Per VRF label or Per route label

Folks,
A few weeks back I saw on some study group somewhere that im on a decent conversation on the downfalls of per vrf labels (juniper) compared to per route label (cisco). Now per route label obviously has its limitations in label consumption but per vrf label threw up a few issues - one of which was something to do with sub optimal routing. Anyone know any downfalls of using per vrf label space?

Rob,
One of the disadvantages of per VRF label scheme is that it requires an IP lookup on the edge router. This is due to the fact that if the label is shared among all CEs on a given PE, an IP lookup needs to be done in the VRF to determine which CE we should send the label to.
Another disavantage would be that you couldn't support CsC using a per VRF label since an IP table lookup is required on the PE, which breaks the end to end LSP.
On the other hand, you are absolutely right about the increase resources comsumption when a per route label scheme is used. This affects some vendors more than others though.
Hope this helps,

Similar Messages

Per VRF label

Hi,
Would like to know if per VRF label is supported on 7600 platform with SUP7203BXL?If yes can anybody share the config details

Anup,
It is currently supported via the following hidden command:
[no] mpls label mode { vrf | all-vrfs } protocol bgp-vpnv4 { per-prefix|per-vrf}
Regards,

Cost Per hour, Costs per route not updating in S114 structure

Dear PM Guru's,
i am using MET unit system for vehicle consumption analysis. After completion of measurement documents and material issuance through IFCU, i checked the MCIZ report , but there i could not find the value of Costs per Hour, Costs per route information. I am requesting you all please guide me where i did the mistake either in "Configure measurement document updation" or calculation method?
I am eagerly waiting for replies.
regards
JKM

Its not possible to give any specific section where it might have gone wrong. Suggest you to check the complete configuration under Settings for Fleet Management. Also check the configuration in IMG - PM & CS - Information Systems - Configure Measurement document update

Channel-group limit per router

Can someone make clear statement about limit of channel-groups (from VWIC2-2MFT-T1/E1) per router (i.e. 2811) ? I have 2 controllers with total of 4 E1 lines, but it sounds that I can ONLY have 4 channel-groups of any combination in a time per router.

Two channel groups can be supported per VWIC2 module. When a 2 port VWIC2 is used, only 1 channel group is supported per por
check this
http://www.cisco.com/application/pdf/en/us/guest/products/ps5855/c1167/cdccont_0900aecd8028d2e5.pdf

Use of TFTP to upgrade CE XR router via mgmt vrf from PE XR router

I have a few CE routers that require an extra module loading.
These routers have no access to the default vrf on a core router, they can only be accessed for management via that vrf.
Is there any way to upload via TFTP (or any other protocol) an image file from one of the core routers to the CE?
I cannot find a way of instructing the client (CE) router to specify a VRF in the copy tftp command string. On the CE I have configured the tftp client to use the management vrf, but every copy attempt results in `no route to host' messages.
The routers are all ASR9000 running 4.3.0 code.
Initally these were configured using the default vrf and the copy process worked fine, but not when using another vrf.

hi,
You would need to specify the management vrf. Example of copying a tar file to harddisk on the asr9k,
then untarring it, and installing:
a)copy ftp://user:[email protected];Mgmt_VRF/tftpboot/xr/423/ASR9K-iosxr-px-k9-4.2.3.tar harddisk:/sw/423
b)cd harddisk:/sw/423 then type “run”
c) tar –xvf ASR9K-iosxr-px-k9-4.2.3.tar (to untar the tar image)
d) admin install add source harddisk:/sw/423 asr9k-mini-px.pie-4.2.3 asr9k-mgbl-px.pie-4.2.3 asr9k-k9sec-px.pie-4.2.3 asr9k-mcast-px.pie-4.2.3 asr9k-mpls-px.pie-4.2.3 asr9k-fpd-px.pie-4.2.3 activate sync prompt-level none (note the spaces!!)
Note: if you don’t have a management VRF, then the Mgmt_VRF CLI is not needed
hth,
david

MPLS VRF configuartion on CE router

I have following Secinario.
CE1----PE1---P---PE2---CE1
---CE2
From PE2 to CE2 there two links.
Customer want VRF configuartion on the CE2 router on one link.
I have confirgured the VRF in between PE2 and CE2 on one link.Also configured Rd and RT parameter in the VRF.
I am useing BGP as routing protocol in between PE and CE.Can you please let me know should i have to configure MP-BGP in between PE2 and CE2 to carry RD and RT values from CE2 to PE2 ?

only if you extending MPLS VPN down to your CE. MP-BGP propgates VPNv4 updates tagged with a VPN label among PE routers only.
Normally an IGP protocol such as OSPF is used between PE-CE. You can configure OSPF in the VRF associated with the VPN and associate the interface connected to the CE with the VRF. OSPF routes can then propagate from a CE to a PE when an OSPF adjacency has formed between the two routers. OSPF adds routes to the VRF's forwarding table at the PE side with routes learned from the CE.
see this http://www.juniper.net/techpubs/software/erx/erx50x/swconfig-routing-vol2/html/bgp-mpls-vpns-config5.html

VRF-lite, NAT and route-leaking

Hello, community. I'm trying to reproduce setup with two customers (R1 and R2), PE router (R3) and common services (R4).
Here is configuration:
R1:
interface Loopback0
ip address 10.10.1.1 255.255.255.255
interface FastEthernet1/0
ip address 192.168.15.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 192.168.15.5
R2:
interface Loopback0
ip address 10.10.2.2 255.255.255.255
interface FastEthernet1/0
ip address 192.168.16.1 255.255.255.192
ip route 0.0.0.0 0.0.0.0 192.168.16.5
R3:
ip vrf VRF1
rd 1:1
route-target export 1:1
route-target import 1:1
ip vrf VRF2
rd 2:2
route-target export 2:2
route-target import 2:2
interface FastEthernet0/0
description R1
ip vrf forwarding VRF1
ip address 192.168.15.5 255.255.255.192
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1
description R2
ip vrf forwarding VRF2
ip address 192.168.16.5 255.255.255.192
ip nat inside
ip virtual-reassembly
interface FastEthernet1/0
description R4
ip address 1.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
ip route 0.0.0.0 0.0.0.0 1.1.1.2
ip route vrf VRF1 0.0.0.0 0.0.0.0 FastEthernet1/0 1.1.1.2 global
ip route vrf VRF1 10.10.0.0 255.255.0.0 192.168.15.1
ip route vrf VRF2 0.0.0.0 0.0.0.0 FastEthernet1/0 1.1.1.2 global
ip route vrf VRF2 10.10.0.0 255.255.0.0 192.168.16.1
ip nat inside source list 15 interface FastEthernet1/0 vrf VRF1 overload
ip nat inside source list 16 interface FastEthernet1/0 vrf VRF2 overload
access-list 15 permit 192.0.0.0 0.255.255.255
access-list 15 permit 10.10.0.0 0.0.255.255
access-list 16 permit 192.0.0.0 0.255.255.255
access-list 16 permit 10.10.0.0 0.0.255.255
R4:
interface Loopback0
ip address 10.10.10.10 255.255.255.255
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 1.1.1.1
The configuration is not operational.
r1#ping 192.168.15.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.15.5, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/89/116 ms
r1#ping 192.168.15.5 source l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.15.5, timeout is 2 seconds:
Packet sent with a source address of 10.10.1.1
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/86/92 ms
r1#ping 1.1.1.1 source l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.1.1
Success rate is 80 percent (4/5), round-trip min/avg/max = 292/357/400 ms
r1#ping 1.1.1.2 source l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 10.10.1.1
Success rate is 80 percent (4/5), round-trip min/avg/max = 160/187/216 ms
r1#ping 10.10.10.10 source l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 10.10.1.1
Success rate is 0 percent (0/5)
I can't ping R4's loopback address ("shared resource" or also known as "common service")
The same is with R2 ( second customer).
But I can still ping R4's loopback from R3:
R3#ping 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/88/116 ms
This is routing table on R3:
R3#sh ip route | begin Gateway
Gateway of last resort is 1.1.1.2 to network 0.0.0.0
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, FastEthernet1/0
S*   0.0.0.0/0 [1/0] via 1.1.1.2
R3#sh ip route vrf VRF1 | begin Gateway
Gateway of last resort is 1.1.1.2 to network 0.0.0.0
     192.168.15.0/26 is subnetted, 1 subnets
C       192.168.15.0 is directly connected, FastEthernet0/0
     10.0.0.0/16 is subnetted, 1 subnets
S       10.10.0.0 [1/0] via 192.168.15.1
S*   0.0.0.0/0 [1/0] via 1.1.1.2, FastEthernet1/0
R3#sh ip route vrf VRF2 | begin Gateway
Gateway of last resort is 1.1.1.2 to network 0.0.0.0
     10.0.0.0/16 is subnetted, 1 subnets
S       10.10.0.0 [1/0] via 192.168.16.1
     192.168.16.0/26 is subnetted, 1 subnets
C       192.168.16.0 is directly connected, FastEthernet0/1
S*   0.0.0.0/0 [1/0] via 1.1.1.2, FastEthernet1/0
So the question is what is the problem cause? How to troubleshoot? What is the troubleshooting steps?

Hi Eugene Khabarov
The problem here is that at the PE we have the static route for the Major Subnet 10.10.0.0/16 pointing back to the CEs of which the destination ping IP 10.10.10.10 is part of.
We need to remove the Major X /16 route from PE and configure explicit X /32 route for the CE Loopback to make this work
no ip route vrf VRF1 10.10.0.0 255.255.0.0 192.168.15.1
ip route vrf VRF1 10.10.1.1 255.255.0.0 192.168.15.1
no ip route vrf VRF2 10.10.0.0 255.255.0.0 192.168.16.1
ip route vrf VRF2 10.10.2.2 255.255.0.0 192.168.16.1
Hope this helps to answer your query.
Regards
Varma

Denying telnet traffic from VRF interfaces on the router

Hi,
We are currently trying to accomplish incomming telnet traffic from an VRF interface to be denied by the router(7613--IOS:12.2(18)SXF4). In the line vty , we have associated an access-class specifying the block should be allowed for inbound telnet connection to the router. This is working good but it also allows the incomming telnet from an VRF interface having the same block as the global table block which is configured for allowing the incomming telnet connection. We don't want to allow any telnet connection from the vrf interface , even though it matches the permit block in the access-list
Kindly note that, we have not specified vrf-also command on the access-class.
Please let us a way to accomplish the above requirement .
Thanking You
Regards
Anantha Subramanian Natarajan

Hi,
Thanks for the suggestion.
I think, I haven't made my requirement clear. We would not like applying access-list to the VRF interfaces to acheive this requirement bcos, then we may have to bind to all the VRF interfaces(I mean customer interfaces),we acting as service provider. We are looking the way by applying access-class binded to line vty ,which is common to all the telnet traffic.
Kindly let us know,if you have some suggestions on the same
Regards
Anantha Subramanian Natarajan

What is the second level label of a mpls packet?

i thought it was the RT or RD,but i can not associate the MBGP atrribute with the mpls label,confused,
please help me!
recommending a related book would be helpful
thanks

Devang, IGP label(1st label) is required to label switch the path till the IBGP nexthop (which is other PE's advertising the VPN routes).Once it packet reaches the egress PE it has to find the right VRF to which the route belongs and then find the right outgoing interface. So from MPLS perspective it assigns a second label which is the mapping of VPN routes to label value. And as per this label (second label it identifies the right VPN). Without the second label there is no mapping to identify which VPN the packet belongs to.
Its more of the control plane and forwarding plane thing. When BGP sends the update it sends it with RT RD and VPN label to be used.
But when the packet from the customer side(data traffic) arrives that packet in its L3header only has a destination IP. No RD or RT so how would the PE's take the forwarding decision for that packet, so for that purpose the second label which was assigned as the part of control plane for a destination route (where in the routes's RD and RT values were known) is used.
So to conclude when forwarding packets there is no RD or RT information, its just labels which have been assigned when the packet entered the MPLS cloud.(1st label the IGP label for the BGP nexhop, and the second label (VPN label for the VPN prefix) to identify the right VPN for that packet.
HTH-Cheers,
Swaroop

Howto control/filter traffic between VRF-(lite) using route leaking?

Hi,
does anybody know how I can control/filter the traffic between two vrf when I use route leaking or also normal route target export/import connections, maybe with an acl, in the following scenarios?
Scenario 1:
I use a normal MPLS network with several PE routers (maybe ASR series) which connect to the CE routers via OSPF. Two VPNs are configured on the PE routers and I want one of PE routers to allow/route traffic between these VPNs but especially traffic on tcp port 80 and no other ports. I'm only aware of bindung acls to logical or physical interfaces but I don't know how to do this here.
Scenario 2:
Same as scenario 1 but not the PE router will connect the VPN but a separate router-on-a -tick (e.g. 4900M) which is connected to one of the PE routers should do this job with vrf-lite and route leaking (address-family ipv4 vrf ...). Also here I want only to allow tcp port 80 between the vpns
Kind Regards,
Thorsten

Thanks.
That's what I was assuming. In my experience this solution does not scale with increasing number of vpn and inter vpn traffic via route target.
Is it correct that there is only one common acl per vpn where all rules for the communication to all other vpns are configured? Doesn't this acl become too complex and too error-prone to administrate in a real network environment? Further on in my understanding this acl has to be configured per vpn on all pe routers which have interfaces to ce routers for that vpn.
Does cisco offer software for managing this?

Packet per packet load sharing

hi, my question:
i have two routers which are connected over two links (same type, same speed).
now i want to change from per destination to per packet load-sharing.
i know there is the command "ip load-shar per packet" but my question:
must i use this command on all 4 interfaces (2 interfaces - two router),
or must i only configure this on one interface per router ??
thanks for answer !

hi there. I have one doubt pertaining to per-packet load-sharing. In order to connect my two remote sites- A & B, Site A is having two WAN links and Site B is having two WAN links - one from ISP1 (30Mbps link) and the other from ISP2 (50Mbps link). I am doing static route load balancing using same AD values for both the ISPs. I have configured "ip load-sharing per-packet" on both the outgoing interfaces.
The load is getting distributed equally across both the links but total bandwidth utilization across both the links is not going beyond 30Mbps. The combined bandwidth of both links is 80Mbps (50+30). However links are not getting fully utilized even though heavy load is there on the links. Can you please tell me how to make full use of both the wan links at both the ends?

How do I inject a static default route into vrf

Could anybody give me any advise on injecting a static default route into vrf.
The static route is to the internet, I can't enable vrf forwading on the fa interface as other users also use this internet connection.
I am configuring a 7206 VXR 12.3(26) and have attached a copy of the config
Any help gratefully received

Hi
I think you have to specify the route as this
ip route vrf delegate_wireless fa0/0 0.0.0.0 0.0.0.0 194.154.168.1 global
it tells the router to to use a next hop that is not part of the vrf.
Also, don't forget that the return traffic has to be routed out to the vrf.
Something like this.
ip route a.b.c.d tu1 10.252.254.2
/Mikael

Static routes within VRF

Is there a limit to the number of static route one could use within a VRF ?
We have a large customer connected to MPLS VRF based backbone and due to various limiting factors this customer uses static routing from a PE-CE perspective.
We have been experiencing a problem where a static needsto be removed and placed back as routing to a site stops (No traffic passed) , this happes intermittently and to different sites within diffrent regions as well. All the general or expected troubleshooting procedures have been followed i.e. Check routing table , bgp , CEF tables , FIB etc. All seems fine , the only thing that reloves this is removing the static and then replacing it.
My thinking is that there might be a limit to the number of static's that one can use within a VRF and that we have reached the limit for this customer , which causes the intermittent failure.
Please advise.

I know of a "maximum routes limit " command to limit the number of routes in a Vrf on a PE.
From this command reference i find there are no default values for this.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_r/xrfscmd3.htm#1032272
So I assume, the default is to allow a huge value and the only limitations would be the memory/capacity and the number of vrfs on the PE router.
If you are experiencing a problem in this regard and removing a static route is helping to overcome it, then I would only suspect a bug here.
I am also curious to know how may many static routes you have in this particular vrf.

CSR1000V VRF Route Leaking vs GNS

Hi folks,
working on 2 lab envronments. I have successfully configured VRF route leaking on GNS3, however can't get it working on CSR1000v with same config (only IP's and name's of VRF etc is different). Is there something on the CSR1000v that I have to do that's different from GNS? Is there a reason why the route in GNS is in both the OSPF database and the routing table yet in ESXi it's only in the database?
OSPF between neighbors
BGP to do route leaking
GNS - leaking route 220.0.0.0
GNS - Neighbor running OSPF has 220.0.0.0 in the database and the routing table for VRF 100
ESXi - leaking route 45.0.0.0
ESXi - Neighbor running OSPF has 45.0.0.0 in the database and is NOT in the routing table for VRF cavia
GNS - 3640's with c3640-js-mz.124-17
ESXi - CSR1000V with Cisco IOS XE Software, Version 03.12.00.S
On both labs using BGP to leak routes between VRF's.
GNS LAB
VRF's --------------------------------------------------
ip vrf 100
rd 100:100
route-target export 1:100
route-target import 1:300
ip vrf 200
rd 200:200
route-target export 1:200
route-target import 1:300
ip vrf 300
rd 300:300
route-target export 1:300
route-target import 1:100
route-target import 1:200
OSPF --------------------------------------------------------------
router ospf 100 vrf 100
router-id 4.4.4.4
log-adjacency-changes
redistribute bgp 10 subnets
network 100.0.0.0 0.0.0.3 area 0
network 0.0.0.0 255.255.255.255 area 0
router ospf 200 vrf 200
router-id 44.44.44.44
log-adjacency-changes
redistribute bgp 10 subnets
network 200.0.0.0 0.0.0.3 area 0
network 0.0.0.0 255.255.255.255 area 0
BGP -------------------------------------------------------------
router bgp 10
no synchronization
bgp log-neighbor-changes
no auto-summary
address-family ipv4 vrf 300
no synchronization
network 220.0.0.0 mask 255.255.255.252
exit-address-family
address-family ipv4 vrf 200
redistribute ospf 200 vrf 200
no synchronization
exit-address-family
address-family ipv4 vrf 100
redistribute ospf 100 vrf 100
no synchronization
exit-address-family
R4#sh ip bgp vpnv4 all
BGP table version is 17, local router ID is 44.44.44.44
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:100 (default for vrf 100)
*> 10.0.0.0/24 100.0.0.1 2 32768 ?
*> 100.0.0.0/30 0.0.0.0 0 32768 ?
*> 220.0.0.0/30 0.0.0.0 0 32768 i
Route Distinguisher: 200:200 (default for vrf 200)
*> 20.0.0.0/24 200.0.0.1 2 32768 ?
*> 200.0.0.0/30 0.0.0.0 0 32768 ?
*> 220.0.0.0/30 0.0.0.0 0 32768 i
Route Distinguisher: 300:300 (default for vrf 300)
*> 10.0.0.0/24 100.0.0.1 2 32768 ?
*> 20.0.0.0/24 200.0.0.1 2 32768 ?
*> 100.0.0.0/30 0.0.0.0 0 32768 ?
*> 200.0.0.0/30 0.0.0.0 0 32768 ?
*> 220.0.0.0/30 0.0.0.0 0 32768 i
-----------------------on neighbor R3 220.0.0.0 (in vrf 300) is in the routing table for vrf 100 as designed----------------------
R3#sh ip route vrf 100
220.0.0.0/30 is subnetted, 1 subnets
O E2 220.0.0.0 [110/1] via 100.0.0.2, 00:29:48, FastEthernet1/0.10
100.0.0.0/30 is subnetted, 1 subnets
C 100.0.0.0 is directly connected, FastEthernet1/0.10
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0
----------------------OSPF Database on neighbor R3-------------------------------------------
R3#sh ip ospf data
OSPF Router with ID (33.33.33.33) (Process ID 200)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
33.33.33.33 33.33.33.33 521 0x80000006 0x005A0E 2
44.44.44.44 44.44.44.44 541 0x80000006 0x001C18 1
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
200.0.0.2 44.44.44.44 540 0x80000005 0x006820
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
220.0.0.0 44.44.44.44 540 0x80000005 0x009BAE 3489660938
OSPF Router with ID (3.3.3.3) (Process ID 100)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
3.3.3.3 3.3.3.3 722 0x80000006 0x008C9F 2
4.4.4.4 4.4.4.4 581 0x80000006 0x00F845 1
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
100.0.0.2 4.4.4.4 581 0x80000005 0x00FEA7
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
220.0.0.0 4.4.4.4 581 0x80000005 0x00509A 3489660938
ESXi LAB
VRF's----------------------------------------------------------
vrf definition cavia
rd 1:100
address-family ipv4
route-target export 1000:100
route-target import 1000:300
exit-address-family
vrf definition microsoft
rd 1:200
address-family ipv4
route-target export 1000:200
route-target import 1000:300
exit-address-family
vrf definition shared
rd 1:300
address-family ipv4
route-target export 1000:300
route-target import 1000:100
route-target import 1000:200
exit-address-family
OSPF ----------------------------------------------------------------
router ospf 100 vrf cavia
redistribute bgp 50 subnets
network 172.100.200.0 0.0.0.3 area 0
network 0.0.0.0 255.255.255.255 area 0
router ospf 200 vrf microsoft
redistribute bgp 50 subnets
network 172.200.200.0 0.0.0.3 area 0
network 0.0.0.0 255.255.255.255 area 0
BGP -----------------------------------------------------------------
router bgp 50
bgp log-neighbor-changes
address-family ipv4 vrf cavia
redistribute ospf 100
exit-address-family
address-family ipv4 vrf microsoft
redistribute ospf 200
exit-address-family
address-family ipv4 vrf shared
network 45.0.0.0 mask 255.255.255.252
exit-address-family
---------------45.0.0.0 is in the correct BGP VRF's----------------
R8#sh ip bgp vpnv4 all
BGP table version is 20, local router ID is 8.8.8.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:100 (default for vrf cavia)
*> 45.0.0.0/30 0.0.0.0 0 32768 i
*> 80.100.0.0/30 172.100.200.1 2 32768 ?
*> 172.100.100.0/30 172.100.200.1 2 32768 ?
*> 172.100.100.4/30 172.100.200.1 2 32768 ?
*> 172.100.200.0/30 0.0.0.0 0 32768 ?
Route Distinguisher: 1:200 (default for vrf microsoft)
*> 45.0.0.0/30 0.0.0.0 0 32768 i
*> 80.200.0.0/30 172.200.200.1 2 32768 ?
*> 172.200.100.0/30 172.200.200.1 2 32768 ?
*> 172.200.100.4/30 172.200.200.1 2 32768 ?
*> 172.200.200.0/30 0.0.0.0 0 32768 ?
Route Distinguisher: 1:300 (default for vrf shared)
*> 45.0.0.0/30 0.0.0.0 0 32768 i
*> 80.100.0.0/30 172.100.200.1 2 32768 ?
*> 80.200.0.0/30 172.200.200.1 2 32768 ?
*> 172.100.100.0/30 172.100.200.1 2 32768 ?
*> 172.100.100.4/30 172.100.200.1 2 32768 ?
*> 172.100.200.0/30 0.0.0.0 0 32768 ?
*> 172.200.100.0/30 172.200.200.1 2 32768 ?
Network Next Hop Metric LocPrf Weight Path
*> 172.200.100.4/30 172.200.200.1 2 32768 ?
*> 172.200.200.0/30 0.0.0.0 0 32768 ?
-----------------------on neighbor R1 45.0.0.0 (in vrf shared) is not in the routing table for vrf cavia----------------------
R1#sh ip route vrf cavia
Gateway of last resort is 172.100.200.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 172.100.200.2
80.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 80.100.0.0/30 is directly connected, GigabitEthernet1.1
L 80.100.0.1/32 is directly connected, GigabitEthernet1.1
B 80.100.0.4/30 [20/0] via 80.100.0.2, 03:52:22
172.100.0.0/16 is variably subnetted, 7 subnets, 2 masks
C 172.100.100.0/30 is directly connected, GigabitEthernet3.1
L 172.100.100.2/32 is directly connected, GigabitEthernet3.1
C 172.100.100.4/30 is directly connected, GigabitEthernet2.1
L 172.100.100.6/32 is directly connected, GigabitEthernet2.1
B 172.100.101.0/30 [20/0] via 80.100.0.2, 03:52:22
C 172.100.200.0/30 is directly connected, GigabitEthernet4.1
L 172.100.200.1/32 is directly connected, GigabitEthernet4.1
----------------------OSPF Database on neighbor R1 -------------------------------------------
R1#
R1#sh ip ospf data
OSPF Router with ID (172.100.200.1) (Process ID 100)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
172.100.200.1 172.100.200.1 668 0x8000000A 0x009F4E 4
172.100.200.2 172.100.200.2 681 0x80000007 0x005F5C 1
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
172.100.200.1 172.100.200.1 668 0x80000002 0x0012BD
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
45.0.0.0 172.100.200.2 441 0x80000002 0x0047E1 3489660978
80.100.0.4 172.100.200.1 1679 0x80000008 0x00A883 3489725929
172.100.101.0 172.100.200.1 1679 0x80000008 0x00C4A9 3489725929

BUMP

BGP routing updates via VRF's fails on PE

HQ connects to 2 different remote sites via MPLS.
HQ connects to PE1 via MPLS vrf SITE1
HQ also connects to PE1 via MPLS vrf SITE2
WAN1 connects to PE2 via F0/0 vrf SITE1
WAN2 connects to PE2 via F0/1 vrf SITE2
HQ sees all prefixes from both remote sites!!
HQ and WAN1 can successfully ping/trace each other.
HQ and WAN2 can successfully ping/trace each other.
WAN1 only sees HQ prefixes
WAN2 only sees HQ prefixes
PE1 vrf SITE1 routing table sees HQ and WAN1 prefixes only
PE1 vrf SITE2 routing table sees HQ and WAN2 prefixes only
I can see from HQ that HQ is sending the same prefixes to both eBGP PE1 peers.
(I.E. sh bgp ipv4 uni nei x.x.x.x adv)
TOPOLOGY:
           /---MPLS--PE2------WAN1
HQ----PE1--
           \---MPLS--PE2------WAN2
HQ   AS 10
WAN1 AS 20
WAN2 AS 30
MPLS AS 65535
On PE1 and PE2
Under vrf SITE1, I added route-target import from vrf SITE2 and
Under vrf SITE2, I added route-target import from vrf SITE1 and this did not work at all.
HQ must remain in 2 different vrf's while the remotes are in different vrf's as well.
PROBLEM:
I need to be able to communicate between WAN1 to WAN2 via HQ.
Anyone know what might fix my problem????, Or can explain what is happening that causes this failure?
THANKS and BEST REGARDS
Frank

Hi Frank
Looking at your mentioned design above it seems all fine and should work..Just one question did you import the cross-vrf RTs after the normal setup was up and working ' coz in that case I think we would need to soft clear the BGP Process on PE1 to cross import the vrf routes from PE2..But on PE2 it should have worked fine..
May be as asked by Olivier you can share the configs once to look at it.
Coming to your second question of
PROBLEM:
I need to be able to communicate between WAN1 to WAN2 via HQ.
This is a case of MPLS Hub and Spoke VPN Services using eBGP as PE-CE..
Here we need to use 3 VRF with separe export RT for the Hub (HQ-VRF) and Spoke 1(Site 1-VRF) /Spoke 2(Site 2-VRF)
Hub will import the RT of Spoke 1 and Spoke 2 . SPoke 1/ Spoke 2 will import only HQ RT..
On PE1 create a default null route under VRF Hub and under BGP addess-family ipv4 vrf HQ-VRF send a default route using below network statement
network 0.0.0.0
This will help to achieve the desired traffic flow of WAN1 communicating to WAN2 via HQ..
Hope this provides some insight to your query.
Regards
Varma

Per VRF label or Per route label

Similar Messages

Maybe you are looking for