Gents I have a dynamic route leaking working ** in that the routes seem to propagate properly. But traffic doesn't flow across the vrf boundary.
I have a 7600 with a VRF and a CPE router downstream in the VRF. The global learns a default BGP route from an upstream iBGP peer = 192.168.10.50 I have in my VRF an import policy that will import ONLY that default into the VRF: vrf definition CPE-Management ! Rd 200:123456 address-family ipv4 import ipv4 unicast map default-route-only route-target export 200:989898 route-target import 200:989898 exit-address-family ! This does indeed works and imports the route into my VRF: sh ip bgp vpnv4 vrf CPE-Management 0.0.0.0 BGP routing table entry for 8301:989898:0.0.0.0/0, version 77 Paths: (1 available, best #1, table CPE-Management) Not advertised to any peer Refresh Epoch 1 65535 8301, imported path from 0.0.0.0/0 (global) 192.168.10.50 (metric 10) from 192.168.10.50 (192.168.10.50) Origin IGP, metric 0, localpref 100, valid, internal, no-import, no-import, best rx pathid: 0, tx pathid: 0x0 I then leak a loopback I have inside the VRF to the default table. sh ip bgp 172.18.2.6 BGP routing table entry for 172.18.2.6/32, version 93881 Paths: (1 available, best #1, table default) Multipath: iBGP Additional-path-install Advertised to update-groups: 1 16 Refresh Epoch 1 Local, imported path from 200:989898:172.18.2.6/32 (CPE-Management) 172.18.2.6 from 0.0.0.0 (192.168.10.20) Origin incomplete, metric 0, localpref 100, weight 32768, valid, external, best Extended Community: RT:200:989898 rx pathid: 0, tx pathid: 0x0 There are no ACLs involved. Inside the VRF I can ping freely between CPE and PE. But from inside the VRF I cannot ping against an IP in the global table even setting the source as the exported loopback. Any ideas? thanks _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/