On Sat, 8 Jun 2024 at 18:26, Arne Larsen via cisco-nsp <cisco-nsp@puck.nether.net> wrote:
> Yes, it'd with route-target I'm trying to get it to work, and what I'm > trying to get rid off is the default route from the IOT vrf to be > imported into the SHARED vrf. Ok so the problem is not sharing routes between VRF, problem is sharing selectively routes between VRF? In the example the problem is that VRF_SHARED_SERVICE gets default route from VN_IOT. You could accomplish this two ways a) VRF_SHARED_SERVICE has import policy, which drops the default route for 64515:136 b) VN_IOT has export policy, which doesn't set 64515:95 on default route I think a) is more robust, you'd probably just deny importing any default route at all, if you know you're going to have the 64515:95 default route you want. So no matter what happens in the other VRFs, you'd never end up importing their default. Like vrf definition VRF_SHARED_SERVICE address-family ipv4 import map FOO route-map FOO deny 100 match ip address prefix-list DEFAULT route-map FOO permit 200 > > Here are the vrf definition.: > > > vrf definition VRF_SHARED_SERVICE > rd 192.168.101.110:95 > ! > address-family ipv4 > route-target export 64515:95 > route-target import 64515:95 > route-target import 64515:10 > route-target import 64515:136 > route-target import 64515:112 > route-target import 64515:101 > exit-address-family > > > > vrf definition VN_IOT > rd 192.168.101.110:136 > ! > address-family ipv4 > route-target export 64515:136 > route-target import 64515:136 > route-target import 64515:95 > exit-address-family > > > /Arne > > > > On 08/06/2024 12.25, James Bensley wrote: > > Hi Arne, > > > > The normal way to do this is with route targets but you didn't mention > > route targets in your email. Are you importing the export RTs from VRF1 and > > VRF2 in to VRF3? > > > > You also mentioned route-maps. Are you already importing the export RTs and > > trying to filter which routes are imported to only be the default route? > > > > You didn't post any config, it always helps people to help you if you can > > show what you have tried already. > > > > Cheers, > > James. > > > > > > > > -------- Ursprüngliche Nachricht -------- > > Am 08.06.24 08:04 um Arne Larsen via cisco-nsp schrieb > > <cisco-nsp@puck.nether.net>: > > > >> Hi all > >> > >> I’m struggling with an 9606 Cisco router and route leaking between vrf’s. > >> > >> I have 2 vrf’s with a default route that needs to imported into a 3. > >> > >> The default route from the one vrf’s is direct connected on the box, > >> andthe other is via mBGP. > >> > >> I’ve tried several forms for import maps base on community, prefix, acl > >> and so on, but I always ends up with pulling my legs. > >> > >> The 3 vrf is for shared services, so I import more the the 2 vrf’s with > >> the default route. > >> > >> Can someone give me a hint how to get this to work. > >> > >> The 2 vrf’s with the def route has community xxxxx:112 and xxxxx:114. > >> I need to import all other routes from all other vrf’s including the 2 > >> with the def route. > >> > >> Hope someone can help me out here > >> > >> Regards Arne > >> _______________________________________________ > >> cisco-nsp mailing list cisco-nsp@puck.nether.net > >> https://puck.nether.net/mailman/listinfo/cisco-nsp > >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > >> > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ -- ++ytti _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/