[c-nsp] VRF Route-leaking question

Mihai Tanasescu mihai at duras.ro
Sun Jan 13 13:13:14 EST 2008 

>> The problem:
> 
> The configuration below was not copy+pasted from an IOS configuration.
> It's usually a very good idea to do just that, and not try writing it in
> hand. The initial command for configuring a VRF is "ip vrf <name>", not
> just "vrf <name>" and IOS doesn't use shorthand itself.

Sorry for that..I wanted to avoid giving private information from my config.

My scenario only uses local VRFs (VRF-lite) so I thought there was no
need to import from myself.

The idea was to have:

Router Distribution (Client group 1 + exchange routes + default route 1)
 --->  BW limitting machine 1 layer 2 ---> Router Core

Router Distribution (Client group 2 + exchange routes + default route 2)
 --->  BW limitting machine 2 layer 2 ---> Router Core


> Try looking at the routing table after leaking, with a "show ip route
> vrf bbb". It should show your Gi1/1 as connected, learned via BGP. Same
> goes for VRF aaa and Gi1/2. You should be able to ping local interfaces
> too.
> 
> This difference between a local and non-local address could maybe point
> at something like FIB-problems. What does "show mls cef vrf bbb
> 192.168.1.1" show?
> 


The config + info you required:


interface GigabitEthernet1/34
 ip vrf forwarding vrf_metro
 ip address 86.104.125.9 255.255.255.0

interface Port-channel2
 ip vrf forwarding vrf_test
 ip address 79.134.32.181 255.255.255.252

ip vrf vrf_test
 rd 43930:35137
 route-target export 43930:35137 - client1 group
 route-target import 43930:43930 - metro
 route-target import 43930:65000 - default route 1

ip vrf vrf_metro
 rd 43930:43930
 route-target export 43930:43930 - metro
 route-target import 43930:35137 - client 1 group
 route-target import 43930:65400 - client 2 group

The other RT imports are either the VRF with default_route1,
default_route2 or other test scenarios.

Similar imports are configured in the other VRFs.


#sh ip ro vrf vrf_test 86.104.125.0
Routing Table: vrf_test
Routing entry for 86.104.125.0/24
  Known via "bgp 43930", distance 20, metric 0 (connected, via
interface), type external
  Routing Descriptor Blocks:
  * directly connected, via GigabitEthernet1/34
      Route metric is 0, traffic share count is 1
#sh ip ro vrf vrf_metro 86.104.125.0
Routing Table: vrf_metro
Routing entry for 86.104.125.0/24
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Redistributing via bgp 43930
  Advertised by bgp 43930
  Routing Descriptor Blocks:
  * directly connected, via GigabitEthernet1/34
      Route metric is 0, traffic share count is 1

#ping vrf vrf_metro 86.104.125.9

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 86.104.125.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
#ping vrf vrf_metro 86.104.125.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 86.104.125.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

#ping vrf vrf_test 86.104.125.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 86.104.125.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/50/52 ms
#ping vrf vrf_test 86.104.125.9

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 86.104.125.9, timeout is 2 seconds:
..
Success rate is 0 percent (0/2)

and the loop appears in the logs.

The CEF part:

86.104.125.9, 2 etc are from vrf_metro


#show mls cef vrf vrf_test 86.104.125.2

Codes: decap - Decapsulation, + - Push Label
Index  Prefix              Adjacency
1006   86.104.125.2/32     Gi1/34          , 000e.0cba.8cba

#show mls cef vrf vrf_metro 86.104.125.2

Codes: decap - Decapsulation, + - Push Label
Index  Prefix              Adjacency
434    86.104.125.2/32     Gi1/34          , 000e.0cba.8cba

and for the IP on the interface: 86.104.125.9

#show mls cef vrf vrf_test 86.104.125.9

Codes: decap - Decapsulation, + - Push Label
Index  Prefix              Adjacency
444    86.104.125.9/32     receive

#show mls cef vrf vrf_metro 86.104.125.9

Codes: decap - Decapsulation, + - Push Label
Index  Prefix              Adjacency
432    86.104.125.9/32     receive


Sorry for the long email.
Any idea what's happening or what am I doing wrong ?



-
Mihai

More information about the cisco-nsp mailing list