Routing

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

Re-advertise direct leaked routes to other routers in VRF

  • 1.  Re-advertise direct leaked routes to other routers in VRF

    Posted 08-25-2021 15:39

    I have a simple configuration with two MXes.

    R1 have two routing instances with type vrf: InstanceA and InstanceB
    R2 have only InstanceB vrf.

    I've leaked some routes from InstanceA to InstanceB route table on R1 (and i see that route in InstanceB.inet.0 table on R1).
    But i don't see that routes on R2 in InstanceB route table.

    Is it possible to re-advertise this routes to R2 ?



    ------------------------------
    Vlad Sol
    ------------------------------


  • 2.  RE: Re-advertise direct leaked routes to other routers in VRF

    Posted 08-26-2021 09:09

    Hi Vlad, 

    im not sure about your topology, but if this is an l3vpn, i think you might be missing the option "VRF-table-label".

    Try it out, if this still doesnt work, please share the config of your VRFs + show route advertising-protocol bgp x.x.x.x. 



    ------------------------------
    GABRIEL FLORES
    ------------------------------



  • 3.  RE: Re-advertise direct leaked routes to other routers in VRF

    Posted 08-26-2021 11:17
    vrf-table-label is set.

    ok.
    Def {
        instance-type vrf;
        interface lo0.1;
        route-distinguisher 16000:16100;
        vrf-import def-import;
        vrf-export def-export;
        vrf-target target:16000:16100;
        vrf-table-label;
    }

    Internet {
        instance-type vrf;
        interface ge-0/0/3.0;
        interface lo0.2;
        route-distinguisher 16000:16000;
        vrf-export Internet-export;
        vrf-target target:16000:16000;
        vrf-table-label;
        routing-options {
          interface-routes {
            rib-group inet Internet-to-Def;
          }
          auto-export;
        }
        protocols {
          bgp {
            group Uplinks {
              neighbor 222.103.80.1 {
              description AS9604;
              export AS16000-Export;
              peer-as 9604;
              }
            }
          }
        }
    }

    rib-groups {
        Internet-to-Def {
          import-rib [ Internet.inet.0 Def.inet.0 ];
          import-policy rib-Internet-to-Def;
        }
        Def-To-Internet {
          import-rib [ Def.inet.0 Internet.inet.0 ];
          import-policy Def-to-Inet-Pol;
        }
    }

    user@vmx3# show policy-options policy-statement rib-Internet-to-Def
    term 1 {
        from {
          route-filter 222.103.80.23/32 exact;
        }
        then {
          community add DefCommunity;
          accept;
        }
    }
    term 2 {
        then reject;
    }


    user@vmx3# run show route table Def.inet.0

    Def.inet.0: 6 destinations, 9 routes (6 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    222.103.80.23/32 *[Direct/0] 20:06:07
    > via lo0.2
    222.103.80.43/32 *[Direct/0] 1d 18:25:41
    > via lo0.1

    user@vmx3# run show route table Def.inet.0 222.103.80.23 detail

    Def.inet.0: 6 destinations, 9 routes (6 active, 0 holddown, 0 hidden)
    222.103.80.23/32 (1 entry, 1 announced)
    *Direct Preference: 0
    Next hop type: Interface
    Address: 0x68218c
    Next-hop reference count: 3
    Next hop: via lo0.2, selected
    State: <Secondary Active Int>
    Age: 20:10:34
    Validation State: unverified
    Task: IF
    Announcement bits (1): 0-KRT
    AS path: I
    Communities: target:16000:16100
    Primary Routing Table Internet.inet.0

    user@vmx3# run show route table Def.inet.0 advertising-protocol bgp 222.103.80.1

    Def.inet.0: 6 destinations, 9 routes (6 active, 0 holddown, 0 hidden)
    Prefix Nexthop MED Lclpref AS path
    * 222.103.80.43/32 Self 100 I


    222.103.80.23/32 is not advertising :(



    ------------------------------
    Vlad Sol
    ------------------------------



  • 4.  RE: Re-advertise direct leaked routes to other routers in VRF

    Posted 08-26-2021 12:31

    Hi Vlad, 

    this is my bad, i thought this was a PE to PE advertisement, the reality is that you are leaking direct routes between two VRFs in the same PE (this is achieved through the rib-group + auto-export), then you are trying to export that direct route learned from VRFB (DEF) to the CE of VRFA (internet) using BGP. 

    something like this:

    if the above statement and topology are accurate, then this is working as expected, the lo0.1 on VRFB is 222.103.80.43


    user@vmx3# run show route table Def.inet.0

    Def.inet.0: 6 destinations, 9 routes (6 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    222.103.80.23/32 *[Direct/0] 20:06:07
    > via lo0.2
    222.103.80.43/32 *[Direct/0] 1d 18:25:41  <<< local lo0 of instance Def
    > via lo0.1

    Def {
    instance-type vrf;
    interface lo0.1;             <<<<<<<<
    route-distinguisher 16000:16100;
    vrf-import def-import;
    vrf-export def-export;
    vrf-target target:16000:16100;
    vrf-table-label;
    }

    from the command you shared the route is being exported:

    user@vmx3# run show route table Def.inet.0 advertising-protocol bgp 222.103.80.1

    Def.inet.0: 6 destinations, 9 routes (6 active, 0 holddown, 0 hidden)
    Prefix Nexthop MED Lclpref AS path
    * 222.103.80.43/32 Self 100 I

    important to clarify, you are stating that 23 is not being exported, but on the same command you are filtering by table "def.inet.0", ".23" is not part of "def.inet.0", lo0.2 is installed over VRF Internet.

    try it this way:

    show route advertising-protocol bgp 222.103.80.1        << do no specify the table def, you are running this neighborship over VRF internet.

    if we check the config of VRF internet:


    Internet {
    instance-type vrf;
    interface ge-0/0/3.0;
    interface lo0.2;
    route-distinguisher 16000:16000;
    vrf-export Internet-export;
    vrf-target target:16000:16000;
    vrf-table-label;
    routing-options {
    interface-routes {
    rib-group inet Internet-to-Def;
    }
    auto-export;
    }
    protocols {
    bgp {
    group Uplinks {
    neighbor 222.103.80.1 {  <<<< the neighbor that you are advertising the route 
    description AS9604;
    export AS16000-Export;
    peer-as 9604;

    if you still dont see the route exported, check the policy:

    AS16000-Export <<<

    if you are still unable to export the direct route, even when you have vrf-table-label, i think the use of an aggregate/static route will be needed. 



    ------------------------------
    GABRIEL FLORES
    ------------------------------



  • 5.  RE: Re-advertise direct leaked routes to other routers in VRF

    Posted 08-26-2021 16:46

    I tried to visualize the desired result :)



    ------------------------------
    Vlad Sol
    ------------------------------



  • 6.  RE: Re-advertise direct leaked routes to other routers in VRF

    Posted 08-26-2021 20:08

    Vlad, 

    from your config the leaking of routes is already achieved, the only part missing is the export of 222.103.80.23 to the BGP neighbor of instance "Internet" right?.

    if this is the case, pretty sure you just need to fix your export policy configured in the BGP group. 

     




    ------------------------------
    GABRIEL FLORES
    ------------------------------



  • 7.  RE: Re-advertise direct leaked routes to other routers in VRF

    Posted 08-26-2021 20:08
    Hi,

    are we talking about L3VPN/MPLS using MP-iBGP, with the routes you are talking about in vpnv4 AFI/SAFI ?
    If so, then your red arrow is wrong.

    On R1 there's one local_only red arrow from VRF Internet to VRF Def (managed by either auto-export (best/easy choice) or rib-group (complicated choice)).
    Then you have a second red arrow between R1/VRF Internet and R2/VRF Def.

    How is it done?
    In your policy «def-export», you should have a first, specific term to match your lo0.2 prefix (protocol direct + route-filter match, by example) with action accept and community add for both route targets (rt:16000:16000 and rt:16000:16100).

    By the way this would take care too of the local import/export / the local_only red arrow, using auto-export, so no need of ribgroup anymore.



    ------------------------------
    Olivier Benghozi
    ------------------------------