[c-nsp] route table lookup on leaking between vrfs

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Thu Dec 13 00:44:14 EST 2007 

Pshem Kowalczyk <> wrote on Wednesday, December 12, 2007 9:22 PM:

> On 12/12/2007, Oliver Boehmer (oboehmer) <oboehmer at cisco.com> wrote:
> 
> {cut}
> 
>>> In non-vrf situation I would use next-hop-self before advertising
>>> the /16 to all the other peers, that would force the lookup on the
>>> router that knows about the /24s. Is there a way to do this lookup
>>> when the routes are leaked between vrfs?
>> 
>> No, this is not possible unless you are creating an aggregate on a PE
>> somewhere (which would set the next-hop accordingly and allocate an
>> aggregate label to do the 2nd lookup). Why don't you just import the
>> /24 into the Server vrf as well? you could use communities to tag
>> them and not advertise them beyond the PEs if you worry about it.
> 
> 
> Sounds like a good plan. In fact we have much more then a bunch of
> routes (currently there are about 3k prefixes) and we try to simplify
> that. Do we need to do anything more then the simple aggregate-address
> statement for the the /16 in the Internal vrf?

Well, yes: Make sure this aggregate is actually creating an aggregate
(i.e. make sure noone else advertises this /16). Take a look at the
label for this /16 and check if it is an aggregate label on the router
originating it.

> Since the whole setup is a bit like hub-and-spoke (there is one main
> hub and a few smaller ones, but great majority of data flows through
> the main hub) can I originate default into that vrf and simplify the
> routing even more (this way the main hub would attract all of the
> traffic that doesn't have a more specific route)? The slight problem
> might be that the hub currently has a default already (it's filtered
> out on all of the minor hubs and spokes, as only the directly
> connected devices need it).

Well, it depends on the topology. If you want the traffic flow "CE1 -
PE1 - PEhub - PE2 - CE2", you need to make sure that the label PE1
follows towards PEhub is an aggregate label to force PEhub to do an
addtl. IP lookup in the VRF. This can be achieved using a BGP aggregate.
If you just enter a static 0/0 on PEhub, this will allocate a "regular"
label. IOS doesn't allow you to do "aggregate-address 0.0.0.0 0.0.0.0",
so this can be tricky..  
If your Internet gateway is connected to the PEhub as a CE, you can have
the CE originate the 0/0, but then the traffic might take a detour (i.e.
"CE1 - PE1 - PEhub - GW-CE - PEhub - PE2 - CE2").

	oli

More information about the cisco-nsp mailing list