[c-nsp] route table lookup on leaking between vrfs
Pshem Kowalczyk
pshem.k at gmail.com
Thu Dec 13 03:33:24 EST 2007
On 13/12/2007, Oliver Boehmer (oboehmer) <oboehmer at cisco.com> wrote:
{cut}
> > Sounds like a good plan. In fact we have much more then a bunch of
> > routes (currently there are about 3k prefixes) and we try to simplify
> > that. Do we need to do anything more then the simple aggregate-address
> > statement for the the /16 in the Internal vrf?
>
> Well, yes: Make sure this aggregate is actually creating an aggregate
> (i.e. make sure noone else advertises this /16). Take a look at the
> label for this /16 and check if it is an aggregate label on the router
> originating it.
Will do. In this particular case the /16 is only advertised from one
CE so it shouldn't be a big problem.
> > Since the whole setup is a bit like hub-and-spoke (there is one main
> > hub and a few smaller ones, but great majority of data flows through
> > the main hub) can I originate default into that vrf and simplify the
> > routing even more (this way the main hub would attract all of the
> > traffic that doesn't have a more specific route)? The slight problem
> > might be that the hub currently has a default already (it's filtered
> > out on all of the minor hubs and spokes, as only the directly
> > connected devices need it).
>
> Well, it depends on the topology. If you want the traffic flow "CE1 -
> PE1 - PEhub - PE2 - CE2", you need to make sure that the label PE1
> follows towards PEhub is an aggregate label to force PEhub to do an
> addtl. IP lookup in the VRF. This can be achieved using a BGP aggregate.
> If you just enter a static 0/0 on PEhub, this will allocate a "regular"
> label. IOS doesn't allow you to do "aggregate-address 0.0.0.0 0.0.0.0",
> so this can be tricky..
> If your Internet gateway is connected to the PEhub as a CE, you can have
> the CE originate the 0/0, but then the traffic might take a detour (i.e.
> "CE1 - PE1 - PEhub - GW-CE - PEhub - PE2 - CE2").
Well, that's what we have pretty much now - the internet gateway is a
CE and the situation where the traffic goes over to the GW-CE and back
is not really an option. We want to make the PEhub the hub for all
traffic, including the way out to the internet.
If a static route doesn't work and that's what I found on the web
regarding the aggregate:
#aggregate-address 0.0.0.0 0.0.0.0
% Aggregating to create default makes no sense,
use a network statement instead.
;-)
Any suggestions how (if at all) this can be resolved)? I don't thing
that using orginate-default in the vpnv4 family will do us any good
either ...
kind regards
Pshem
More information about the cisco-nsp
mailing list