On Sat, 8 Jun 2024 at 18:26, Arne Larsen via cisco-nsp
<cisco-nsp@puck.nether.net> wrote:
> Yes, it'd with route-target I'm trying to get it to work, and what I'm
> trying to get rid off is the default route from the IOT vrf to be
> imported into the SHARED vrf.
Ok so the problem is not sharing routes between VRF, problem is
sharing selectively routes between VRF?
In the example the problem is that VRF_SHARED_SERVICE gets default
route from VN_IOT.
You could accomplish this two ways
a) VRF_SHARED_SERVICE has import policy, which drops the default route
for 64515:136
b) VN_IOT has export policy, which doesn't set 64515:95 on default route
I think a) is more robust, you'd probably just deny importing any
default route at all, if you know you're going to have the 64515:95
default route you want. So no matter what happens in the other VRFs,
you'd never end up importing their default.
Like
vrf definition VRF_SHARED_SERVICE
address-family ipv4
import map FOO
route-map FOO deny 100
match ip address prefix-list DEFAULT
route-map FOO permit 200
>
> Here are the vrf definition.:
>
>
> vrf definition VRF_SHARED_SERVICE
> rd 192.168.101.110:95
> !
> address-family ipv4
> route-target export 64515:95
> route-target import 64515:95
> route-target import 64515:10
> route-target import 64515:136
> route-target import 64515:112
> route-target import 64515:101
> exit-address-family
>
>
>
> vrf definition VN_IOT
> rd 192.168.101.110:136
> !
> address-family ipv4
> route-target export 64515:136
> route-target import 64515:136
> route-target import 64515:95
> exit-address-family
>
>
> /Arne
>
>
>
> On 08/06/2024 12.25, James Bensley wrote:
> > Hi Arne,
> >
> > The normal way to do this is with route targets but you didn't mention
> > route targets in your email. Are you importing the export RTs from VRF1 and
> > VRF2 in to VRF3?
> >
> > You also mentioned route-maps. Are you already importing the export RTs and
> > trying to filter which routes are imported to only be the default route?
> >
> > You didn't post any config, it always helps people to help you if you can
> > show what you have tried already.
> >
> > Cheers,
> > James.
> >
> >
> >
> > -------- Ursprüngliche Nachricht --------
> > Am 08.06.24 08:04 um Arne Larsen via cisco-nsp schrieb
> > <cisco-nsp@puck.nether.net>:
> >
> >> Hi all
> >>
> >> I’m struggling with an 9606 Cisco router and route leaking between vrf’s.
> >>
> >> I have 2 vrf’s with a default route that needs to imported into a 3.
> >>
> >> The default route from the one vrf’s is direct connected on the box,
> >> andthe other is via mBGP.
> >>
> >> I’ve tried several forms for import maps base on community, prefix, acl
> >> and so on, but I always ends up with pulling my legs.
> >>
> >> The 3 vrf is for shared services, so I import more the the 2 vrf’s with
> >> the default route.
> >>
> >> Can someone give me a hint how to get this to work.
> >>
> >> The 2 vrf’s with the def route has community xxxxx:112 and xxxxx:114.
> >> I need to import all other routes from all other vrf’s including the 2
> >> with the def route.
> >>
> >> Hope someone can help me out here
> >>
> >> Regards Arne
> >> _______________________________________________
> >> cisco-nsp mailing list cisco-nsp@puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
++ytti
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
