[c-nsp] 7600 VRF BGP dynamic route leaking

[William Jackson]

Gents

I have a dynamic route leaking working ** in that the routes seem to propagate properly. But traffic doesn't flow across the vrf boundary.

I have a 7600 with a VRF and a CPE router downstream in the VRF.
The global learns a default BGP route from an upstream iBGP peer = 192.168.10.50


I have in my VRF an import policy that will import ONLY that default into the VRF:
vrf definition CPE-Management
!
Rd 200:123456
address-family ipv4
  import ipv4 unicast map default-route-only
  route-target export 200:989898
  route-target import 200:989898
exit-address-family
!

This does indeed works and imports the route into my VRF:

sh ip bgp vpnv4 vrf CPE-Management 0.0.0.0
BGP routing table entry for 8301:989898:0.0.0.0/0, version 77
Paths: (1 available, best #1, table CPE-Management)
  Not advertised to any peer
  Refresh Epoch 1
  65535 8301, imported path from 0.0.0.0/0 (global)
    192.168.10.50 (metric 10) from 192.168.10.50 (192.168.10.50)
      Origin IGP, metric 0, localpref 100, valid, internal, no-import, no-import, best
      rx pathid: 0, tx pathid: 0x0

I then leak a loopback I have inside the VRF to the default table.
sh ip bgp 172.18.2.6
BGP routing table entry for 172.18.2.6/32, version 93881
Paths: (1 available, best #1, table default)
Multipath: iBGP
  Additional-path-install
  Advertised to update-groups:
     1          16
  Refresh Epoch 1
  Local, imported path from 200:989898:172.18.2.6/32 (CPE-Management)
    172.18.2.6 from 0.0.0.0 (192.168.10.20)
      Origin incomplete, metric 0, localpref 100, weight 32768, valid, external, best
      Extended Community: RT:200:989898
      rx pathid: 0, tx pathid: 0x0


There are no ACLs involved.
Inside the VRF I can ping freely between CPE and PE.

But from inside the VRF I cannot ping against an IP in the global table even setting the source as the exported loopback.

Any ideas?

thanks