Problem leaking route from VRF to global table on CSR 1000V
Hi Guys,
So I have a problem with VRF's on a CSR 1000V, specifically exporting a connected subnet from a VRF into the global routing table.
My config, very abbreviated, is as follows:
Router:
GE1: 10.0.0.1/31 VRF TEST
GE2: 172.30.20.1/24 (No VRF, BGP neighbor to 172.30.20.2, receiving 0.0.0.0/0 (default route))
Now sh ip route displays:
0.0.0.0/0 (BGP)
172.30.20.1/24 (Connected)
sh ip route vrf TEST displays:
0.0.0.0/0 (BGP)
10.0.0.1/31 connected
My VRF config is as follows:
ip vrf TEST
rd 1:1
import ipv4 unicast map GLOBAL
export ipv4 unicast map CONNECTED-SUBNET
ip prefix-list CONNECTED seq 1 permit 10.0.0.1/31
ip prefix-list DEFAULT seq 1 permit 0.0.0.0/0
route-map CONNECTED-SUBNET permit 10
match ip address prefix-list CONNECTED
route-map GLOBAL permit 10
match ip address prefix-list DEFAULT
Now my import command works perfectly (0.0.0.0/0 is imported from BGP into the VRF's routing table), however my export command does not function - seemingly at all.
Even though my prefix list is an exact match, I do not see 10.0.0.1/31 appearing in the global routing table, or the BGP table at all (show ip bgp 10.0.0.1 shows only the 0.0.0.0/0 default route)
Any thoughts on what is going on here? Am I misunderstanding the export command for VRF's? I was under the impression this will export directly to the BGP table, and then be imported to the global routing table if applicable?
Any thoughts/input would be appreciated!
Hello
"GE1: 10.0.0.1/31 VRF TEST
GE2: 172.30.20.1/24 (No VRF, BGP neighbor to 172.30.20.2, receiving 0.0.0.0/0 (default route))"
I must have misunderstood somewhere I was assuming you had no vrf bgp between GE1-2 , and just vrf on subnet 10.0.0.0/x which needed to be advertised in the global routing table hence my last post suggested you redistribute into bgp,
So assuming you are accepting a default route from GE2 it went like this
GE1
int fa0/1
ip vrf forwading TEST
ip addresses 10.0.0.1 255.255.255.255
int xx
ip address 172.30.20.1 255.255.255.0
router bgp xy
neighbour 172.30.20.2 remote-as yx
redistribute static ( to advertised the vrf subnet to GE2)
ip route 10.0.0.1 255.255.255.255 fa0/1 ( this is tell the global rib where to go for the vrf route)
ip prefix-list VRF permit 0.0.0.0/0
route-map VRF_rm
match ip address prefix VRF ( match on the default route advertised from GE2 which is in the global rib)
ip vrf TEST
import-map ipv4 vrf VRF-rm ( import the default from global rib into the vrf rib)
res
Paul
Similar Messages
-
Leaking MPLS VPN learned routes from VRF to Global
I'm trying to leak routes from a VRF to global. I can get the routes leaked from directly connected CE to the global, however I can't get the routes from remote CE's to leak in to the global routing table. Below are my configurations
RP/0/0/CPU0:B25BR1#sh run vrf TR
Wed Dec 17 22:40:33.772 UTC
vrf TR
address-family ipv4 unicast
import route-target
65000:7020
export to default-vrf route-policy TR-2-GLOBAL
export route-target
65000:7020
RP/0/0/CPU0:B25BR1#sh rpl route-policy TR-2-GLOBAL
Wed Dec 17 22:40:50.851 UTC
route-policy TR-2-GLOBAL
if destination in TR-2-GLOBAL then
pass
endif
end-policy
RP/0/0/CPU0:B25BR1#sh rpl prefix-set TR-2-GLOBAL
Wed Dec 17 22:40:57.861 UTC
prefix-set TR-2-GLOBAL
192.168.0.17/32,
192.168.0.18/32,
192.168.0.19/32,
192.168.0.20/32
end-set
!Routes that I want to see also are 192.168.0.19/32 and 192.168.0.20/32 which are there in the VRF routing table
RP/0/0/CPU0:B25BR1#sh route vrf TR
Wed Dec 17 22:41:45.767 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
B 10.1.0.0/30 [20/0] via 10.1.0.5, 00:14:32
C 10.1.0.4/30 is directly connected, 06:57:19, GigabitEthernet0/0/0/2
L 10.1.0.6/32 is directly connected, 06:57:19, GigabitEthernet0/0/0/2
B 10.1.128.0/30 [20/0] via 10.1.0.5, 00:14:32
B 192.168.0.17/32 [20/0] via 10.1.0.5, 00:13:56
B 192.168.0.18/32 [20/0] via 10.1.0.5, 00:13:56
B 192.168.0.19/32 [200/0] via 192.168.0.4 (nexthop in vrf default), 00:13:31
B 192.168.0.20/32 [200/0] via 192.168.0.4 (nexthop in vrf default), 00:13:31
RP/0/0/CPU0:B25BR1#sh ip rou
Wed Dec 17 22:41:50.097 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
S 10.0.0.0/27 is directly connected, 08:04:01, Null0
O 10.0.0.4/30 [110/2] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
C 10.0.0.8/30 is directly connected, 08:04:00, GigabitEthernet0/0/0/0
L 10.0.0.10/32 is directly connected, 08:04:00, GigabitEthernet0/0/0/0
O 10.0.0.12/30 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 10.0.0.16/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 10.0.0.24/30 [110/3] via 10.0.128.9, 06:29:14, GigabitEthernet0/0/0/1
O 10.0.0.28/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
S 10.0.128.0/29 is directly connected, 08:04:01, Null0
O 10.0.128.0/30 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 10.0.128.4/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
C 10.0.128.8/30 is directly connected, 08:04:00, GigabitEthernet0/0/0/1
L 10.0.128.10/32 is directly connected, 08:04:00, GigabitEthernet0/0/0/1
S 10.1.0.4/30 is directly connected, 06:57:23, Null0
S 10.1.128.4/30 is directly connected, 08:04:01, Null0
C 10.18.0.0/16 is directly connected, 08:04:00, MgmtEth0/0/CPU0/0
L 10.18.0.9/32 is directly connected, 08:04:00, MgmtEth0/0/CPU0/0
L 127.0.0.0/8 [0/0] via 0.0.0.0, 08:04:04
O 192.168.0.1/32 [110/2] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
O 192.168.0.2/32 [110/4] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/4] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 192.168.0.3/32 [110/3] via 10.0.128.9, 08:03:40, GigabitEthernet0/0/0/1
O 192.168.0.4/32 [110/3] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 192.168.0.5/32 [110/4] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/4] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 192.168.0.6/32 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 192.168.0.7/32 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
L 192.168.0.8/32 is directly connected, 08:04:00, Loopback0
B 192.168.0.17/32 [20/0] via 10.1.0.5 (nexthop in vrf TR), 00:05:37
B 192.168.0.18/32 [20/0] via 10.1.0.5 (nexthop in vrf TR), 00:05:37
I'm only seeing the routes from the directly connected CE, but not the routes received from RR. What am I missing here?
Thanks!
-SajithI'm trying to leak routes from a VRF to global. I can get the routes leaked from directly connected CE to the global, however I can't get the routes from remote CE's to leak in to the global routing table. Below are my configurations
RP/0/0/CPU0:B25BR1#sh run vrf TR
Wed Dec 17 22:40:33.772 UTC
vrf TR
address-family ipv4 unicast
import route-target
65000:7020
export to default-vrf route-policy TR-2-GLOBAL
export route-target
65000:7020
RP/0/0/CPU0:B25BR1#sh rpl route-policy TR-2-GLOBAL
Wed Dec 17 22:40:50.851 UTC
route-policy TR-2-GLOBAL
if destination in TR-2-GLOBAL then
pass
endif
end-policy
RP/0/0/CPU0:B25BR1#sh rpl prefix-set TR-2-GLOBAL
Wed Dec 17 22:40:57.861 UTC
prefix-set TR-2-GLOBAL
192.168.0.17/32,
192.168.0.18/32,
192.168.0.19/32,
192.168.0.20/32
end-set
!Routes that I want to see also are 192.168.0.19/32 and 192.168.0.20/32 which are there in the VRF routing table
RP/0/0/CPU0:B25BR1#sh route vrf TR
Wed Dec 17 22:41:45.767 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
B 10.1.0.0/30 [20/0] via 10.1.0.5, 00:14:32
C 10.1.0.4/30 is directly connected, 06:57:19, GigabitEthernet0/0/0/2
L 10.1.0.6/32 is directly connected, 06:57:19, GigabitEthernet0/0/0/2
B 10.1.128.0/30 [20/0] via 10.1.0.5, 00:14:32
B 192.168.0.17/32 [20/0] via 10.1.0.5, 00:13:56
B 192.168.0.18/32 [20/0] via 10.1.0.5, 00:13:56
B 192.168.0.19/32 [200/0] via 192.168.0.4 (nexthop in vrf default), 00:13:31
B 192.168.0.20/32 [200/0] via 192.168.0.4 (nexthop in vrf default), 00:13:31
RP/0/0/CPU0:B25BR1#sh ip rou
Wed Dec 17 22:41:50.097 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
S 10.0.0.0/27 is directly connected, 08:04:01, Null0
O 10.0.0.4/30 [110/2] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
C 10.0.0.8/30 is directly connected, 08:04:00, GigabitEthernet0/0/0/0
L 10.0.0.10/32 is directly connected, 08:04:00, GigabitEthernet0/0/0/0
O 10.0.0.12/30 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 10.0.0.16/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 10.0.0.24/30 [110/3] via 10.0.128.9, 06:29:14, GigabitEthernet0/0/0/1
O 10.0.0.28/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
S 10.0.128.0/29 is directly connected, 08:04:01, Null0
O 10.0.128.0/30 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 10.0.128.4/30 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
C 10.0.128.8/30 is directly connected, 08:04:00, GigabitEthernet0/0/0/1
L 10.0.128.10/32 is directly connected, 08:04:00, GigabitEthernet0/0/0/1
S 10.1.0.4/30 is directly connected, 06:57:23, Null0
S 10.1.128.4/30 is directly connected, 08:04:01, Null0
C 10.18.0.0/16 is directly connected, 08:04:00, MgmtEth0/0/CPU0/0
L 10.18.0.9/32 is directly connected, 08:04:00, MgmtEth0/0/CPU0/0
L 127.0.0.0/8 [0/0] via 0.0.0.0, 08:04:04
O 192.168.0.1/32 [110/2] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
O 192.168.0.2/32 [110/4] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/4] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 192.168.0.3/32 [110/3] via 10.0.128.9, 08:03:40, GigabitEthernet0/0/0/1
O 192.168.0.4/32 [110/3] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 192.168.0.5/32 [110/4] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/4] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
O 192.168.0.6/32 [110/2] via 10.0.128.9, 08:03:51, GigabitEthernet0/0/0/1
O 192.168.0.7/32 [110/3] via 10.0.0.9, 08:03:10, GigabitEthernet0/0/0/0
[110/3] via 10.0.128.9, 08:03:10, GigabitEthernet0/0/0/1
L 192.168.0.8/32 is directly connected, 08:04:00, Loopback0
B 192.168.0.17/32 [20/0] via 10.1.0.5 (nexthop in vrf TR), 00:05:37
B 192.168.0.18/32 [20/0] via 10.1.0.5 (nexthop in vrf TR), 00:05:37
I'm only seeing the routes from the directly connected CE, but not the routes received from RR. What am I missing here?
Thanks!
-Sajith -
Route leaking from VRF to Global on same router with VLAN interface
Hi all,
I would like to do some route leaking from VRF to Global and Global to VRF on the same router. Here is an output of the config:
interface FastEthernet4
description ***Connection to WAN***
ip vrf forwarding FVRF
ip address 10.0.0.6 255.255.255.0
interface Vlan100
description ***LAN***
ip address 192.168.227.1 255.255.255.0
So what I want is to import 192.168.227.0 /24 into FVRF and import 10.0.0.0 /24 into the global routing table.
I though I could do that config but it is not possible:
(config)#ip route vrf FVRF 192.168.227.0 255.255.255.0 vlan 100
% For VPN or topology routes, must specify a next hop IP address if not a point-to-point interface
OR
DK-SLVPN(config)#ip route vrf FVRF 192.168.227.0 255.255.255.0 vlan 100 192.168.227.1 global
%Invalid next hop address (it's this router)
Any ideas are really welcome.
Best regards,
LaurentHi,
I have tried the following solution:
Add 10.0.0.0 /24 From VRFto Global:
ip route 10.0.0.0 255.255.255.0 FastEthernet4
Add 192.168.227.0 /24 from Global to VRF:
router bgp 64512
bgp log-neighbor-changes
address-family ipv4
no synchronization
redistribute connected
no auto-summary
exit-address-family
ip prefix-list Global-VRF seq 5 permit 192.168.227.0/24
route-map Global permit 10
match ip address prefix-list Global-VRF
ip vrf FVRF
rd 1:1
import ipv4 unicast map Global
So now the VRF table looks like that:
# sh ip route vrf FVRF
C 10.0.0.0/24 is directly connected, FastEthernet4
S 10.0.0.1/32 [254/0] via 10.0.0.1, FastEthernet4
L 10.0.0.6/32 is directly connected, FastEthernet4
B 192.168.227.0/24 is directly connected, 00:15:12, Vlan100
The Global table looks like this:
#sh ip route
Gateway of last resort is 10.1.0.107 to network 0.0.0.0
D* 0.0.0.0/0 [90/1709056] via 10.1.0.107, 3d02h, Tunnel1
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
S 10.0.0.0/24 is directly connected, FastEthernet4
C 10.1.0.0/24 is directly connected, Tunnel1
L 10.1.0.227/32 is directly connected, Tunnel1
C 10.2.0.0/24 is directly connected, Tunnel2
L 10.2.0.227/32 is directly connected, Tunnel2
C 10.10.10.227/32 is directly connected, Loopback100
192.168.227.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.227.0/24 is directly connected, Vlan100
L 192.168.227.1/32 is directly connected, Vlan100
But When I try to ping it still doesn´t work:
#ping vrf FVRF 192.168.227.1 source fastEthernet 4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.227.1, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.6
Success rate is 0 percent (0/5)
#ping 10.0.0.1 source vlan 100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.227.1
Success rate is 0 percent (0/5)
Any ideas?
Regards,
Laurent -
Download doc problem when copied from APEX_APPLICATION_FILES to local table
Good morning!
As the subject indicatesm, I am experiencing problems downloading a document I have copied from APEX_APPLICATION_FILES to my local table FILE_SUBJECTS
and would be very grateful if someone could help.
Here is the problem:
I can successfully upload a document into APEX_APPLICATION_FILES and dowload it from there too.
I can copy the record from APEX_APPLICATION_FILES into my local table FILE_SUBJECTS and delete that entry from APEX_APPLICATION_FILES but I cannot download it from my local table, it keeps pointing me to a page which cannot be found, so I'm guessing there is something wrong with either, my INSERT INTO statement or, my link in the report.
My INSERT INTO statement is:
INSERT INTO file_subjects (id,filename,updated_by,updated_on,blob_content,mime_type)
SELECT id, filename, name, updated_by, updated_on,blob_content,mime_type
FROM APEX_APPLICATION_FILES
WHERE APEX_APPLICATION_FILES.filename = :P2_FILE_NAME;
REPORT LINK
I have tried just a normal column link in my report like: #ID# (this works when looking at APEX_APPLICATION_FILES)
but I have also tried the following:
#OWNER#.DOWNLOAD_MY_FILE?p_file=#ID#
where download_my_file is a procedure:
create or replace PROCEDURE "DOWNLOAD_MY_FILE" (p_file in number) AS
v_mime VARCHAR2(48);
v_length NUMBER;
v_file_name VARCHAR2(2000);
Lob_loc BLOB;
BEGIN
--apex_application.g_flow_id := 166;
--if not(APEX_CUSTOM_AUTH.IS_SESSION_VALID) then
-- owa_util.status_line(404, 'Page Not Found', true);
-- return;
--end if;
SELECT MIME_TYPE, BLOB_CONTENT, name,DBMS_LOB.GETLENGTH(blob_content)
INTO v_mime,lob_loc,v_file_name,v_length
FROM FILE_SUBJECTS
WHERE id = p_file;
-- set up HTTP header
-- use an NVL around the mime type and
-- if it is a null set it to application/octect
-- application/octect may launch a download window from windows
owa_util.mime_header( nvl(v_mime,'application/octet'), FALSE );
-- set the size so the browser knows how much to download
htp.p('Content-length: ' || v_length);
-- the filename will be used by the browser if the users does a save as
htp.p('Content-Disposition: attachment; filename="'||replace(replace(substr(v_file_name,instr(v_file_name,'/')+1),chr(10),null),chr(13),null)|| '"');
-- close the headers
owa_util.http_header_close;
-- download the BLOB
wpg_docload.download_file( Lob_loc );
end DOWNLOAD_MY_FILE;
Many thanks in advance!
SueSue,
If you are running XE or running with the EPG versus the http server, you need to grant access to the procedure you are using for it to be run properly..
You may need to look at this function, if you are using XE or have the EPG setup for your database.. http://download.oracle.com/docs/cd/E10513_01/doc/appdev.310/e12856/adm_wrkspc.htm#BABEFDHI [Look for the section called *Restricting Access to Oracle Application Express by Database Access Descriptor (DAD)*]
Thank you,
Tony Miller
Webster, TX -
BGP Support for IP Prefix Import from Global Table into a VRF Table
Hi,
is any ever tried this. When i uses a such a route-map for import ipv4 prefix from the global route table, it also filters the ipv4 prefix'es from the vrf route table. So I lost vrf routes from the other routers. I have tried to allow wiht a extcommunity list but I didnt worked. Is this a bug or am I missing something.Hi Tarj,
First of all, i'd recommend you to start a new thread in case you have your own problem to solve, unless your problem is related to the original post.
As for you question, what you have described is the exact behavior of a service provider with a MPLS backbone, it is a BGP free core, the P routers need not run BGP, since the PE routers will have LSP tunnels using label switching over the backbone and the P routers will just do label swapping and not IP lookups, accordingly the P routers needs not learn the BGP routes, but however you need all the routers (PEs and Ps) to run an IGP in order to be able to build the forwarding plane tables.
I hope that i've been informative.
BR,
Mohammed Mahmoud. -
Import IP Prefix from Global Table into a VRF Table
Hello,
Is it possible to import IP Prefix from Global Table into a VRF Table on ASR9001 with Version 4.3.0? Thanks.
Regards,
Erichi Eric,
In 4.3.1 there is a feature that will allow you to do this.
The Border Gateway Protocol (BGP) dynamic route leaking feature provides the ability to import routes
between the default-vrf (Global VRF) and any other non-default VRF, to provide connectivity between a
global and a VPN host. The import process installs the Internet route in a VRF table or a VRF route in the
Internet table, providing connectivity.
You can follow the ASR9000 blog here to monitor when 4.3.1 will be posted to Cisco.com
https://supportforums.cisco.com/blogs/asr9k
or watch for the 4.3.1 Release Notes here
http://www.cisco.com/en/US/products/ps5845/prod_release_notes_list.html
regards,
David -
Filtering OSPF routes from MPBGP to BGP speaker in the same VRF
I'm wondering if anyone has some ideas they an share on this.
Assume the following:
- CE1 is speaking *iBGP and OSPF to PE1 inside vrf foo
- PE1 is mutually redistributing CE1's OSPF table with MPBGP
- PE1 exchanges MPBGP routes with PE2.
- PE2 is mutually redistributing CE2's OSPF table with MPBGP
- CE2 is speaking *iBGP and OSPF to PE2 inside vrf foo
So the problem is that the OSPF routes redistributed into MPBGP from via one CE are being announced to the other CE via the PE-CE BGP process. Because those routes are already being received by the CE via the PE-CE OSPF process, they are showing up in the CE's BGP table as RIB failures.
Is there any way to filter those out? I've tried setting and matching tags and communities from within various redistribution points on the PE, but I can't seem to keep them out of the CE's BGP table.are you sure you are using iBGP on both sides and not eBGP?
I'm asking because routes learnt by PE1 from CE via iBGP ( meaning same BGP AS number on CE1 and PE1 vrf foo) will not be propagated to CE2, because an iBGP route learned by a BGP speaker in not pushed to another iBGP speaker.
So it means that a show ip bgp neighbor vrf foo advertised routes on PE2 shall show that no routes from CE1 are being advertised to CE2.
As mentionned earlier, changing BGP admin distance is an option. Let BGP have a better distance on your CEs and this should do the trick :
router bgp xxx
distance bgp 20 20 20
Then after clearing bgp session, the rib failures are gone as OSPF is AD 110 and BGP is now AD 20 ( also remember that BGP does not annouces rib failure routes to other BGP peers)
cheers -
Denying telnet traffic from VRF interfaces on the router
Hi,
We are currently trying to accomplish incomming telnet traffic from an VRF interface to be denied by the router(7613--IOS:12.2(18)SXF4). In the line vty , we have associated an access-class specifying the block should be allowed for inbound telnet connection to the router. This is working good but it also allows the incomming telnet from an VRF interface having the same block as the global table block which is configured for allowing the incomming telnet connection. We don't want to allow any telnet connection from the vrf interface , even though it matches the permit block in the access-list
Kindly note that, we have not specified vrf-also command on the access-class.
Please let us a way to accomplish the above requirement .
Thanking You
Regards
Anantha Subramanian NatarajanHi,
Thanks for the suggestion.
I think, I haven't made my requirement clear. We would not like applying access-list to the VRF interfaces to acheive this requirement bcos, then we may have to bind to all the VRF interfaces(I mean customer interfaces),we acting as service provider. We are looking the way by applying access-class binded to line vty ,which is common to all the telnet traffic.
Kindly let us know,if you have some suggestions on the same
Regards
Anantha Subramanian Natarajan -
CRS, IOS-XR: local IGP route not installed in BGP table when learned from RR
Hello,
We use CRS routers in our IGP/BGP network core, some of which are acting as BGP originators and reflectors (RRs) for IPv4 unicast. We also use CRS routers as Internet PEs. The problem we have is between those PEs and the core routers.
Premise: each Internet PE is terminating customer cisrcuits and injects those downstream routes in IGP (via redistributing static, or just learned via IGP from a downstream router). The core (P) routers then learn those routes from the PE via the IGP. Two of the P-routers act as BGP originators and install the necessary routes in BGP using the network statement. These routes are mostly supernets (i.e. summarized), but some coincide with IGP routes, as learned from the PEs. The P-routers acting as RRs then reflect all iBGP routes to all IPv4 unicast BGP speakers in the network, including the Internet PEs (we also have BGP peers on those PEs, which is why this is necessary).
Problem: if a specific downstream route, learned on an Internet PE via IGP (i.e. from downstream), is then received by that PE from an RR via iBGP (i.e. from upstream), the route is not installed in the BGP table (the output of the show bgp x.x.x.x/xx command is: Network not in table)
Question: does anyone know why this is happening? This is concictent on all of our CRS PEs. As far as I am aware there is no BGP rule that would explain this behavior. We don't expect the PE to prefer the iBGP route over the IGP route, but that should not prevent it from learning it and installing it in the BGP table... The only discrepancy I could think of is that the IGP route has a next-hop pointing downstream, whereas the the same route, learned over iBGP has a next-hop pointing upstream. Then again,this shouldn't prevent the route to appear in the BGP table....
Your help would be appreciated!
Thanks!Hi !
If I am understandung you correctly then Split Horizon is the keyword
Because if the route is learned from downstream BGP drops any same path information learned from upstream
SPLIT-HORIZON only applies to distance-vector routing protocols. In case of BGP, it simply means that a prefix learned via a peer is not advertised back to that peer.
Split horizon will simply block out routes with the same neighbor as the next-hop for the router
regards
alexander -
Problem connecting wirelessly from iMac to NETGEAR router, get invalid password message with WPA and WPA-2 encryption in place but if I remove them, so no security, can connect without a problem. Help!!
Thank you for your suggestion but I have already had a couple of phone sessions with NETGEAR support and they don't see any problems with the router settings etc. They referred me to Apple support, who helped me discover that it is possible to communicate with the router but only if I turn off the encryption/security software, which I don't want to do. The frustrating thing is that I can connect wirelessly from a laptop running Windows 7 and two Anroid smart phones, with WPA-2 in place, without a problem. Do you have any other ideas?
-
Problem reading data from two tables
Hi experts,
I'm developing a JDBC - IDOC scenario that needs to read data from two oracle tables. I have created a BPM that has a initial fork for the two channels and it works fine.
The problem is that I need to read data from the first, two or both tables depending if there is data to read. If there is data in the two tables it works, but if only there is data in one of the two tables, I have read problems. I have tryed to set the 'neccesary branches' to 1 but this is a problem when I have data in both tables.
Any idea?
Best Regards,
Alfredo Lagunar.Hi,
have your fork step inside a block and then right-click your block to insert a deadline branch to your BPM process and specify the time after which your BPM process should be cancelled.....so if in that time, you get data from both tables, your BPM will work okay otherwise if that time is over, then your BPM process will be cancelled.
Regards,
Rajeev Gupta -
What is the easiest way to access the router from an iPad? I have no problems accessing it from my laptop. Even though I am entering the address in the left address box, not the Google search box, it wants to do either a search, or add www to the beginning of the IP address.
I usually can eventually access the router, but it is way to much trouble. However, I use my iPad hundreds of times more often than my laptop.Are you typing http:// in front of the IP address of the router? e.g. http://192.168.0.1
Sometimes, and with some routers it doesn't seem to like it if you miss off the http:// -
Problem reading data from nested internal table.
Hi,
Below is my code;
*********SAP Code********
TYPES: BEGIN OF v54a0_scdd,
fknum LIKE vfkk-fknum,
change LIKE vfkkd-updkz,
x TYPE v54a0_scd,
y TYPE v54a0_scd,
tvtf LIKE tvtf,
END OF v54a0_scdd.
SCD table for dialog
TYPES: v54a0_scdd_tab TYPE v54a0_scdd OCCURS 1.
*********SAP Code********
*Custom declaration*****
data: wa_freight_costs type v54a0_scdd_tab.
data: it_freight_costs type v54a0_scdd_tab occurs 0.
*****Here data is getting appended to it_freight_costs. P_frieght_costs is coming from standard program.
move p_freight_costs TO wa_FREIGHT_COSTS.
append wa_freight_costs to it_freight_costs.
clear wa_freight_costs.
***Now the problem is here. I am not able to read the data from the nested internal table x-item.
if i use <fs_f_costs> to move data from it_freight_costs in the outer loop, i get a syntax error; <i> "the line type of the table it_freight_costs is not compatible with field symbol type <fs_f_costs>" </i>
FIELD-SYMBOLS: <fs_f_costs> type line of v54a0_scdd_tab.
LOOP AT it_freight_costs assigning <fs_f_costs>.
LOOP AT <fs_f_costs>-x-item ASSIGNING <fs_freight_item>.
<b> I want to read <fs_freight_item>-vfkp-netwr.</b>
ENDLOOP.
Can anyone guide me?A quick look at how I would do this. Note I haven't checked if this compiles just done a quick brain-dump.
DATA: lr_f_costs TYPE REF TO v54a0_scdd_tab,
lr_f_cost TYPE REF TO v54a0_scdd.
LOOP AT it_freight_costs REFERENCE INTO lr_f_costs.
LOOP AT lr_f_costs->* REFERENCE INTO lr_f_cost.
ENDLOOP.
ENDLOOP.
As you can see I personally prefer pointers to field symbols - I don't believe there is any performance differences and because of my background in other languages pointers make more sense to me.
Cheers
Graham Robbo -
I installed a new (and supposedly better & stronger) router from my ISP provider (Verizon) and now I can't find my Time Capsule or "Guest" network.
My Mac is not backing up because it can't find my Time Capsule network & my "Guest" network has also disappeared.
What do I need to do to correct this problem?You must reset the TC to factory and start over. The TC simply remembers too much from the previous setup to work in the new one.
If your new router is going to take the router role, then the TC will have to be bridged and you will lose your Guest wireless.. the way around this is to use the Verizon router as your guest wireless and the TC as your main wireless.
The Factory Reset Gen1-4.
Unplug your TC. Hold in reset. and power the TC back on.. without releasing reset for about 10sec. When the status light flashes rapidly; release it.
Be Gentle! Feel the switch click on. It has a positive feel.. add no more pressure after that.
TC will reboot after a couple of minutes with default factory settings and will wipe out previous configurations.
No files are deleted on the hard disk.. No reset of the TC deletes files.. to do that you use erase from the airport utility.
Factory reset Gen 5
Hold in reset for about 5sec until the status light flashes quickly.
If your AirPort Time Capsule still doesn’t respond, do a similar reset to the Gen1-4.
Unplug your AirPort Time Capsule .. hold in reset and power the TC back on.. without releasing the reset.. wait until status led flashes rapidly. -
Problem in Selecting the data from EKPO and KONV tables
Hi Experts,
Presently I am working on Report with Comparision-Sheet Between the vendor's Quotations. I have to display the Discount, Freight, Packing and Forwarding, Vat in Item level data based on the conditions made in PO.
As per my Knowledge, Condition Types are stored in KONV Table. But there is no relation between KONV and EKPO tables. So, I am unable to print the data for Discount, Freight, Packing and Forwarding, Vat... How can I get the values from EKPO and KONV tables?
Thanks in Advance.
Thanks n Regards,
Muralikrishna.Don't recall if this is correct, but you may need the condition number from the header (EKKO) combined with EKPO-EBELP or other field as you key to access KONV (KNUMH and KPOSN). My site doesn't run PP, so can't verify if the data is actually stored that, so just a possibility.
Maybe you are looking for
-
I see songs such as "Monday, Monday" or "Paint It, Black" or even the artist name such as "Fireballs, with Jimmy Gilmer" which have comma's in them, being a problem when I try to do the following: 1. Export a playlist which contains songs which are a
-
A light is blinking very fast, I tried to reset the Apple TV, but it keep blinking. I tried to unplug teh powercord, tried to push the menu and down buttons, but still no results.
-
I tried to find it on the web unable.
-
Building report from more than one data model
Hi Experts, I have a requirement to build a report in BI Publisher. The report has three section each having their own data source. When i try to create report in BI Publisher it allows me to associate one data model per report. is it feasible to hav
-
JDeveloper 11.1.1.1 - PPR for pie graph is not working
I built a simple ADF page with DEPARTMENTS (Read-only Form) and EMPLOYEES (Read-only Table). For the EmployeesView (VO) I added an addiitional pie chart to the page with SALARY as value and LAST_NAME for the slices. The first strange thing I got is a