[c-nsp] Adding connected routes in a VRF

Nick Griffin nick.jon.griffin at gmail.com
Mon Dec 8 15:50:05 EST 2008


You have to manually add host routes as the next hop since you can't add the
router itself, another solution I found that work was this:

"BGP Support for ipv4 Prefix Import". This for me worked well, you just need
to make sure that the prefixes you wish bring in from the Global Table exist
in the BGP GRT RIB, see example below:

ip vrf VRF1
import ipv4 unicast map GLOBAL->VRF
!
router bgp 1
redistribute connected route-map CONNECTED->BGP metric 5
!
address-family ipv4 vrf VRF1
!
interface vlan X
ip address 1.1.1.1 255.255.255.0
!
ip prefix-list GLOBAL->VRF permit 1.1.1.0/24
!
route-map GLOBAL->VRF
match ip address prefix GLOBAL->VRF
!
route-map CONNECTED->BGP
match interface vlan X

The other gotcha that seemed to irritate me a bit is that when you apply the
ipv4 map to the VRF to filter your global routes, this also seems to filter
prefixes imported via other RT's as well.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc2273a/1



On Mon, Dec 8, 2008 at 2:27 PM, <jason.plank at comcast.net> wrote:

> I would hope so. :)
>
> --
> Regards,
>
> Jason Plank
> CCIE #16560
> e: jason.plank at comcast.net
>
>  -------------- Original message ----------------------
> From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
> > Ross Vandegrift <> wrote on Monday, December 08, 2008 20:31:
> >
> > > ip route 10.0.0.0 255.255.255.0 Vlan1234
> > >
> > > However, there's a syntax ambiguity when you place this in a VRF,
> > > since this is how you leak traffic out of a VRF:
> > >
> > > ip route vrf foobar 10.0.0.0 255.255.255.0 Vlan1234
> > > % For VPN routes, must specify a next hop IP address if not a
> > > point-to-point interface
> > >
> > > Is there any way to get the global table behavior in a VRF?
> >
> > No, the next-hop address is required..
> >
> >       oli
> >
> > P.S: I guess we would also require this for global if we implemented
> > this today..
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list