-failure, S Stale
>> Origin codes: i - IGP, e - EGP, ? - incomplete
>>
>> Network Next Hop Metric LocPrf Weight Path
>> Route Distinguisher: 1:1 (default for vrf BLUE)
>> *> 2.2.2.2/32 10.2.2.2 0 0 2 i
>> Route Distinguisher: 101:1 (default for vrf RED)
>> *> 3.3.3.3/32 10.3.3.3 0 0 101 3 i
>>
>>
>> Note that the route in the RED VRF includes the AS for the local-as in the
>> path.
>>
>> Matthew
>>
>>
>>
>>
>>
>>
>> On Fri, Nov 25, 2011 at 10:08 AM, Amir Khalili <[email protected]>wrote:
>>
>>> Thanks guys. I am using address family under the same process.
>>> Trying to peer using a diff AS number. Kind of eBGP approach. Would
>>> local AS serve the purpose?
>>>
>>> On 11/24/11, Matthew Mengel <[email protected]> wrote:
>>> > Not sure if the firewall or the VRF are really important (just as to
>>> > whether you are needing to use address-family or not).
>>> >
>>> > Also, not exactly sure what you mean by "fake" an AS. However, if what
>>> you
>>> > mean is that you have a situation where RouterB is expecting to peer
>>> with
>>> > AS 5, but you are running AS 1:
>>> >
>>> > RouterB#sho run | sec bgp
>>> > router bgp 2
>>> > no synchronization
>>> > bgp log-neighbor-changes
>>> > neighbor 10.0.0.1 remote-as 5
>>> > no auto-summary
>>> >
>>> > You can masquerade as AS 5 while remaining configured as AS 1 using the
>>> > "local-as" command:
>>> >
>>> > RouterA#sho run | sec bgp
>>> > router bgp 1
>>> > no synchronization
>>> > bgp log-neighbor-changes
>>> > neighbor 10.0.0.2 remote-as 2
>>> > neighbor 10.0.0.2 local-as 5
>>> > no auto-summary
>>> >
>>> > If, however, you mean that you have two VRFs on the same router,
>>> hairpinned
>>> > through a firewall, then I think you are sunk, as this uses
>>> > address-families under the bgp process, and unless I am mistaken, it is
>>> one
>>> > process with one AS per router.
>>> >
>>> > M.
>>> >
>>> >
>>> >
>>> > On Fri, Nov 25, 2011 at 8:09 AM, Amir Khalili <[email protected]>
>>> wrote:
>>> >
>>> >> Hello
>>> >>
>>> >> How can we fake AS # for a bgp neighbor to make ebgp peer? This is
>>> using
>>> >> in vrf bgp router id in a vrf.
>>> >>
>>> >> BGP vrf A -> FW -> BGP vrf B ( ebg peer )
>>> >>
>>> >> Cheers
>>> >> Amir
>>> >> _______________________________________________
>>> >> For more information regarding industry leading CCIE Lab training,
>>> please
>>> >> visit www.ipexpert.com
>>> >>
>>> >> Are you a CCNP or CCIE and looking for a job? Check out
>>> >> www.PlatinumPlacement.com
>>> >>
>>> >> To Unsubscribe from this list please visit the following link and
>>> follow
>>> >> the directions to unsubscribe.
>>> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs
>>> >>
>>> >
>>> >
>>> >
>>> > --
>>> > Matthew Mengel
>>> > [email protected]
>>> >
>>>
>>> --
>>> Sent from my mobile device
>>>
>>
>>
>>
>> --
>> Matthew Mengel
>> [email protected]
>>
>>
>>
>>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
> Are you a CCNP or CCIE and looking for a job? Check out
> www.PlatinumPlacement.com
>
> To Unsubscribe from this list please visit the following link and follow the
> directions to unsubscribe. http://onlinestudylist.com/mailman/listinfo/ccie_rs
>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
To Unsubscribe from this list please visit the following link and follow the
directions to unsubscribe. http://onlinestudylist.com/mailman/listinfo/ccie_rs
