[c-nsp] How not to redistribute statics into VRFs/BGP

ChrisSerafin chris at chrisserafin.com
Mon Mar 30 12:33:13 EDT 2009


ChrisSerafin wrote:
> That does sound correct, I will schedule some testing time, thanks for 
> your input!
>
> David Freedman wrote:
>> Chris, the key thing here are the vrf address-families
>> "> address-family ipv4 vrf xxxx-Voice" e.g
>>
>> Imagine these like the equivalent of the normal ipv4 address-family, but
>> for each VRF process.
>>
>> These do not currently have "redistribute static" in them so you can
>> quite safely install "ip route vrf xxxx-Voice 0.0.0.0 0.0.0.0 x.x.x.x"
>> and then this will not be injected into the VRF through BGP until you
>> add "redistribute static" into the appropriate address-family
>>
>> if I'm reading your post right?
>>
>>
>>
>> ChrisSerafin wrote:
>>  
>>> I have a Sprint MPLS cloud for which they extend the VRF configs 
>>> down to
>>> the CE. I am in the middle of divesting a section of these MPLS
>>> routers/subnets off of the main cloud and onto their own VRFs. I
>>> essentially want to start by making a handfull of the sites, change
>>> their default route for Internet. Normally I would just add a new 
>>> static
>>> route and then NOT use 'redistribute static' in the BGP config, but 
>>> this
>>> whole VRF is new to me.
>>>
>>> Any thoughts would be great! Thanks:
>>>
>>> ip cef
>>> !
>>> !
>>> ip vrf xxxx-General
>>> rd 1:10
>>> route-target export 1:10
>>> route-target import 1:10
>>> !
>>> ip vrf xxxx-Guest
>>> rd 1:30
>>> route-target export 1:30
>>> route-target import 1:30
>>> !
>>> ip vrf xxxx-Voice
>>> rd 1:20
>>> route-target export 1:20
>>> route-target import 1:20
>>> !
>>>
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> interface Loopback0
>>> ip address 10.10.10.10 255.255.255.255
>>> !
>>> !
>>> interface GigabitEthernet0/0
>>> description [ Link to Core Switch ]
>>> no ip address
>>> duplex auto
>>> speed auto
>>> !
>>> interface GigabitEthernet0/0.1
>>> description [ VLAN 1 - General xxxx Data VLAN ]
>>> encapsulation dot1Q 1 native
>>> ip vrf forwarding xxxx-General
>>> ip address 10.120.64.1 255.255.255.0
>>> ip virtual-reassembly
>>> !
>>> interface GigabitEthernet0/0.100
>>> description [ VLAN 100 - General xxxx Voice VLAN ]
>>> encapsulation dot1Q 100
>>> ip vrf forwarding xxxx-Voice
>>> ip address 10.121.64.1 255.255.255.0
>>> !
>>> interface GigabitEthernet0/0.200
>>> description [ VLAN 200 - General xxxx Guest VLAN ]
>>> encapsulation dot1Q 200
>>> ip vrf forwarding xxxx-Guest
>>> ip address 172.16.10.1 255.255.255.0
>>> !
>>> !
>>> interface Serial0/0/0:1
>>> no ip address
>>> encapsulation frame-relay
>>> shutdown
>>> frame-relay lmi-type ansi
>>> !
>>> interface Serial0/1/0
>>> description [ Sprint MPLS Circuit ]
>>> no ip address
>>> encapsulation frame-relay
>>> frame-relay lmi-type ansi
>>> service-policy output VOIP-WAN
>>> !
>>> interface Serial0/1/0.310 point-to-point
>>> description [ MPLS VRF - Data VLAN ]
>>> ip vrf forwarding xxxx-General
>>> ip address 10.150.1.37 255.255.255.252
>>> snmp trap link-status
>>> frame-relay interface-dlci 310  !
>>> interface Serial0/1/0.410 point-to-point
>>> description [ MPLS VRF - Voice VLAN ]
>>> ip vrf forwarding xxxx-Voice
>>> ip address 10.151.1.37 255.255.255.252
>>> snmp trap link-status
>>> frame-relay interface-dlci 410  !
>>> interface Serial0/1/0.510 point-to-point
>>> description [ MPLS VRF - Guest VLAN ]
>>> ip vrf forwarding xxxx-Guest
>>> ip address 10.152.1.37 255.255.255.252
>>> snmp trap link-status
>>> frame-relay interface-dlci 510  !
>>> router eigrp 217
>>> no auto-summary
>>> !
>>> address-family ipv4 vrf xxxx-General
>>>  network 10.11.0.0 0.0.0.255
>>>  network 10.120.64.0 0.0.0.255
>>>  no auto-summary
>>>  autonomous-system 19
>>> exit-address-family
>>> eigrp router-id 1.1.1.2
>>> eigrp event-logging
>>> !
>>> router bgp 65010
>>> bgp log-neighbor-changes
>>> neighbor 10.150.1.38 remote-as 1803
>>> neighbor 10.150.1.38 password 7 153E020A1xx373C3627
>>> neighbor 10.150.1.38 version 4
>>> !
>>> address-family ipv4
>>>  neighbor 10.150.1.38 activate
>>>  no auto-summary
>>>  no synchronization
>>> exit-address-family
>>> !
>>> address-family ipv4 vrf xxxx-Voice
>>>  neighbor 10.151.1.38 remote-as 1803
>>>  neighbor 10.151.1.38 password 7 0328520Dxx205F5A0C0B
>>>  neighbor 10.151.1.38 version 4
>>>  neighbor 10.151.1.38 activate
>>>  no synchronization
>>> exit-address-family
>>> !
>>> address-family ipv4 vrf xxxx-Guest
>>>  neighbor 10.152.1.38 remote-as 1803
>>>  neighbor 10.152.1.38 password 7 013F0F024xx071C35495C
>>>  neighbor 10.152.1.38 version 4
>>>  neighbor 10.152.1.38 activate
>>>  no synchronization
>>> exit-address-family
>>> !
>>> address-family ipv4 vrf xxxx-General
>>>  neighbor 10.150.1.38 remote-as 1803
>>>  neighbor 10.150.1.38 password 7 047702001xx4D5D1D1C17
>>>  neighbor 10.150.1.38 version 4
>>>  neighbor 10.150.1.38 activate
>>>  no synchronization
>>>  network 10.120.64.0 mask 255.255.255.0
>>> exit-address-family
>>>
>>>
>>> thanks,
>>>
>>> Chris
>>>
This router is currently using it's own egress point for Internet, which 
is what I am trying to change. Their is a static route for the correct 
VRF, and points to the next hop which is a layer 2 hop out the 
'internal' interface on the router. BGP is running for the VRF's EIGRP 
is configured but not working since the upstream ISP is not listening 
(wasn't me!)

ip route vrf Chmbr-General 0.0.0.0 0.0.0.0 10.120.24.2 ! This is an ASA 
on the 'LAN' for this site
ip route vrf Chmbr-General 10.0.0.0 255.0.0.0 Serial0/1/0.310

So I remove the static route pointing to 10.120.24.2 and point it to the 
remote MPLS spoke, 10.120.24.2.

ip route vrf Chmbr-General 0.0.0.0 0.0.0.0 10.120.112.2 ! This is a 
different FW at a remote MPLS spoke
ip route vrf Chmbr-General 10.0.0.0 255.0.0.0 Serial0/1/0.310


Traceroutes after the change show that it is using the main egress route 
going out the US, which is a gateway of last resort being propagated via 
BGP/VRF. I was hoping that the static route I added would take 
precedence over any BGP route, even though the new default route to 
10.120.112.2 goes out to the cloud to get to the other remote MPLS spoke.

Any Ideas?







More information about the cisco-nsp mailing list