[c-nsp] vpnv4 export map question
cisconsp at secureobscure.com
cisconsp at secureobscure.com
Fri Nov 18 03:46:33 EST 2011
Good morning,
I have a peering PE router with a VRF for internet use. This peering router
has between 8 and 25 routes in V999:INTERNET at any given time, it is not
taking a full feed, just default plus a few specifics.
vrf definition V999:INTERNET
address-family ipv4
export map RM_PERMIT_DEFAULT_ROUTE_SET_RT999
route-target import 649X:999
maximum routes 500 80
exit-address-family
ip prefix-list PREFIX_MATCH_DEFAULT_ROUTE seq 10 permit 0.0.0.0/0
route-map RM_PERMIT_DEFAULT_ROUTE_SET_RT999 permit 10
match ip address prefix-list PREFIX_MATCH_DEFAULT_ROUTE
set extcommunity rt 649X:999 additive
route-map RM_PERMIT_DEFAULT_ROUTE_SET_RT999 deny 20
! This should be implicit, but added to clarity.
The intent of the configured export map is to ensure that it only sends the
default route to the route reflector, for import at downstream PE routers.
The default route is correctly advertised with the RT specified in the route
map:
RR# show ip bgp vpnv4 rd X.X.X.X:999 0.0.0.0
7018
12.89.169.XX from 12.89.169.XX (12.122.124.XX)
Origin IGP, metric 0, localpref 100, valid, external, best
Extended Community: RT:649X:999
mpls labels in/out 106/nolabel
However the PE is actually advertising ALL of its routes in the VRF to the
VPNv4 RRs, without a route target extended community value:
RR#show ip bgp vpnv4 rd X.X.X.X:999 32.0.0.0
7018 2686, (received & used)
12.89.169.xx from 12.89.169.xx (12.122.124.xx)
Origin IGP, localpref 100, valid, external, best
mpls labels in/out 227/nolabel
Is there some misconfiguration with the export map? Why is the 32.0.0.0/8
prefix being advertised to the RR? Why doesnt the export map filter it out?
I apologies if I am misunderstanding the purpose of an export map. Perhaps
there is another mechanism to accomplish this?
As always I appreciate your time. Thanks,
John
More information about the cisco-nsp
mailing list