[c-nsp] Sanely leaking a locally sourced default route from one VRF into another
Jason Lixfeld
jason at lixfeld.ca
Tue Dec 11 11:17:09 EST 2012
Hi folks,
I have an edge-facing PE router that has a full table inside vrf inet. That edge PE speaks MP-BGP as an RR to a few other PEs that don't have the capacity to handle a full table but need access to the world via vrf inet. Those PEs receive internal+default from this edge PE to facilitate that reachability. This default route is a static default to null 0 with a network statement for 0.0.0.0. This all takes place on said edge-PE and works fine and dandy.
The issue now is that I have vrf resi that I need to anchor to this edge-facing PE router and vrf resi needs access to the world via vrf inet too. The other devices inside vrf resi could be considered managed CEs for all intents and purposes. These managed CEs speak ISIS to the PEs, so I use default-information originate inside the ISIS process in vrf resi to give the CEs a clue.
I've leaked the default from inet into resi using a combination of 'import route-target' statements and 'import map' statements on the PEs as required.
What's happening though is that inside vrf resi on the edge-PE, the leaked default from vrf inet is pointing to null 0. This effectively black holes the traffic inside vrf resi when the desired behaviour was to use that leaked default to pull traffic from vrf resi into vrf inet where it has a longer match to the destination:
*Dec 11 01:05:47.362: IP: s=200.0.0.1 (FastEthernet2/1), d=13.13.13.13, len 100, input feature
*Dec 11 01:05:47.362: ICMP type=0, code=0, MCI Check(62), rtype 0, forus FALSE, sendself FALSE, mtu 0
*Dec 11 01:05:47.366: FIBipv4-packet-proc: route packet from FastEthernet2/1 src 200.0.0.1 dst 13.13.13.13
*Dec 11 01:05:47.366: FIBfwd-proc: resi:0.0.0.0/0 proces level forwarding
*Dec 11 01:05:47.370: FIBfwd-proc: depth 0 first_idx 0 paths 1 long 0(0)
*Dec 11 01:05:47.370: FIBfwd-proc: try path 0 (of 1) v4-ap-Null0 first short ext 0(-1)
*Dec 11 01:05:47.370: FIBfwd-proc: v4-ap-Null0 valid
*Dec 11 01:05:47.370: FIBfwd-proc: Null0 no nh type 3 - deag
*Dec 11 01:05:47.370: FIBfwd-proc: ip_pak_table 2 ip_nh_table 65535 if Null0 nh none deag 1 chg_if 0 via fib 0 path type attached prefix
*Dec 11 01:05:47.370: FIBfwd-proc: resi:0.0.0.0/0 not enough info to forward via fib (Null0 none)
*Dec 11 01:05:47.370: FIBipv4-packet-proc: packet routing failed
*Dec 11 01:05:47.370: IP: tableid=2, s=200.0.0.1 (FastEthernet2/1), d=13.13.13.13 (Null0), routed via RIB
*Dec 11 01:05:47.370: ICMP: dst (13.13.13.13) host unreachable sent to 200.0.0.1
So obviously my methodology is flawed. Is there a better way for me to do this?
Thanks in advance for any insight.
More information about the cisco-nsp
mailing list