
MPLS Layer 3 VPNs | Central Services | Same PE
Hello All;
I am confused about a point that Brian stressed in the ATC Video (ATC, MPLS Layer 3 VPNs and VPNv4 BGP … Time in 43:50) - I am hoping someone can help shed some light.
The topic was Centeral services type config, and he was stressing that you cannot locally leak routes for two VRFs on the same PE. I am not sure about if his point was specifically without the use for MP-BGP or not, but for some reason I get the feeling that his point was including the use of MP-BGP.
Why I am confused, is because I was able to leak routes from one VRF to another on the same PE, simply but importing the RT that was being exported.…so I am not sure why I was able to....or maybe I have missed understood the point Brian was trying to make.
Here are the configs / outputs from my testing on R4. Single PE, multiple vrfs just like the ATC topology:
ip vrf A
rd 150.1.4.4:1
!
ip vrf B
rd 150.1.4.4:2
!
ip vrf D
rd 150.1.4.4:4
!
router eigrp 22334
no auto-summary
!
address-family ipv4 vrf B
network 10.0.0.0
no auto-summary
autonomous-system 10
exit-address-family
!
router ospf 200
mpls ldp autoconfig area 0
log-adjacency-changes
network 10.0.0.0 0.255.255.255 area 0
network 150.0.0.0 0.255.255.255 area 0
!
router rip
!
address-family ipv4 vrf A
redistribute bgp 200 metric 7
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 200
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.5.5 remote-as 200
neighbor 150.1.5.5 update-source Loopback0
neighbor 150.1.6.6 remote-as 200
neighbor 150.1.6.6 update-source Loopback0
!
address-family ipv4
neighbor 150.1.5.5 activate
neighbor 150.1.6.6 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 150.1.5.5 activate
neighbor 150.1.5.5 send-community extended
neighbor 150.1.6.6 activate
neighbor 150.1.6.6 send-community extended
exit-address-family
!
address-family ipv4 vrf D
neighbor 192.10.1.254 remote-as 254
neighbor 192.10.1.254 password CISCO
neighbor 192.10.1.254 activate
no synchronization
exit-address-family
!
address-family ipv4 vrf B
redistribute eigrp 10
no synchronization
exit-address-family
!
address-family ipv4 vrf A
redistribute rip metric 2
no synchronization
exit-address-family
!
>>
>> The Routes per vrf before adding the appropriate Route Targets
>>
Rack1R4#show bgp vpnv4 unicast vrf D
BGP table version is 68, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 150.1.4.4:4 (default for vrf D)
*> 205.90.31.0 192.10.1.254 0 0 254 ?
*> 220.20.3.0 192.10.1.254 0 0 254 ?
*> 222.22.2.0 192.10.1.254 0 0 254 ?
Rack1R4#
Rack1R4#
Rack1R4#
Rack1R4#
Rack1R4#
Rack1R4#
Rack1R4#
Rack1R4#
Rack1R4#show bgp vpnv4 unicast vrf A
BGP table version is 68, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 150.1.4.4:1 (default for vrf A)
*> 10.1.104.0/24 0.0.0.0 0 32768 ?
*> 150.1.10.0/24 10.1.104.10 2 32768 ?
Rack1R4#
>>
>> Add the appropriate Route Targets
>>
Rack1R4#config t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R4(config)#ip vrf D
Rack1R4(config-vrf)#route-target export 1:6
Rack1R4(config-vrf)#
*Feb 21 23:09:26.573: %BGP-5-ADJCHANGE: neighbor 192.10.1.254 vpn vrf D Down VRF config change
Rack1R4(config-vrf)#ip vrf A
Rack1R4(config-vrf)#route-
Rack1R4(config-vrf)#route-target import 1:6
Rack1R4(config-vrf)#end
>>
>> Show the vrf routes
>>
Rack1R4#show bgp vpnv4 unicast vrf A
BGP table version is 77, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 150.1.4.4:1 (default for vrf A)
*> 10.1.104.0/24 0.0.0.0 0 32768 ?
*> 150.1.10.0/24 10.1.104.10 2 32768 ?
*> 205.90.31.0 192.10.1.254 0 0 254 ?
*> 220.20.3.0 192.10.1.254 0 0 254 ?
*> 222.22.2.0 192.10.1.254 0 0 254 ?
Rack1R4#
Comments
Last time I dealt with this, I was working on a 7200 with multiple VRFs and no VPNv4 active. Adding the export/import policies didn't get the desired effect, but then putting connected/static redistribution into the VPNv4 address families got things working as desired.